> ## Documentation Index
> Fetch the complete documentation index at: https://ownpay.org/docs/llms.txt
> Use this file to discover all available pages before exploring further.

> ## Agent Instructions
> OwnPay is licensed under AGPL-3.0 and is completely free - no licensing fees.
> Production docs URL: https://ownpay.org/docs - append .md to any page URL for clean markdown.
> OwnPay requires PHP 8.3+, MySQL/MariaDB, and Redis.
> MCP server available at https://ownpay.org/docs/mcp for programmatic documentation queries.
> Use root-relative links (e.g. /quickstart) for internal navigation - do NOT include /docs prefix.
> Plugin development: consult /developer/plugin-types/ pages for correct interfaces and manifests.

# Retrieve SMS Filter Rules

> Retrieves the dynamic privacy configuration, whitelisted senders, and positive/negative keywords.
The companion app uses this to screen incoming SMS locally before transmitting payloads to the server, protecting customer privacy.




## OpenAPI

````yaml /api/mobile_api.yaml get /api/mobile/v1/config/filter-rules
openapi: 3.1.0
info:
  title: OwnPay Mobile Companion App API
  description: >
    The OwnPay Mobile API is exposed exclusively to the paired mobile companion
    application.

    It contains endpoints to complete initial device pairing, submit heartbeats
    to report online statuses, refresh authentication tokens, upload received
    SMS messages (supporting batch processing up to 200 items), fetch pending
    outbound SMS queues, acknowledge push notifications, and retrieve dashboard
    statistics.


    ### Security and Cryptography

    - Except for `/api/mobile/v1/devices` (bootstrap pairing) and
    `/api/mobile/v1/devices/token-refreshes` (token refresh), all endpoints
    require authentication using a JSON Web Token (JWT) in the HTTP
    `Authorization` header.
      ```http
      Authorization: Bearer <jwt_access_token>
      ```
    - Device fingerprints are checked during token refreshes.

    - Endpoints are brand-scoped; data visibility is restricted to the specific
    brand/merchant.
  version: 1.0.0
servers:
  - url: https://{brand_domain}
    description: Master brand domain hosting OwnPay gateway.
    variables:
      brand_domain:
        default: ownpay.org
        description: The domain of the specific white-labeled gateway.
security:
  - JWTAuth: []
paths:
  /api/mobile/v1/config/filter-rules:
    get:
      summary: Retrieve SMS Filter Rules
      description: >
        Retrieves the dynamic privacy configuration, whitelisted senders, and
        positive/negative keywords.

        The companion app uses this to screen incoming SMS locally before
        transmitting payloads to the server, protecting customer privacy.
      operationId: getSmsFilterRules
      responses:
        '200':
          description: Dynamic filter rules.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SmsFilterRulesResponse'
components:
  schemas:
    SmsFilterRulesResponse:
      type: object
      properties:
        success:
          type: boolean
          example: true
        data:
          type: object
          properties:
            version:
              type: integer
              example: 1
            updated_at:
              type: string
              format: date-time
              example: '2026-06-23T14:15:45Z'
            allowed_senders:
              type: array
              items:
                type: string
              example:
                - bKash
                - Nagad
                - '16247'
            positive_keywords:
              type: array
              items:
                type: string
              example:
                - received
                - credited
                - TrxID
                - Tk
                - BDT
            negative_keywords:
              type: array
              items:
                type: string
              example:
                - OTP
                - PIN
                - password
                - verify
            check_interval_hours:
              type: integer
              example: 24
  securitySchemes:
    JWTAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: Enter your Short-lived access JWT token.

````

## Related topics

- [Submit Received SMS](/docs/api-reference/submit-received-sms.md)
- [List SMS Templates](/docs/api-reference/list-sms-templates.md)
- [List Outbound SMS Queue](/docs/api-reference/list-outbound-sms-queue.md)
- [List Refunds](/docs/api-reference/list-refunds.md)
- [List Transactions](/docs/api-reference/list-transactions.md)
