How Two-Way SMS Account Management Works

Source: autosoft-workshop/app/controllers/company_sms_global_accounts_controller.rb

All SMS account management endpoints require admin access; the show and update actions additionally require superuser status
API key and secret are displayed in a masked format showing only the last 4 characters — the full values are never exposed in the UI
Activation is blocked if the account is already active; activation also requires an active subscription and is restricted to specific countries
A one-time setup fee is charged on activation unless it has been waived; the Chargify billing component name varies by region (AU vs UK vs US)
Disabling two-way SMS clears the stored API credentials and sends a cancellation email to the company
The update action ignores API key and secret values that still contain the mask (asterisks) — this prevents accidentally overwriting real credentials with the display mask
API key and secret have a minimum length of 16 characters

"I can't see the full API key" → by design, only the last 4 characters are visible; the full key cannot be retrieved from the UI
"I'm trying to activate two-way SMS but it says already active" → the account is already activated; no action needed unless they want to reset credentials
"We were charged a setup fee but were told it would be waived" → check if the waiver was applied before activation; the fee is charged during the activation step
"After disabling SMS, our credentials are gone" → disabling intentionally clears all stored credentials; they will need to re-enter them if reactivating
"I updated the API key but it didn't change" → if the submitted value still contained asterisks (the mask), the system ignored it to prevent corruption; they need to paste the actual full key