Send Gates

Beyond consent and suppression, several regulatory checks run at send time. Orbit groups them as send gates: each one can hold or drop a message or call before it dispatches. This page covers the gates you configure or query directly. All endpoints below are rooted at https://api.orbit.devotel.io/api/v1/compliance.

Some gates (DNC, RND) depend on data feeds that are off by default and rely on your own integration or feed. The endpoints return a disabled response until you enable them. This page is not legal advice — confirm your TCPA/FCC obligations with counsel.

Quiet hours

Quiet-hours rules block messages and calls that would land outside a recipient’s permitted local hours (e.g. the TCPA 8 am–9 pm window). Orbit resolves the recipient’s local time from their phone number’s region. GET /quiet-hours/preview tells you whether a send is allowed right now, and when the next allowed time is — use it to schedule around the window.

curl "https://api.orbit.devotel.io/api/v1/compliance/quiet-hours/preview?phone=%2B14155550101&channel=sms" \
  -H "Authorization: Bearer $ORBIT_API_KEY"

{
  "allowed_now": false,
  "local_hour": 22,
  "local_timezone": "America/Los_Angeles",
  "window_start_local": "08:00",
  "window_end_local": "21:00",
  "next_allowed_at": "2026-06-09T15:00:00.000Z",
  "reason": "outside_window",
  "channel": "sms"
}

Query param	Notes
`phone`	E.164 (required).
`channel`	`sms`, `mms`, `whatsapp`, `rcs`, `viber`, `telegram`, `voice`, `email`, etc.
`timezone_override`	Optional IANA timezone if you already know it.

Default windows are 08:00–21:00 for SMS/voice and 09:00–21:00 for WhatsApp/Meta channels; email, fax, and push are not quiet-hours gated.

DNC — Do Not Call

GET /dnc/check reports whether a number is on a Do-Not-Call list before you dial or text it.

curl "https://api.orbit.devotel.io/api/v1/compliance/dnc/check?phone=%2B14155550101" \
  -H "Authorization: Bearer $ORBIT_API_KEY"

When enabled it returns:

{
  "on_dnc": true,
  "source": "suppression_list",
  "jurisdictions": ["US"],
  "federal_feeds_synced": false
}

The source indicates which layer flagged the number (your contact DNC flag, the DNC list, the suppression list, or a consent opt-out).

DNC checking is gated behind the org setting dnc_sync_enabled (default off). While disabled the endpoint returns 403 DNC_SYNC_NOT_ENABLED. Orbit does not sync federal DNC feeds on your behalf — federal_feeds_synced is always false.

RND — Reassigned Numbers Database

US phone numbers get reassigned to new people. The FCC’s Reassigned Numbers Database lets you check whether a number was disconnected after the date you obtained consent — a “safe harbor” against texting or calling the wrong person. GET /rnd/check takes the phone and the consent_date (YYYY-MM-DD):

curl "https://api.orbit.devotel.io/api/v1/compliance/rnd/check?phone=%2B14155550101&consent_date=2025-01-15" \
  -H "Authorization: Bearer $ORBIT_API_KEY"

{
  "status": "permanently_disconnected",
  "safe_harbor": false,
  "consent_date": "2025-01-15",
  "feed_synced": false
}

status is no_data, active, or permanently_disconnected. Gated behind rnd_scrub_enabled (default off); returns 403 RND_SCRUB_NOT_ENABLED while disabled.

RMD — Robocall Mitigation Database

US voice originators must file a Robocall Mitigation Database registration describing their STIR/SHAKEN status and mitigation plan. Orbit stores and tracks your filing.

GET /rmd — read your registration plus a recertification block with renewal_deadline and action_required.
POST /rmd — create or update the filing.
POST /rmd/submit → status submitted.
POST /rmd/certify → status active.
POST /rmd/remediation (with a reason) → status remediation_required.
POST /rmd/resolve → back to active.
POST /rmd/withdraw → status withdrawn.

curl -X POST https://api.orbit.devotel.io/api/v1/compliance/rmd \
  -H "Authorization: Bearer $ORBIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "company_name": "Acme Communications Inc",
    "business_address": "1 Market St, San Francisco, CA",
    "stir_shaken_status": "partial",
    "mitigation_plan": "Known-customer vetting + traceback cooperation…",
    "contact_name": "Jordan Lee",
    "contact_email": "compliance@acme.example"
  }'

stir_shaken_status is complete, partial, or none. A mitigation_plan is required unless status is complete. The lifecycle is draft → submitted → active → remediation_required → active | withdrawn.

Emergency stop

The emergency stop is an org-wide kill switch that immediately halts all outbound SMS, MMS, voice, and dialer traffic — use it during an incident (a misconfigured campaign, a compromised key, a content mistake).

# Activate
curl -X POST https://api.orbit.devotel.io/api/v1/compliance/emergency-stop/activate \
  -H "Authorization: Bearer $ORBIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "reason": "Suspected list contamination — pausing all sends" }'

# Check
curl https://api.orbit.devotel.io/api/v1/compliance/emergency-stop \
  -H "Authorization: Bearer $ORBIT_API_KEY"

# Deactivate
curl -X POST https://api.orbit.devotel.io/api/v1/compliance/emergency-stop/deactivate \
  -H "Authorization: Bearer $ORBIT_API_KEY"

GET /emergency-stop returns the current active flag plus activated_at, activated_by, and reason. Activation and deactivation require an admin/owner key.

While the emergency stop is active, every outbound message and call for the organization is blocked, including transactional and OTP traffic. Deactivate as soon as the incident is resolved.

Preference center

The preference center is a public, token-signed page where a contact manages their own channel opt-ins, message frequency, and (if enabled) requests data deletion — without logging in. Updates flow straight into consent, suppression, and the STOP-fence. Configure it once, then generate a per-contact link:

POST /preference-center (admin/owner) — set branding, the channels offered, frequency options, and the GDPR-delete toggle.
GET /preference-center — read the current config.
POST /preference-center/link with { "contactId": "cnt_…" } — mint a signed link (HMAC-SHA256, 30-day TTL) to email or text to the contact.

The contact then uses the public link (GET/PUT /preferences/{token}) to view and update their preferences. Opting out here records a consent revocation, adds a suppression entry, and sets the STOP-fence; opting back in reverses it. Requesting deletion files a DSAR on the contact’s behalf.

Country rules

GET /country-rules is the read-only regulatory reference behind these gates — per country and channel it reports the allowed sender types, whether Sender-ID registration is none / recommended / required, STOP-keyword requirements, two-way support, DLR support, and default throughput.

curl "https://api.orbit.devotel.io/api/v1/compliance/country-rules?channel=sms&region=EU" \
  -H "Authorization: Bearer $ORBIT_API_KEY"

Use it to understand, before you launch in a market, what each destination requires.

Opt-Out & Suppression Lists — the suppression layer DNC and the preference center feed.
Consent Management — the consent records updated by the preference center.
Sender-ID Registration — the registration country-rules reports as required.
API Reference → Compliance — full request/response schemas (regenerated from the live API).

​Send Gates

​Quiet hours

​DNC — Do Not Call

​RND — Reassigned Numbers Database

​RMD — Robocall Mitigation Database

​Emergency stop

​Preference center

​Country rules

​Related references

Send Gates

Quiet hours

DNC — Do Not Call

RND — Reassigned Numbers Database

RMD — Robocall Mitigation Database

Emergency stop

Preference center

Country rules

Related references