TAWI PRODUCT OVERVIEW
Tawi is a Kenyan based software development company specializing in mobile
technologies. These include short codes, bulk SMS, USSD, electronic airtime and
location based services (LBS). Tawi is licensed by the Communications Authority of Kenya
(CA) as a Content Service Provider.
Tawi is a Premium Rate Service Provider (PRSP) with Mobile Network Operators
(MNOs). This implies that she offers SMS and USSD services through these network
This document serves to give an overview of the Gateway modules developed by Tawi.
These are software modules that aggregate MNO services and offer remote connectivity
through web services (API) and account management through a website portal.
Specifically there are four gateways available:
The following illustration gives an insight into the architecture of the gateways.
The following are the features which are generally available on the gateways:
i. Support for Short Code and Bulk SMS routing, USSD routing, airtime top-up
and location querying.
ii. Delivery Reports. This is to indicate the status of an instruction on the web
service. Some of the statuses include Delivery Success, Delivery Failure and
iii. Queries. These include finding out the status of a message as well as the
credit balance. For example, a client application can query the status of an
SMS at any time through the web API.
iv. Control Panel. An account holder is able to manage his or her account
through a control panel. The control panel is a web based interface that is
password protected. Upon logging in, the account holder can view and edit
his or her own account as well as do content management. Searching by
source address, destination or message content is also available.
v. Reporting. This is achieved through various means. Upon logging in to an
account, a user has access to a graphical report of activity. Various graphs
and charts are utilized. Email reports are also available. The user sets the
frequency and email destination to which these reports are sent.
vi. Documentation. Documents such as this one and the Developer API in order
to assist with understanding and integration with the gateways.
vii. Knowledge Base. Frequently asked questions (FAQ) and other pertinent
information are gathered into a knowledge base that allows for solutions to a
wide range of topics. This knowledge base will be published on the website
as well as put in documents for download.
viii. Export Data. The gateways allow for exporting of data in PDF and Microsoft®
Excel 2007 format (OOXML).
ix. Training, Support and Maintenance. Account holders are provided with
technical and commercial support through phone, email and chat. A mailing
list is used to broadcast general messages such as schedules for maintenance.
The system is reviewed often and improvements are made with minimal or
no disruption to existing services.
x. Secure Hosting. Tawi’s server side data is always hosted in an extremely
secure manner. Presently it utilizes the Safaricom Cloud telehouse facility
which meets the most stringent environmental and security requirements for
housing telecommunications equipment. These include 24 hour camera
surveillance, fire and surge suppression, redundant power and data backup.
The firm leverage open source technologies for their strength and cost
xi. Developer Test Bed. A free simulation of the sending and receiving of data is
provided with each account. The format of the interface calls is identical to
the live usage. The only difference is that it does not use real traffic but
instead simulates interaction with the MNO. This allows for integration
testing without the cost of real SMS.
xii. Extended Security. Some of the features here include SSL over HTTP
(HTTPS) and web certificates. Data may be optionally be encrypted with a
cipher between the client and server. This will prevent the following
a. Interception of data en route
b. Prevent manipulation of data en route
c. Defend against IP source routing, (one host sending packets as if they
came from somewhere else)
d. DNS spoofing (an attacker forging name server records)
xiii. Auditing and Certification. The firm has taken steps to have its software and
systems audited by a qualified CISA practitioner. It further intends to achieve
other reviews including penetration tests. Various ISO certifications will be