June 2026

What Building a Text-Message App Taught Me About Enterprise Plumbing

I finished a small tool in June: text a doctor’s name and a location to a phone number, and it replies with the carriers — drawn from network data received directly from the carriers — that recognize that provider. Text back a carrier, and it returns the networks where that doctor, hospital, or medical group is contracted. It is the follow-up to an Apple Shortcut I promoted on a continuing-education webinar, rebuilt for the channel brokers and their clients already live in: text messages. The build taught me more about enterprise infrastructure than anything else I have shipped in years — not because the AI was hard, but because everything around the AI was where the real work lived.

Compliance is a product feature, not paperwork

If you want to send application-to-person text messages in the United States, you register with the carriers under a framework called A2P 10DLC. You register your brand. You register your campaign. You document how a person opts in, what they receive, and how they opt out.

Here is the part nobody tells you: approval is an audit of your entire funnel, not a review of your form. Our campaign was rejected roughly eight times before it cleared — and those were AI-assisted submissions. The rejection that taught me the most: the public opt-in page — the page a reviewer visits to verify the consent flow — returned an error. The application was fine. The messaging logic was fine. A routing entry had silently dropped out of a config file, and the one URL a reviewer would check went dark. Nothing in the system flagged it, because nothing in the system was responsible for the reviewer’s experience.

The lesson generalizes. In regulated industries, compliance is not a document you attach at the end. It is a user journey that has to work end to end, and it deserves the same monitoring as the product itself.

Enterprise data partners trust networks, not just keys

The provider data behind the tool comes from an enterprise data source, and that partner does not hand out access on an API key alone. They whitelist IP addresses. If your requests do not originate from a fixed, known address, you do not get data, no matter how valid your credentials are.

That single requirement drove more architecture than any feature did. Serverless and consumer-grade hosting hand you a different address every day. Supporting a static origin means deliberate choices about where services live and how traffic leaves the building. It is unglamorous, and it is exactly the kind of constraint that separates a demo from a system an enterprise will connect to.

If you are evaluating AI vendors, this is a useful tell. Ask where their traffic originates and how they authenticate to their data sources. The answer tells you whether they have ever integrated with a real enterprise.

Encrypted channels are old news that stay newsworthy

None of the services in this system accept a direct connection from the open internet. Traffic arrives through an encrypted tunnel, terminates at a private machine, and inbound ports stay closed. None of this is novel. It is decades-old discipline. But every breach headline is a reminder that the basics are the story. When I demo this tool to insurance people, the architecture slide draws more questions than the AI slide — and it should.

Authentication fails silently, so test the seams

A late bug: the search endpoint rejected every request that carried a perfectly valid token. The token was correct. The header carrying it was not — one side of the integration expected a different authentication scheme than the other side was sending. Ten minutes to fix. Most of a day to find, because every component looked healthy in isolation.

Integration failures live in the seams. Test the chain, not the links.

Why this matters for insurance

The industry does not lack AI ideas. It lacks people who have carried an idea through carrier compliance, partner security reviews, and enterprise data agreements — and who know that the last ten percent of plumbing is half the project. That is what building teaches that strategy decks cannot.