TelVox · Connect
React to every call, from your own code.
TelVox calls your endpoints as call state changes — over signed, SSRF-safe, allow-listed egress. Custom headers, JSON templates, retries and encrypted secrets included. Subscription management is in preview.
// illustrative — shape may differ at GA
// TelVox POSTs to the URL you configured, with your custom headers
POST https://your.app/hooks/telvox
X-TelVox-Signature: t=1718900000,v1=9f86d081...
X-TelVox-Event: call-start
{
"event": "call-start",
"call_sid": "CA8a1b...",
"from": "+14155550100",
"to": "+14155550199",
"direction": "inbound",
"occurred_at": "2026-06-22T15:04:01Z"
}The lifecycle
Nine real events, fired as a call moves.
These are the lifecycle events the platform emits today — not a wishlist. Subscribe to the ones your application cares about.
Lifecycle events
- web-form
- call-start
- hangup
- no-agent
- disposition
- callback
- queued
- abandoned
- voicemail-left
Delivery & security
Built on the egress that already runs Dial.
The events, retries, encrypted secrets, SSRF-safe allow-list and inbound injection are real and shipped. The self-serve subscription-management REST surface is in preview.
Nine lifecycle events
Subscribe to the real events that fire as a call moves: web-form, call-start, hangup, no-agent, disposition, callback, queued, abandoned and voicemail-left — all shipped in Dial today.
Custom headers & JSON templates
Attach custom headers and shape the payload with JSON templates, so deliveries fit the contract your endpoint already expects. Send sync or async.
Retry, rate-limit & timeout
Deliveries retry on failure, respect rate limits and honor timeouts, so a slow or briefly down endpoint doesn't lose events or hammer your service.
Encrypted secrets, signed delivery
Per-subscription signing secrets are stored encrypted, and every delivery is signed so you can verify it came from TelVox and reject replays.
Per-org SSRF-safe allow-list
Egress goes only to hosts on your organization's allow-list, with an SSRF guard that blocks internal and metadata addresses — the same safe egress that powers Dial's integrations.
Inbound event injection
Push leads and events back into TelVox over a token plus IP-allowlisted inbound endpoint, so your systems can drive flows — a real, shipped capability.
Honest status
The events ship today; self-serve subscriptions are preview.
The nine lifecycle events, custom headers, JSON templates, retry / rate-limit / timeout handling, encrypted secrets, the per-org SSRF-safe allow-list and token plus IP-allowlisted inbound injection are all real and running in Dial today — configured through the integration catalog. What is in developer preview is the self-serve REST surface for managing your own webhook subscriptions; the snippet here is illustrative and may change before GA.
Questions
Webhooks FAQ
The nine real lifecycle events that fire today in Dial: web-form, call-start, hangup, no-agent, disposition, callback, queued, abandoned and voicemail-left. These aren't placeholders — they're the events the platform already emits. The self-serve REST surface for managing subscriptions is in preview.
Deliveries only go to hosts on your organization's allow-list, behind an SSRF guard that refuses internal, loopback and cloud-metadata addresses. Each delivery is signed so you can verify authenticity and reject replays, and signing secrets are stored encrypted. This is the same hardened egress that runs Dial's integrations.
Deliveries retry on failure, respect rate limits and honor a timeout, so transient slowness or a brief outage doesn't drop events. Acknowledge fast with a 200 and do heavy processing out of band — verify the signature first, enqueue the payload, then return.
Yes. There's a real inbound injection path, protected by a token plus an IP allow-list, for pushing leads and events back into the platform so your systems can drive flows. The outbound subscription-management API and inbound shapes shown here are illustrative — exact fields may change before GA.
Wire call events into your systems.
Join the developer preview and we'll set up event delivery to your endpoints over signed, SSRF-safe egress.