Skip to content

Integrations & Automation

Wire TelVox into your stack — both directions, safely.

Fire lifecycle webhooks, call any external API on call events, and inject leads straight into a campaign — every outbound request gated by a per-org allow-list. SSRF-safe by design.

webhooks · deliveryfiring
POSTdispositioncrm.acme.com/hooks200
POSTcall-startcrm.acme.com/hooks200
POSTvoicemail-leftops.acme.com/vm202
POSTabandonedcrm.acme.com/hooks200
POSTcallbackcrm.acme.com/hooks200
egress allow-list

Integrations & automation

Connect both directions — without opening a hole.

Push events out, pull leads in, and message from the panel — all behind the same allow-list and encryption posture as the rest of the platform.

Lifecycle webhooks

Fire on 9 events — web-form, call-start, hangup, no-agent, disposition, callback, queued, abandoned and voicemail-left — with custom headers and JSON payload templates.

Outbound API catalog

Call any external API on call events, with retry, rate-limit, timeout, sync / async modes and encrypted secrets — configured per integration, no code.

Inbound lead injection

Token-hashed, IP-allowlisted endpoints drop leads straight into a campaign or list with field mapping — your forms and partners feed the dialer directly.

SSRF-safe egress

Every outbound request is gated by a per-org host allow-list, so an integration can only ever reach the destinations you've approved.

Agent messaging

Send templated WhatsApp (Twilio or Meta) and email to leads from the agent panel, with lead-ownership checks enforced on every send.

Webhook events

  • web-form
  • call-start
  • hangup
  • no-agent
  • disposition
  • callback
  • queued
  • abandoned
  • voicemail-left

Questions

Integrations FAQ

Nine lifecycle events: web-form submission, call-start, hangup, no-agent, disposition, callback, queued, abandoned and voicemail-left. Each webhook supports custom headers and a JSON payload template, so you control exactly what gets sent.

Every outbound request — webhook or API-catalog call — passes through a per-org egress allow-list that blocks SSRF by restricting which hosts can be reached. Secrets are stored AES-256-GCM encrypted, and calls support retry, rate-limit and timeout controls.

Inbound injection endpoints authenticate with a hashed token and an IP allow-list, then map incoming fields onto your campaign or list. Only approved sources can push leads, and only to the destinations you configure.

Yes — agents can send templated WhatsApp (via Twilio or Meta) and email to leads from the panel. Lead-ownership checks run on every send, so agents can only message the leads assigned to them.

Bring the API you need to talk to.

We'll wire a webhook and an outbound API call live, and show the egress guard in action.