Overview
Webhooks allow you to receive HTTP POST notifications when events occur in your Voicy account. When a call ends, Voicy sends the full call data — transcript, summary, extracted variables, and more — to your server in real time. Each agent supports up to 5 webhooks, all firing in parallel. Use them to push call data to your CRM, analytics platform, or any custom integration.Creating a Webhook
Open Agent Settings
In the Voicy Dashboard, navigate to your agent and open the Settings tab. Scroll down to the Webhooks section and expand it.
Add a Webhook
Click the + button to add a new webhook. Fill in the fields:
Click Add to save.
| Field | Required | Description |
|---|---|---|
| Name | Yes | A label to identify this webhook (e.g. “CRM”, “Analytics”, “Slack”) |
| URL | Yes | The HTTPS endpoint that will receive POST requests |
| Signing Secret | No | A secret string for HMAC-SHA256 signature verification |
| Custom Headers | No | Key-value pairs added to every request (e.g. Authorization: Bearer <token>) |
Deploy the Agent
Webhooks are part of the agent configuration. After adding or modifying webhooks, deploy the agent for changes to take effect on phone calls.
Changes take effect immediately for web (test) calls, but phone calls use the deployed version.
Managing Webhooks
- Edit — Click the pencil icon on any webhook to change its name, URL, or secret. Leave the secret field blank to keep the existing secret.
- Delete — Click the trash icon to remove a webhook.
- Limit — Up to 5 webhooks per agent. The badge shows your current count (e.g. “2/5”).
Custom Headers
Custom headers let you attach arbitrary HTTP headers to every webhook request — useful when your receiving endpoint requires authentication (e.g.Authorization: Bearer <token>) or a vendor-specific API key header.
Limits: Up to 10 headers per webhook. Names must be valid RFC 7230 tokens. Values cannot contain line breaks.
Reserved headers that cannot be overridden: Content-Type, x-voicy-event, x-voicy-signature, Host, Content-Length, Transfer-Encoding.
Security: Header values are stored server-side and never returned by the API (same treatment as signing secrets). When editing a webhook, leave all value fields blank to preserve the existing headers.
Events
call_ended
Fired after all post-call processing completes (summary generation, variable extraction, email notifications). The payload contains the full call data in the same format as the Get Call API.
Headers:
| Header | Description |
|---|---|
| Custom headers | Any headers configured for this webhook, sent before the Voicy system headers |
Content-Type | application/json |
x-voicy-event | Event name (call_ended) |
x-voicy-signature | HMAC-SHA256 signature (only if signing secret is configured) |
Handling Webhooks
When your server receives a webhook, respond with a200 status code to acknowledge receipt. Here’s a minimal handler:
Signature Verification
If a signing secret is configured, each webhook request includes anx-voicy-signature header containing an HMAC-SHA256 signature of the raw request body. Always verify signatures in production to ensure requests are genuinely from Voicy.
Behavior
| Property | Value |
|---|---|
| Method | POST |
| Timeout | 5 seconds |
| Retries | None (fire-and-forget) |
| Content-Type | application/json |
| Parallel | All agent webhooks fire simultaneously |