Skip to content
Inkbox

Inkbox

ContactDocs

Jump to

Webhooks

Webhooks let you receive HTTP POST callbacks for phone number events. Configure a webhook URL directly on your phone number via PATCH /numbers/{phone_number_id} — no separate webhook CRUD is needed.

Event types

EventDescription
incoming_callAn inbound call was received on the phone number

Configuring webhooks PATCH

PATCH /numbers/{phone_number_id}

To enable webhooks, set incoming_call_action to "webhook" and provide an incoming_call_webhook_url on the phone number.

Request body

FieldTypeDescription
incoming_call_actionstringSet to "webhook" to enable webhook callbacks for incoming calls
incoming_call_webhook_urlstringHTTPS endpoint to receive webhook POSTs

Request example

JSONJSON

Code examples

Incoming call webhook

When an incoming_call event fires, Inkbox sends a signed POST request to the configured webhook URL. Your endpoint must respond with an action instructing Inkbox how to handle the call:

JSONJSON

Response fields

FieldTypeDescription
actionstring"answer" to accept the call, "reject" to decline
client_websocket_urlstringWebSocket URL that Inkbox connects to for the call. Can carry text or audio, depending on how the connection is configured. Falls back to the phone number's configured client_websocket_url if omitted.

Verifying webhook signatures

Inkbox signs every webhook payload with your organization's signing key. Create or rotate your key via the Signing Keys API. Three headers are included with each request:

HeaderDescription
X-Inkbox-Request-IDUnique request identifier
X-Inkbox-TimestampUnix timestamp (seconds)
X-Inkbox-Signaturesha256=<hex_digest> HMAC-SHA256 signature

The signature input is: {request_id}.{timestamp}.{raw_body}

To verify a webhook:

  1. Check the timestamp is within 300 seconds of the current time
  2. Reconstruct the signed message: {X-Inkbox-Request-ID}.{X-Inkbox-Timestamp}.{raw_body}
  3. Compute the HMAC-SHA256 using your organization's signing key
  4. Compare the hex digest with the sha256=... value from the header

Python verification example

PythonPython

Disabling webhooks

To stop receiving webhooks, update the phone number to remove the webhook URL and change the action:

JSONJSON

Inkbox

Copyright © 2026 Inkbox

This site is protected by reCAPTCHA.

Google Privacy Policy and Terms of Service apply.

Website

HomeContactDocs

Legal

Privacy PolicyTerms of Service

Contact

hello@inkbox.ai292 Main Street, Cambridge, MA 02142

Inkbox

Copyright © 2026 Inkbox

This site is protected by reCAPTCHA.

Google Privacy Policy and Terms of Service apply.

Website

HomeContactDocs

Legal

Privacy PolicyTerms of Service

Contact

hello@inkbox.ai292 Main Street, Cambridge, MA 02142