Webhook Integration Guide

9 min read

Developer Resources

Updated April 2025

James Wilson

Business Solutions Manager

James specializes in helping businesses build custom integrations for complex workflow scenarios.

Introduction to Webhooks

Webhooks provide a powerful way to integrate PhoneShield with custom systems and applications. Unlike traditional APIs where you have to poll for data, webhooks push information to your systems in real-time when specific events occur.

What are Webhooks?

Webhooks are user-defined HTTP callbacks that are triggered by specific events. When an event occurs in PhoneShield:

PhoneShield sends an HTTP POST request to your specified URL
The request contains a JSON payload with information about the event
Your server processes this data and responds
This happens in real-time, allowing for immediate reactions to events

Business Plan Feature

Webhook integration is available on Business and Enterprise plans. Standard plans have access to basic webhooks with limited event types and payload information.

Webhooks vs. API Integration

Webhook Benefits

Real-time updates - Instant notification when events occur
Reduced load - No need to constantly poll the API
Event-driven - React only when something happens
Simpler integration - Just provide an endpoint URL

When to Use REST API Instead

Data retrieval - When you need to fetch specific data on demand
Historical data - Accessing data from past events
Complex queries - When you need to filter or search data
Resource management - Creating or updating resources

Webhook Use Cases

Webhooks enable a wide range of custom integrations and automations. Here are some common use cases:

Real-time Call Notifications

Send immediate notifications to your internal systems when calls are received, completed, or require attention.

Custom CRM Integration

Automatically update your proprietary CRM or customer database with call data and conversation details.

Business Intelligence

Stream call data to your analytics platform to incorporate phone interactions into your business metrics.

Custom Workflow Automation

Trigger specific processes in your internal systems based on call events, topics, or outcomes.

Lead Distribution

Route leads captured through calls to your lead management system based on custom criteria.

Compliance and Record-keeping

Automatically archive call records and transcripts to your compliance management system.

Real-World Example: Custom Sales Pipeline Integration

A real estate company uses webhooks to integrate PhoneShield with their custom sales pipeline software:

When a potential buyer calls, PhoneShield's AI assistant gathers their requirements and contact information
When the call ends, a webhook triggers with the call data and transcript
Their custom system:
- Creates or updates the prospect's profile
- Uses AI to extract property requirements from the transcript
- Matches the requirements against their property database
- Automatically assigns the lead to an appropriate agent
- Schedules a follow-up task with property recommendations
The entire process happens within seconds of the call ending

Integration Ideas

Need inspiration? Our solutions team has compiled alibrary of webhook integration templatesfor different industries and business needs.

Setting Up Webhooks

Setting up webhooks in PhoneShield is straightforward. Follow these steps to create and configure your webhook endpoints:

Navigate to Integration Settings
Go to Dashboard {'>'} Integrations {'>'} Webhooks in your PhoneShield account.
Create a new webhook endpoint
Click 'Add Webhook' and provide your endpoint URL where data should be sent.
Select event types
Choose which events should trigger webhook notifications.
- Call events (received, completed, etc.)
- Transcription events
- Voicemail events
- System events
- User events
Configure security settings
Set up authentication and validation to secure your webhook connections.
Test the webhook
Use the test function to send a sample payload to your endpoint.
Enable the webhook
Activate the webhook once testing is successful.

Webhook Configuration Options

Basic Settings

Endpoint URL - Where to send webhook data
Description - Name/purpose of this webhook
Event types - Which events trigger this webhook
Status - Active/Inactive toggle

Advanced Settings

Secret key - For signature verification
Custom headers - Additional HTTP headers to include
Retry settings - How to handle failed deliveries
Filtering rules - Fine-grained control over when to trigger

Webhook Limits

Be aware of these limits when setting up webhooks:

Business plan: Up to 10 webhook endpoints, 100 requests per minute
Enterprise plan: Up to 50 webhook endpoints, 1,000 requests per minute
Payload size: Maximum 1MB per webhook request
Response time: Your endpoint should respond within 10 seconds
Retry policy: Failed webhooks are retried up to 5 times with exponential backoff

Available Event Types

PhoneShield webhooks can be triggered by various event types, allowing you to selectively receive notifications for specific activities:

Call Events

Events related to call lifecycle:

call.received - When a new call comes in
call.greeting - After AI greeting plays
call.screening - During active call screening
call.forwarded - When call is forwarded to user
call.completed - When call ends
call.summarized - When AI summary is generated

Transcription Events

Events related to call transcription:

transcription.started - Transcription begins
transcription.interim - Partial transcription available
transcription.completed - Full transcription ready
transcription.analyzed - AI analysis of transcript complete

Voicemail Events

Events related to voicemail handling:

voicemail.recorded - New voicemail received
voicemail.transcribed - Voicemail transcription complete
voicemail.read - User viewed the voicemail

System Events

Events related to system operations:

system.status - System status changes
system.error - System errors occur
system.maintenance - Scheduled maintenance alerts

Custom Event Filtering

Enterprise customers can create sophisticated event filters based on:

Call properties - Filter by caller phone number, area code, or country
AI analysis - Filter by detected topics, sentiment, or urgency
Time conditions - Only send webhooks during specific hours or days
Content matching - Filter based on specific phrases in the transcript
Logical operators - Combine multiple conditions with AND/OR logic

Example filter: Send webhook only for call.completed events where the call duration was over 2 minutes AND either "pricing" or "quote" was mentioned in the conversation.

Event Documentation

For a complete list of event types and their detailed payload structures, visit ourwebhook events documentation.

Webhook Payload Structure

When an event occurs, PhoneShield sends a JSON payload to your webhook endpoint. Understanding this structure is essential for processing the data correctly:

{
  "event_type": "call.completed",
  "timestamp": "2025-04-30T15:23:47Z",
  "version": "1.0",
  "environment": "production",
  "webhook_id": "whk_12345abcdef",
  "data": {
    "call_id": "call_9876543210",
    "phone_number": "+15551234567",
    "caller_number": "+15559876543",
    "caller_name": "John Smith",
    "call_start": "2025-04-30T15:21:32Z",
    "call_end": "2025-04-30T15:23:47Z",
    "duration_seconds": 135,
    "direction": "inbound",
    "status": "completed",
    "ai_handled": true,
    "forwarded": false,
    "summary": "John called about his recent order #12345 which hasn't arrived yet. The AI confirmed the order is in transit and provided the tracking number.",
    "topics": ["order status", "shipping", "tracking"],
    "sentiment": "neutral",
    "urgency": "medium",
    "transcription_url": "https://api.phoneshield.ai/v1/calls/call_9876543210/transcript",
    "recording_url": "https://api.phoneshield.ai/v1/calls/call_9876543210/recording",
    "metadata": {
      "customer_id": "cust_987654",
      "account_type": "premium",
      "source": "website"
    }
  }
}

Payload Structure Explained

Root Properties

event_type - The type of event that triggered the webhook
timestamp - When the event occurred (ISO 8601 format)
version - API version of the payload format
environment - "production" or "sandbox"
webhook_id - Unique identifier for the webhook configuration
data - Event-specific data object (varies by event type)

Common Data Properties

call_id - Unique identifier for the call
phone_number - Your PhoneShield number
caller_number - The caller's phone number
caller_name - Caller name if available
duration_seconds - Call duration in seconds
status - Current status of the call
summary - AI-generated call summary

Event-Specific Properties

Different event types include additional properties relevant to that event. For example:

transcription events include transcript text and confidence scores
voicemail events include voicemail duration and audio file links
analysis events include topics, sentiment, and intent classifications

Payload Handling

Your webhook endpoint should process events idempotently, as the same event may be delivered multiple times in case of retries. Always check for duplicate event processing by storing and checking event IDs.

Security Best Practices

Securing your webhook endpoints is crucial to prevent unauthorized access or data leaks. Follow these best practices:

Use HTTPS Endpoints
Always use HTTPS for your webhook endpoints to ensure data is encrypted in transit.
Implement Signature Verification
Validate the webhook signature included in headers to confirm authenticity of the request.
Apply IP Filtering
Restrict webhook reception to PhoneShield's IP address ranges for an added security layer.
Set Up Authentication
Use authentication tokens or API keys to secure your webhook endpoint.
Monitor Webhook Activity
Regularly review webhook delivery logs to detect unusual patterns or failures.
Rate Limit Your Endpoints
Implement rate limiting to protect against potential DoS attacks or webhook storms.

Webhook Signature Verification

PhoneShield signs each webhook request with an HMAC-SHA256 signature, allowing you to verify its authenticity:

When setting up a webhook, you'll generate a secret key
PhoneShield uses this key to create a signature of the request payload
The signature is sent in the X-PhoneShield-Signature header
Your server should:
- Compute the same signature using your secret key
- Compare it with the signature in the header
- Process the webhook only if signatures match

This ensures that:

The request genuinely came from PhoneShield
The payload wasn't tampered with in transit
The request isn't a replay of an earlier webhook

IP Whitelisting

For additional security, you can restrict webhook reception to PhoneShield's IP ranges:

Production: 192.168.1.0/24, 192.168.2.0/24
Sandbox: 192.168.3.0/24

Note: IP ranges may change. We recommend subscribing to ourstatus pagefor notifications about IP range updates.

Testing and Debugging

Before deploying your webhook integration to production, it's important to thoroughly test it to ensure it handles events correctly. PhoneShield provides tools to help with testing:

PhoneShield Test Console

Use the built-in testing tool in your dashboard to send test events to your webhook endpoint.

Webhook.site

A free online tool that provides a temporary URL for testing webhook deliveries and inspecting payloads.

RequestBin

Another popular service for debugging webhooks by capturing and inspecting incoming HTTP requests.

ngrok

Create secure tunnels to localhost for testing webhooks during development on your local machine.

Debugging Webhook Issues

Common webhook problems and solutions:

Webhook not being received

Verify the endpoint URL is correct
Check firewall settings that might block incoming requests
Confirm the webhook is enabled in your PhoneShield dashboard
Check logs for delivery attempts in webhook history

Signature verification failing

Confirm you're using the correct secret key
Ensure the signature calculation matches our documentation
Check for whitespace or encoding issues in the payload
Verify you're using the raw request body for verification

Server returning errors

Ensure your endpoint can handle the data volume
Check for parsing errors in your webhook handler
Verify your server responds with a 200 status quickly
Monitor server logs for detailed error messages

Webhook Logs

In your PhoneShield dashboard, you can view detailed logs of webhook deliveries including request payloads, response codes, and error messages under Integrations > Webhooks > Delivery Logs.

Implementation Examples

Here's a practical example of a webhook receiver implemented in Node.js with Express:

// Node.js webhook receiver example with Express
const express = require('express');
const crypto = require('crypto');
const app = express();

// For parsing JSON requests
app.use(express.json());

// Your webhook secret from PhoneShield dashboard
const WEBHOOK_SECRET = 'your_webhook_secret';

// Verify webhook signature
function verifySignature(payload, signature) {
  const hmac = crypto.createHmac('sha256', WEBHOOK_SECRET);
  const calculatedSignature = hmac.update(payload).digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(calculatedSignature, 'hex'),
    Buffer.from(signature, 'hex')
  );
}

app.post('/phoneshield-webhook', (req, res) => {
  const signature = req.headers['x-phoneshield-signature'];
  
  // Verify the webhook signature
  try {
    const isValid = verifySignature(
      JSON.stringify(req.body),
      signature
    );
    
    if (!isValid) {
      console.error('Invalid webhook signature');
      return res.status(401).send('Invalid signature');
    }
    
    // Process the webhook event
    const event = req.body;
    console.log('Received event:', event.event_type);
    
    switch(event.event_type) {
      case 'call.completed':
        handleCompletedCall(event.data);
        break;
      case 'transcription.completed':
        handleTranscription(event.data);
        break;
      // Handle other event types...
      default:
        console.log('Unhandled event type:', event.event_type);
    }
    
    // Always return a 200 response quickly
    res.status(200).send('Webhook received');
    
  } catch (error) {
    console.error('Error processing webhook:', error);
    res.status(500).send('Error processing webhook');
  }
});

function handleCompletedCall(callData) {
  // Implement your business logic here
  console.log('Processing completed call:', callData.call_id);
  // e.g., update CRM, send notification, etc.
}

function handleTranscription(transcriptionData) {
  // Process transcription data
  console.log('New transcription available:', transcriptionData.call_id);
  // e.g., analyze content, store in database, etc.
}

const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
  console.log(`Webhook server running on port ${PORT}`);
});

Key Implementation Practices

Respond quickly - Send a 200 response as soon as possible (ideally <1 second)
Process asynchronously - Handle time-consuming operations after responding
Verify signatures - Always validate the webhook signature before processing
Be idempotent - Handle repeated deliveries of the same event gracefully
Log events - Keep records of received webhooks for debugging
Add error handling - Implement robust error handling in your webhook processor

More Code Examples

Find additional implementation examples in various languages:

Developer Support

Need help implementing webhooks for your specific use case? Enterprise customers can schedule a consultation with our integration team for personalized assistance.

Business Integrations

Connect PhoneShield with your CRM, helpdesk, and other business tools

10 min read

Team Management

Learn how to manage team members and call routing in PhoneShield Business

11 min read

Ready to try PhoneShield?

Start screening your calls today and take back control of your phone.

Get started

View pricing

Previous: Business Integrations Next: Small Business Solutions