Wire KaiCalls into the stack you already run.
KaiCalls is the phone layer. Your CRM, your calendar, your ticketing system — that's where the work actually happens. This page covers how calls and leads leave Kai and land in the systems your team already uses every day.
Every API key is tied to one business. No shared master credentials.
Every event ships with a signature header. Reject anything that doesn't verify.
Exponential backoff, dead-letter queue, and manual replay from the dashboard.
The four rails
Auth, permissions, webhooks, event delivery.
That's the surface area. Everything else builds on top.
Authentication
Business-scoped API keys. Create one per integration so you can rotate or revoke a single workflow without taking the rest down.
Permissions
Every request resolves to a business ID before it touches data. One business's keys cannot see another business's leads, calls, or transcripts.
Signed webhooks
Call events, lead captures, and status updates ship with HMAC signatures. Verify before you act so a forged callback can't create state in your system.
Event delivery
Push outcomes to your webhook endpoint, your CRM, or your workflow tool. Retries with exponential backoff, dead-letter visibility, and replay are built in.
Quickstart
From zero to a verified webhook in four steps.
If your CRM already speaks webhooks, you're probably done in 20 minutes.
1. Create a business-scoped API key in the dashboard.
2. Pick the events you want delivered (call.ended, lead.captured, etc).
3. Add your webhook URL and shared signing secret.
4. Verify the signature on each delivery, return 2xx within 5s, and you're live.Common endpoints
Read agent + phone config
Pull the current agent prompt, voice, routing rules, and assigned phone numbers for a business.
Subscribe to call + lead events
Receive call-started, call-ended, lead-captured, and follow-up events as signed webhook payloads.
Send messages + place calls
Trigger an outbound call or SMS programmatically. Consent and DNC are checked before the action goes out.
Inspect failures + retries
Query delivery status, retry counts, and last error for any event you cared about. No silent drops.
How we think about the API
Three things that shape how everything's designed.
Useful to know before you start, because they're the reason we say no to certain things and yes to others.
Send events to systems your customer already lives in. Don't make them log into one more place to see their leads.
Keys and webhook secrets stay server-side. Never embedded in widgets, mobile builds, or anything the browser can read.
If you change consent or routing through the API, those changes show up in the same audit log the dashboard writes to.