Webhooks Overview
Webhooks Overview
Webhooks push real-time event data to your application the moment something happens in JustCall — a call completes, an SMS arrives, a voicemail is left. Instead of polling the API repeatedly, your server receives an HTTP POST with the event details.
How Webhooks Work
- You register a webhook URL in JustCall.
- You select which events to subscribe to.
- When a subscribed event occurs, JustCall sends a POST request to your URL with a JSON payload.
- Your server responds with a
200 OKto acknowledge receipt.
If your server does not respond with a 200 status, JustCall retries the delivery up to 5 times with exponential backoff (1, 5, 15, 30, and 60 minutes).
Set Up a Webhook
- Log in to JustCall as an Admin.
- Go to Settings → API & Webhooks.
- Scroll to the Webhooks section and click Add Webhook.
- Enter your Webhook URL (must be HTTPS).
- Select the events you want to receive.
- Click Save.
You can register multiple webhook URLs and subscribe each one to different event types.
Available Event Types
| Event | Triggered when |
|---|---|
call.completed | A call ends (inbound or outbound) |
call.missed | An inbound call is not answered |
sms.received | An inbound SMS arrives |
sms.sent | An outbound SMS is sent |
voicemail.received | A caller leaves a voicemail |
contact.created | A new contact is added to JustCall |
See Webhook Events Reference for the full list with sample payloads.
Payload Format
Every webhook POST includes these standard fields:
{
"event": "call.completed",
"timestamp": "2026-03-12T14:30:00Z",
"data": {
"call_id": "call_8f3a2b1c",
"direction": "inbound",
"from": "+14155559876",
"to": "+14155551234",
"agent_id": 42,
"duration": 185,
"status": "completed",
"recording_url": "https://recordings.justcall.io/rec_abc123.mp3"
}
}
| Field | Type | Description |
|---|---|---|
event | string | The event type that triggered the hook |
timestamp | string | ISO 8601 timestamp of the event |
data | object | Event-specific payload |
Verifying Webhook Authenticity
Each webhook request includes an X-JustCall-Signature header. To verify the request came from JustCall:
- Compute an HMAC-SHA256 hash of the raw request body using your API Secret as the key.
- Compare the computed hash with the value in
X-JustCall-Signature. - If they match, the request is authentic.
Testing Your Webhook
Use a service like webhook.site or ngrok to inspect payloads before pointing the webhook at your production server.
Troubleshooting
- Not receiving events — Confirm your URL is HTTPS and publicly accessible. Check that the correct events are selected in Settings.
- Duplicate events — Design your handler to be idempotent. Use
call_idormessage_idto deduplicate. - Timeouts — Your server must respond within 10 seconds. Offload heavy processing to a background job and return
200 OKimmediately.