Webhooks
Truedy can send HTTP callbacks to your server when certain events occur (e.g. call completed, campaign status).Overview
- Configuration: Webhook URL and signing secret are configured in the Truedy Dashboard (e.g. Settings or Integrations). There is no Public API endpoint to create or update webhook endpoints; use the dashboard only.
- Truedy sends POST requests to your URL with a JSON body and signature headers.
- Respond with 2xx quickly; process the payload asynchronously if needed.
Payload format
Each webhook request has:- Body: JSON object with at least:
- event (string): Event type (e.g.
call.ended,batch.completed). - timestamp (string): ISO 8601 or Unix timestamp when the event occurred.
- data (object): Event-specific payload (e.g. call id, status, batch id).
- id or event_id (optional): Unique identifier for this delivery. Use it to deduplicate if the same event is retried.
- event (string): Event type (e.g.
- Headers:
- X-Truedy-Signature: HMAC-SHA256 signature (see below).
- X-Truedy-Timestamp: Timestamp used in the signature (Unix seconds or ISO string, depending on implementation).
Signature verification
Verify the request before trusting it:- Read the raw request body as a string (do not parse JSON and re-serialize; use the exact bytes received).
- Get the X-Truedy-Timestamp and X-Truedy-Signature headers.
- Build the signed message:
message = timestamp + "." + raw_body(timestamp and body concatenated with a dot). - Compute
HMAC-SHA256(message, secret)using your webhook signing secret (hex-encoded). - Compare the result with X-Truedy-Signature using a constant-time comparison (e.g.
hmac.compare_digest).
Event types
| Event | Description |
|---|---|
call.started | Call has started |
call.joined | Participant joined the call |
call.ended | Call ended (also sent as call.completed and normalized to call.ended) |
call.billed | Call billing event |
call.failed | Call failed |
batch.status.changed | Batch call status changed |
batch.completed | Batch completed |
voice.training.completed | Voice training finished successfully |
voice.training.failed | Voice training failed |
Idempotency and retries
- Deduplication: The same event may be delivered more than once (e.g. after a retry). Use the payload’s id or event_id (when present) to detect duplicates and process each event only once.
- Retries: If your endpoint returns a non-2xx status or times out, Truedy may retry with exponential backoff. Implement idempotent handling so duplicate deliveries are safe (e.g. store processed event IDs and skip if already seen).
Security
- Verify the signature using the shared secret and the steps above.
- Use HTTPS only for your webhook URL.
- Timestamp: Reject requests whose timestamp is outside an acceptable window (e.g. ±5 minutes).
Need help?
- Configure webhook URL and secret in the Truedy Dashboard.
- Check Error Handling for how to log and report issues using
request_id.

