travelcalls.ai
Developers

A real developer surface. Admin API, webhooks, function-tool auto-sync, live events.

Everything on this page exists in the running platform today. JWT-authenticated, tenant-scoped, every write audit-logged.

01 / Admin API · CRUD over the platform

Everything you can do in the console you can do over HTTP.

The admin API covers flows, function tools, cases, voice config, and document ingest. JWT-authenticated, tenant-scoped, every write audit-logged. Same token model as the console — no separate “API keys” surface.

AuthJWT (HS256, default 24h expiry, configurable per environment)
Path prefix/admin/clients/:cid/…
TenancySubstitute :cid with your client_id; multi-tenancy is in the path, not implicit in the token.
Rate limitsConfigurable per environment. Exceeding them returns 429 with a Retry-After header.

Full endpoint catalog and schemas provided to design partners on request.

02 / Webhooks · inbound channels

Three inbound webhooks. All idempotent. All signed.

Webhooks are signed with a per-tenant secret and replayed on transient failure. The receiver dedupes by upstream message id before opening or updating a case.

Gmail (history.list push)

POST /webhooks/gmail/:cid

Subscribes to Gmail's history.list push notifications. Picks up replies on a watched mailbox in seconds, matches against the case spine, drafts the reply.

Microsoft Graph (Exchange Online)

POST /webhooks/graph/:cid

Graph subscription notifications for Exchange Online mailboxes. The tenant id is in the path so the dispatcher routes without parsing the payload. Same downstream as Gmail — case-id is the unifying primitive.

Postmark inbound

POST /webhooks/postmark/:cid/:token

For tenants who route via Postmark's inbound stream. The per-tenant token in the URL serves as both identifier and shared secret for the inbound stream.

03 / Function-tool auto-sync

Register your API endpoints. We turn each one into a function tool the agent can call.

The agent doesn't speak HTTP — it speaks function tools. Auto-sync bridges the two so you don't hand-write a tool definition for every endpoint.

01

Register endpoints

Endpoints are registered through the console today (URL, method, headers, params, auth reference). An admin API for endpoint registration is on our near-term list — see §05.

02

Sync — endpoints become function tools

One call. Scans the tenant's registered endpoints, derives parameter schemas, creates or updates a function tool per endpoint, returns a per-endpoint outcome report.

POST/admin/clients/:cid/function-tools/sync-from-endpoints
Request

no request body

Response

per-endpoint outcomes

curl
curl -X POST https://api.travelcalls.ai/admin/clients/$CID/function-tools/sync-from-endpoints -H "Authorization: Bearer $TC_TOKEN"
04 / WebSocket events · real-time UI

One socket. Real-time for your console.

Used by our own operations console. If you'd rather build your own UI, the same socket is yours. Wire names are lowercase, snake-case.

Real-time events cover call lifecycle (started · active · ended) and case state (created · updated). JWT-authenticated, tenant-scoped, configurable concurrent-connection cap per user.

call.startedcall.activecall.endedcase.createdcase.updated
05 / What's not on this page

The honest list of what we haven't built yet.

  • No admin route to register endpoints over HTTP — yet

    Today, the API endpoints that sync-from-endpoints scans are registered through the console. A direct admin route to register endpoints over HTTP is on the near-term list.

  • No SDK

    No JS or Python SDK today. The API is small enough that curl + your HTTP client of choice gets you everything. We'll add an SDK when a pilot needs it, not before.

  • No public sandbox

    No "click here for a sandbox" today. Each design partner gets a dedicated tenant we provision in < 1 day. Email us and we’ll cut keys for you.