Integrate VOIP@ Cloud into your applications. Manage domains, extensions, gateways, and call records programmatically with our REST API.
Explore and test all API endpoints interactively in your browser — no setup required.
The VOIP@ Cloud API is a RESTful API that uses JSON for request and response bodies. All API endpoints are served over HTTPS. The base URL for all API requests is:
All requests must include the Content-Type: application/json header. Responses follow standard HTTP status codes: 200 for success, 201 for created, 400 for bad request, 401 for unauthorized, 404 for not found, and 503 for ESL/FreeSWITCH not connected.
A Swagger / OpenAPI interactive reference is available at: https://mt.voipat.com/pbxapi/api-docs
All API requests require authentication using a Bearer token. You can generate API keys from your VOIP@ Cloud dashboard under Accounts > Users.
English
العربية
Español
Français
Deutsch
Português
中文
日本語
Türkçe
Русскийfpx_API keys are scoped to the user's domain. You can regenerate or revoke keys at any time from the user's profile.
Returns full extension details. Returns 404 if not found.
All call control routes communicate with FreeSWITCH via ESL. Returns 503 if ESL is not connected.
Returns individual channel legs (2 per bridged call). Use /calls/active for paired calls.
Returns 404 if the channel UUID is not found or the call has ended.
type: "blind" (default) or "attended"
Also available: POST /pbxapi/calls/:uuid/unhold and POST /pbxapi/calls/:uuid/hold/toggle
Also available: POST /pbxapi/calls/:uuid/unmute
Query parameters: domain, start_date, end_date, direction (inbound/outbound/local), extension, search, limit (max 1000), offset
Query parameters: domain, start_date, end_date
Non-admin users see only keys in their own domain.
The key is invalidated instantly — no waiting for token expiry.
VOIP@ Cloud provides three integration points to connect the WebRTC phone with any CRM, helpdesk, or business application. Choose the option that fits your architecture.
How it works:
Phone widget (browser) → calls crm_webhook_proxy.php on every call event → server replaces placeholders → server POSTs or GETs your CRM URL → your CRM receives the event data.
Configure in: FusionPBX → Apps → WebRTC Phone → CRM Settings
The phone widget fires call events to the server-side webhook proxy, which forwards them to your configured CRM URL with all call data substituted in.
Query parameters (sent by the phone widget):
| Parameter | Required | Description |
|---|---|---|
event | Yes | new_call, ringing, dial_out, answered, hangup, agent_login, agent_logout |
caller_id | No | Caller's phone number |
caller_name | No | Caller's display name |
destination | No | Dialed destination number |
direction | No | inbound or outbound |
duration | No | Call duration in seconds (sent on hangup) |
extension | No | Agent's extension number |
call_id | No | Unique SIP Call-ID |
timestamp | No | ISO 8601 event timestamp |
CRM URL placeholders — use in your configured webhook and screen-pop URLs:
| Placeholder | Description |
|---|---|
{event} | Event name: new_call, ringing, dial_out, answered, hangup, agent_login, agent_logout |
{caller_id} | Caller's phone number |
{caller_name} | Caller's display name (if available) |
{destination} | Dialed destination number |
{direction} | inbound or outbound |
{duration} | Call duration in seconds (available on hangup) |
{extension} | Agent's extension number |
{call_id} | Unique SIP Call-ID |
{timestamp} | ISO 8601 timestamp of the event |
{domain} | FusionPBX domain name (e.g. pbx.example.com) |
CRM URL settings — configure in Apps → WebRTC Phone → CRM Settings:
| Setting | Description |
|---|---|
crm_url | Webhook URL called on all call events (use placeholders above) |
crm_method | GET or POST. On POST, data is also sent as JSON body |
crm_login_url | Screen-pop URL opened in browser on incoming call |
crm_auto_login_url | URL opened automatically when the phone registers |
crm_agent_login_url | Called when agent activates agent_login event |
crm_agent_logout_url | Called when agent activates agent_logout event |
Returns the active user's extensions, WSS config, and all configured CRM URLs. Requires a logged-in FusionPBX session. Used internally by the phone widget but also available to custom integrations.
Allows any external website or CRM to embed a call button that dials directly from the user's browser — no FusionPBX login required.
CORS: Supports cross-origin requests. Restrict to your domain by setting Allowed Origins when creating the token in FusionPBX.
Test API endpoints directly from this page. Enter your API key and domain to authenticate, then select an endpoint and send a request.
Requests go directly to mt.voipat.com. CORS must be enabled on the API server for cross-origin requests from this page to succeed.
To ensure fair usage and platform stability, API requests are rate limited per API key.
Standard plans: 60 requests per minute, 1,000 requests per hour
Enterprise plans: 300 requests per minute, 10,000 requests per hour
Rate limit information is included in the response headers:
If you exceed the rate limit, you will receive a 429 Too Many Requests response. Wait until the X-RateLimit-Reset timestamp before retrying. We recommend implementing exponential backoff in your integration.
If you have questions about the API or need assistance with your integration, contact our developer support team: