Integrations · REST API + Webhooks

Voice AI REST API and webhooks

For everything that does not have a native or Zapier connector, Nexora exposes a full REST API and a webhook delivery system. Trigger outbound campaigns, fetch conversation history, push knowledge-base updates, and react to events in real time. OAuth 2.0 client credentials for authentication, signed webhook payloads for integrity, idempotent endpoints for replay safety. Build whatever the native connectors do not — including bespoke in-house adapters scoped during the 14-day pilot.

How it works

Three steps to ship REST API + Webhooks in your pilot

STEP 1

Authenticate with OAuth 2.0

Create a client credentials grant in the Nexora admin console. The token has scoped permissions (conversations:read, campaigns:write, etc.) and a configurable lifetime. Standard OAuth 2.0 client credentials flow — nothing bespoke to learn.

STEP 2

Call the REST endpoints

Endpoints are documented openly: /conversations, /campaigns, /knowledge, /webhooks. JSON in, JSON out, idempotency keys honoured. Rate limits are conservative by default and lift on request once we see your traffic shape.

STEP 3

Receive signed webhooks

Subscribe to events: conversation.completed, intent.detected, campaign.callback.received. Payloads are signed with HMAC-SHA256 over a shared secret so you can verify origin. Delivery retries with exponential back-off if your endpoint is briefly unavailable.

What teams use it for

Common REST API + Webhooks use cases

  • Custom in-house integrations to your core system, where neither a native connector nor Zapier covers the data shape.

  • Programmatic campaign initiation from your existing scheduling or orchestration platform.

  • Real-time event pipelines: feed every conversation outcome into your data warehouse, BI tool, or compliance log.

Code preview

REST API — initiate outbound voice campaign

HTTP
POST /v1/campaigns
Authorization: Bearer <oauth2-token>
Idempotency-Key: <client-supplied-uuid>
Content-Type: application/json

{
  "scenario": "appointment_reminder",
  "schedule_at": "2026-06-01T09:00:00+12:00",
  "recipients": [
    {"phone": "+64 ...", "context": {"first_name": "...", "appt": "..."}}
  ],
  "webhook_url": "https://example.com/nexora/events"
}

Stylised example — not a runnable script. Endpoints, payload shapes, and authentication are documented in the integration runbook shipped during the pilot.

Frequently asked questions

Common questions

How is the REST API authenticated?

OAuth 2.0 client credentials grant. Create a client in the admin console with the scopes you need; the resulting token authenticates every API call. Tokens have configurable lifetimes; rotation is supported. There's no bespoke authentication scheme to learn — if you've used a modern API, you've used this.

How do webhook signatures work?

Each webhook payload is signed with HMAC-SHA256 over a shared secret you set when creating the webhook subscription. The signature appears in an `X-Nexora-Signature` header. Your endpoint verifies by recomputing the HMAC over the raw body — standard pattern, same as Stripe, GitHub, and others.

What is the retry behaviour for failed webhook delivery?

Exponential back-off: 30s, 2m, 5m, 15m, 1h, 6h, 24h. After the final retry, the event surfaces in the admin console as a failed delivery so you can replay it manually. We never silently drop events — every conversation outcome is durable until acknowledged.

Can custom in-house adapters be built in the pilot?

Yes. Bespoke connectors to in-house systems are common — typically a thin wrapper that translates your internal API to the Nexora REST surface, hosted alongside your other integration glue. The pilot includes scoping and shipping of one such adapter; additional adapters are a follow-on engagement.

Ready to wire REST API + Webhooks into your pilot?

Pilot in 14 days. Live in 30.

A 30-minute scoping call. We bring the REST API + Webhooks integration patterns. You bring the system credentials and the first use case.

Talk to salesSee product capabilities