Build carrier-grade communication workflows with our RESTful API. JSON over HTTPS, Bearer token auth, and real-time webhooks.
curl -X POST https://api.ajoxi.com/v1/calls \
-H "Authorization: Bearer AJX_LIVE_..." \
-H "Content-Type: application/json" \
-d '{ "to": "+14155551234", "from": "+14155550100", "ai_receptionist": true }'{
"id": "call_8f2a1b3c",
"status": "ringing",
"ai_handler": "receptionist_v2"
}All requests authenticate with a Bearer token in the Authorization header. Generate keys from the API tab of your Ajoxi console — use AJX_LIVE_… for production traffic and AJX_TEST_… for sandbox.
curl https://api.ajoxi.com/v1/calls \
-H "Authorization: Bearer AJX_LIVE_XXXXX"Place, list, transfer, and retrieve voice calls.
/v1/callsList all calls with cursor pagination and date filters.
/v1/callsInitiate a new outbound call or trigger a dialer campaign.
/v1/calls/{id}Retrieve a single call by ID with full metadata.
/v1/calls/{id}/transferTransfer an active call to another agent or extension.
Search, provision, port, and release phone numbers.
/v1/numbersSearch available local, toll-free, or international numbers.
/v1/numbersProvision a new number into your account.
/v1/numbers/{id}Update routing, caller-ID, or SMS configuration on a number.
/v1/numbers/{id}Release a number back to the pool. Irreversible.
Send and receive SMS, MMS, and conversation history.
/v1/messagesList messages, filter by direction, channel, or conversation.
/v1/messagesSend an SMS or MMS. Supports media attachments and templates.
Access call recordings, transcripts, and AI-generated insights.
/v1/recordingsList call recordings with optional date and agent filters.
/v1/recordings/{id}Retrieve a single recording with transcript and AI summary.
/v1/transcripts/{id}Retrieve the full transcript for a call or recording.
Subscribe to real-time platform events.
/v1/webhooksList configured webhook subscriptions.
/v1/webhooksSubscribe to one or more events (call.start, message.received).
/v1/webhooks/{id}Remove a webhook subscription.
Every error response returns JSON with an error.code and error.message. The HTTP status code matches the category.
Standard accounts are capped at 100 requests per second per API key. Enterprise plans have no fixed cap — we scale alongside your traffic. Every response includes three rate-limit headers:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 87
X-RateLimit-Reset: 1715800000When the limit is exceeded you receive a 429 response with a Retry-After header in seconds. The SDK clients implement exponential backoff against these headers automatically.
List endpoints return at most 50 items per page by default (configurable up to 200 via ?limit=200). Each response includes a next_cursor — pass it back as ?cursor=… to retrieve the next page. When next_cursor is null, you have reached the end.
{
"data": [ ... ],
"next_cursor": "Y3Vyc29yX2FmMmI...",
"has_more": true
}Subscribe to platform events via signed HTTPS POSTs. Every webhook request includes an X-Ajoxi-Signature header — verify it as HMAC-SHA256 over the raw request body using your webhook secret.
call.startedFired when an inbound or outbound call begins ringing.call.answeredFired when a call is answered by a human or AI receptionist.call.completedFired when a call ends. Payload includes duration, recording URL, and final disposition.message.receivedFired when an inbound SMS or MMS arrives at a provisioned number.message.deliveredFired when an outbound message is confirmed delivered by the carrier.recording.readyFired when a call recording is processed and available for download.transcript.readyFired when the AI transcript for a recording has finished processing.Failed deliveries retry with exponential backoff for up to 24 hours. After the final attempt, the event is moved to a dead-letter queue you can replay from the console.
The current stable version is v1. Breaking changes ship under a new prefix (/v2/, etc.) — never inside an existing version. Deprecated versions remain available for at least 18 months after a successor ships, with 6 months of email warning before sunset.
First-party SDKs are available for Node.js, Python, Go, and Ruby. Each ships with typed clients, retry logic, and a verifyWebhook() helper.
All requests use Bearer-token authentication. Generate an API key in the Ajoxi console, then pass it as `Authorization: Bearer AJX_LIVE_XXXXX` on every request. Use a separate `AJX_TEST_…` key for sandbox traffic — the test environment is isolated and never places real calls.
Yes. Calls placed with test-mode keys are routed through our simulator instead of the live carrier network — perfect for CI pipelines and load testing. Test-mode requests do not bill against your minute allowance and never ring a real phone.
100 requests per second on the standard plan, unlimited on enterprise. Each response includes `X-RateLimit-Limit`, `X-RateLimit-Remaining`, and `X-RateLimit-Reset` headers so you can pace your traffic accurately. When you exceed the limit you receive a 429 with a `Retry-After` value.
Every webhook request includes an `X-Ajoxi-Signature` header. Compute HMAC-SHA256 over the raw request body using your webhook secret, then compare the two values constant-time. SDK clients (Node, Python, Go, Ruby) ship with a `verifyWebhook()` helper that handles this for you.
We never break a stable API version. Breaking changes ship under a new version path (e.g. `/v2/`). Deprecated versions stay live for at least 18 months after a successor ships, and you receive at least 6 months of email warnings before any sunset.
Not currently. The API is REST + JSON with optional Server-Sent Events for streaming endpoints like live transcripts. If GraphQL would unblock a specific workflow for you, file a request through your account team — we track demand and prioritise accordingly.
Spin up a sandbox key, install an SDK, and place your first programmable call before lunch.