MamontCall Click-to-Call API
Trigger outbound calls from your CRM and get a webhook when they finish — without ever touching the underlying phone system directly.
Already a MamontCall customer? Log in to the portal and open Developer to generate your API key.
Open the portal →Authentication
Every request needs a Bearer key in the Authorization header:
Authorization: Bearer mc_live_...
Place a call
POST/v1/click-to-call
Rings device first; once answered, bridges to destination. Limited to one call per device every 3 seconds.
curl -X POST https://api.mamontcall.com/v1/click-to-call \
-H "Authorization: Bearer mc_live_..." \
-H "Content-Type: application/json" \
-d '{
"device": "101",
"destination": "+15551234567",
"client_reference": "lead-42"
}'
# 202 Accepted
{"ok": true, "call_id": "17834168392648973"}
Request body
| Field | Required | Description |
|---|---|---|
device | Yes | Which of your devices/extensions rings first |
destination | Yes | The number to bridge to once device answers |
client_reference | No | Your own id, echoed back in the webhook (max 128 chars) |
Errors
| Status | Meaning |
|---|---|
401 | Missing or invalid API key |
400 | device or destination missing |
404 | device not found on your account |
429 | That device was used within the last 3 seconds — see Retry-After |
502 | The call could not be initiated |
Fetch a recording
GET/v1/calls/{call_id}/recording
Returns the call's audio as audio/mpeg once available, scoped to your own account. Returns 404 if there's no recording yet or the id doesn't belong to you.
Check agent status
GET/v1/agents/status
Which of your own devices are online and which are currently on a call — for routing a click-to-call before dialing, or a live dashboard. Poll it; there's no per-request rate limit.
curl https://api.mamontcall.com/v1/agents/status \
-H "Authorization: Bearer mc_live_..."
# optionally filter to specific devices:
curl "https://api.mamontcall.com/v1/agents/status?device=101,102" \
-H "Authorization: Bearer mc_live_..."
# 200 OK
{
"agents": [
{
"device": "101",
"online": true,
"on_call": true,
"destination": "+15551234567",
"duration_seconds": 42,
"last_call_end": "2026-07-07T09:34:41.000Z"
},
{
"device": "102",
"online": false,
"on_call": false,
"destination": null,
"duration_seconds": null,
"last_call_end": null
}
]
}
destination/duration_seconds are only non-null while on_call is true. last_call_end is when the device last finished a call, or null if it never has.
Webhooks
When a call finishes, we POST a call.completed event to the webhook URL you configure in the portal:
POST <your webhook url>
Content-Type: application/json
X-MamontCall-Signature: sha256=<hmac>
X-MamontCall-Timestamp: <unix ms>
{
"event": "call.completed",
"event_id": "evt_17834168392648973",
"call_id": "17834168392648973",
"client_reference": "lead-42",
"device": "101",
"destination": "+15551234567",
"status": "answered",
"duration_seconds": 42,
"initiated_at": "2026-07-07T09:33:59.000Z",
"ended_at": "2026-07-07T09:34:41.000Z",
"recording_available": true
}
status is one of answered, no_answer, busy, failed, canceled. We retry a failed delivery after 5s, 30s, then 120s.
Verifying the signature
The webhook secret is shown in the portal's Developer page. Recompute the signature and compare:
const signed = timestamp + '.' + rawRequestBody
const expected = 'sha256=' + hmacSha256Hex(signed, webhookSecret)
// compare to the X-MamontCall-Signature header (constant-time compare)