MamontCall Click-to-Call API

Trigger outbound calls from your CRM and get a webhook when they finish — without ever touching the underlying phone system directly.

Already a MamontCall customer? Log in to the portal and open Developer to generate your API key.

Open the portal →

Authentication

Every request needs a Bearer key in the Authorization header:

Authorization: Bearer mc_live_...

Place a call

POST/v1/click-to-call

Rings device first; once answered, bridges to destination. Limited to one call per device every 3 seconds.

curl -X POST https://api.mamontcall.com/v1/click-to-call \
  -H "Authorization: Bearer mc_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "device": "101",
    "destination": "+15551234567",
    "client_reference": "lead-42"
  }'

# 202 Accepted
{"ok": true, "call_id": "17834168392648973"}

Request body

FieldRequiredDescription
deviceYesWhich of your devices/extensions rings first
destinationYesThe number to bridge to once device answers
client_referenceNoYour own id, echoed back in the webhook (max 128 chars)

Errors

StatusMeaning
401Missing or invalid API key
400device or destination missing
404device not found on your account
429That device was used within the last 3 seconds — see Retry-After
502The call could not be initiated

Fetch a recording

GET/v1/calls/{call_id}/recording

Returns the call's audio as audio/mpeg once available, scoped to your own account. Returns 404 if there's no recording yet or the id doesn't belong to you.

Check agent status

GET/v1/agents/status

Which of your own devices are online and which are currently on a call — for routing a click-to-call before dialing, or a live dashboard. Poll it; there's no per-request rate limit.

curl https://api.mamontcall.com/v1/agents/status \
  -H "Authorization: Bearer mc_live_..."

# optionally filter to specific devices:
curl "https://api.mamontcall.com/v1/agents/status?device=101,102" \
  -H "Authorization: Bearer mc_live_..."

# 200 OK
{
  "agents": [
    {
      "device": "101",
      "online": true,
      "on_call": true,
      "destination": "+15551234567",
      "duration_seconds": 42,
      "last_call_end": "2026-07-07T09:34:41.000Z"
    },
    {
      "device": "102",
      "online": false,
      "on_call": false,
      "destination": null,
      "duration_seconds": null,
      "last_call_end": null
    }
  ]
}

destination/duration_seconds are only non-null while on_call is true. last_call_end is when the device last finished a call, or null if it never has.

Webhooks

When a call finishes, we POST a call.completed event to the webhook URL you configure in the portal:

POST <your webhook url>
Content-Type: application/json
X-MamontCall-Signature: sha256=<hmac>
X-MamontCall-Timestamp: <unix ms>

{
  "event": "call.completed",
  "event_id": "evt_17834168392648973",
  "call_id": "17834168392648973",
  "client_reference": "lead-42",
  "device": "101",
  "destination": "+15551234567",
  "status": "answered",
  "duration_seconds": 42,
  "initiated_at": "2026-07-07T09:33:59.000Z",
  "ended_at": "2026-07-07T09:34:41.000Z",
  "recording_available": true
}

status is one of answered, no_answer, busy, failed, canceled. We retry a failed delivery after 5s, 30s, then 120s.

Verifying the signature

The webhook secret is shown in the portal's Developer page. Recompute the signature and compare:

const signed = timestamp + '.' + rawRequestBody
const expected = 'sha256=' + hmacSha256Hex(signed, webhookSecret)
// compare to the X-MamontCall-Signature header (constant-time compare)