Medera Voice webhooks receiver

The AI Services receive Medera Voice webhooks at:

POST /api/vapi/webhook # main webhook (HMAC-SHA256 verified)
POST /api/vapi/webhook/assistant-request # dynamic assistant config
GET /api/vapi/webhook/health # health
GET /api/vapi/webhook/call/{call_id} # call state
GET /api/vapi/webhook/call/{call_id}/transcript # buffered transcript

Event types

Event	When
`status-update`	Call status change
`transcript`	Transcript chunk available
`function-call`	LLM invoked one of The Intake Agent’s functions
`tool-calls`	Tool invocation batch
`end-of-call-report`	Final call summary
`speech-update`	Speaking / silent state
`user-interrupted`	User interrupted assistant
`hang`	Call hung up

Signature verification

Webhook signature: medera-voice-signature header. Verified using the configured webhook_secret (HMAC-SHA256). Unverified webhooks are rejected.

Outbound webhooks (to your endpoint)

If your tenant has configured a webhook URL on the deployment, Medera sends signed outbound webhooks:

Event	Payload
`intake.started`	`{ call_id, deployment_id, patient_phone }`
`intake.screener.completed`	`{ call_id, screener, score, severity }`
`intake.crisis.detected`	`{ call_id, risk_band, escalation_id }`
`intake.summary.ready`	`{ call_id, handoff_packet_url }`
`intake.completed`	`{ call_id, summary_id, duration_ms }`	Verify with `Medera-Signature: sha256=...`.

​Event types

​Signature verification

​Outbound webhooks (to your endpoint)

Event types

Signature verification

Outbound webhooks (to your endpoint)