The WebRTC signaling backbone. The conference page upgrades the HTTP connection here to a WebSocket and stays there for the duration of the call. A handful of plain HTTP query flags expose anonymous-safe metadata used by the status page, the public virtual numbers directory, and the camera registry.
Anonymous-safe. The endpoints listed below intentionally never reveal a caller number, an internal IP, or a tenant secret. Anything that does — ?stats, ?diallog, ?cdrlog, ?registrar, ?aliases, ?whitelist, the ?virtualnumbers CRUD — lives behind admin HMAC or an OIDC Bearer and is excluded here.
Bidirectional WebRTC signaling channel. The browser conference client connects here on page load and remains for the lifetime of the call. Every signaling message after the upgrade is JSON-encoded.
Request
Standard WebSocket upgrade. No query parameters required for join. The server reads room + display-name + optional dial=<vnum> from the URL the page was loaded with and conveys them to the server via the first join frame.
Response
Server → client frame types include welcome (peer-id + minted ICE servers including TURN credentials when configured), peer-joined, peer-left, signal (carries SDP + ICE candidates from another peer), ring, ring-cleared, kicked, error. Client → server frame types include join, signal (to relay SDP/ICE to a specific peer), dial, leave, ping.
Errors
The endpoint also responds to a plain GET (no Upgrade header) with a one-line build-stamp text/plain response, useful for liveness probes.
Designed for the bundled browser client. Keepalive pings every ~25 s. Anonymous join is allowed; OIDC sign-in upgrades the connection's verifiedIdentity field which is broadcast to other peers as a green badge.
Public health snapshot consumed by status.html. Lists live rooms, current peer count, trunk status (with hostnames redacted), and CDR aggregates. Safe to expose — no caller numbers, no IPs.
List of public virtual numbers a visitor can dial right now. Each row carries the dial-in URL, the human name, and the mode (AI receptionist vs. TTS).
Request
No body. Optionally accepts an OIDC Bearer token; signed-in users see additional internal rows. Anonymous callers see only rows marked visibility=anonymous.
Used by status.html and the public virtual-numbers-overview.html directory page. Only rows marked visibility=anonymous appear publicly; operators who set a vnum name to personal data should mark it non-anonymous to keep it off this endpoint.
Internal SIP-bridge webhook the bridge POSTs to when an inbound PSTN call lands. Not intended for third-party integration — documented here for transparency and security review. HMAC-validated against the per-tenant bridge secret; only the local bridge can reach it.
Request
POST JSON body with the inbound call descriptor plus an X-Sig: HMAC-SHA256 header signing office-ring|<host>|<body> with the bridge shared secret.
Response
Returns { "delivered": N } where N is the number of CodeB Webphone instances that accepted the ring.
Errors
401 on signature mismatch.
Only the SIP bridge running on the same machine knows the secret. Documented here because it appears on the wire and any reviewer should know what it is.
Internal SIP-bridge webhook the bridge POSTs when an inbound call is cancelled, hung up, or picked up elsewhere. Not intended for third-party integration — documented here for transparency and security review. Same HMAC envelope as ?office-ring.
Request
POST JSON with the same HMAC-SHA256 envelope as ?office-ring.
Response
{ "ok": true }
Errors
401 on signature mismatch.
Same bridge-HMAC posture as ?office-ring.
Need an admin endpoint? Admin-only and OIDC Bearer-gated routes
are documented inside the admin UI itself (visible only to signed-in admins
on this host). The public API set on this page is the surface you can
integrate against without provisioning a CodeB user.