SIP trunks.
Each card defines one SIP trunk this tenant uses. Trunks are stored in App_Data/<tenant>/appsettings.json · WebPhone:Trunks and read by the SIP bridge.
Label: free-form hint shown in logs and CDRs (primary / backup / voiptalk-uk). The bridge does NOT route by this — routing is by Priority + the inbound/outbound concurrency caps.
Password: typed in the browser, stored plaintext server-side (the bridge needs to recompute SIP Digest responses against the carrier's realm + nonce on every challenge). On disk inside App_Data — protected by NTFS ACLs same as sip-credentials and OIDC keys. Never echoed back to the browser; leave blank on edit to keep the stored one.
From URI: built server-side as sip:<FromUser or Username>@<Host>. If you need a custom URI (different host, params), tick "advanced" and edit the literal FromUri.
Max inbound / outbound: per-direction concurrency caps. -1 = use Max calls as the total; 0 = disable this direction; positive = absolute cap (still limited by total). Example: in=1 out=1 total=1 means at most ONE call either way (not one of each).
Numbers: optional list of DIDs / extensions this trunk owns (e.g. FRITZ!Box **601, **602 or PSTN +436641234567). Comma- or newline-separated. Stage 1 stores them only — future stages can auto-add to the FraudGuard whitelist, drive inbound DID routing, and tag CDRs with the receiving DID. Bridge ignores the field today, so it's safe to fill in now.
Operator HMAC fallback is read from sessionStorage codeb_admin_secret. OIDC bearer is used first; HMAC is the break-glass path. Same gate as other admin pages.