Skip to main content
Version: 0.9.14

API service operations

The API service runs the TelAPI server — a Fastify-based HTTP and WebSocket API that handles call tokens, browser-to-ARI channel communication, provider webhooks, and external API endpoints. Multiple instances run behind a managed Load Balancer with TLS termination and sticky sessions.

Instance

FieldValue
NetworkPrivate only — no public IP; traffic arrives via managed load balancer
ScalableYes — set initial count in your provisioning tool; the Ops Scaler can adjust count dynamically

Containers

ContainerImagePortPurpose
voiceai-telapi${ECR_REGISTRY}/voiceai-telapi:${ECR_TAG} (Node 24-alpine)3001API + WebSocket gateway (host network)
voiceai-otel-collectorotel/opentelemetry-collector-contrib:0.154.0Telemetry collector

Load balancer

FieldValue
FrontendHTTPS :443 with managed TLS for DOMAIN_API
Backend:3001
Health checkGET /health
Sticky sessionsEnabled — required for WebSocket
Target selectionrole=api,environment=${ENVIRONMENT}

Networking

Private network only — no public IP. All traffic arrives through the LB. Outbound to ECR, AWS Secrets, and provider APIs goes through the Squid proxy.

API surface by feature flag

SurfaceFEATURE_API_ACCESS=trueFEATURE_API_ACCESS=falseFEATURE_WEBRTC=false
GET /healthAvailableAvailableAvailable
/metricsAvailableAvailableAvailable
/api/v1/webhooks/*AvailableAvailableAvailable
/api/v1/sessions/*AvailableNot registeredRegistered, but WebRTC session-token requests return 503
/api/v1/runtime/*AvailableNot registeredAvailable when API access is enabled
/api/v1/endpointsAvailableNot registeredAvailable when API access is enabled
/ws/sessionAvailableNot registeredAvailable only for non-WebRTC modes when API access is enabled

Use FEATURE_API_ACCESS=false for webhook-only deployments. TelWeb also hides API keys and API Server Config surfaces when API access is disabled.

See also