Skip to main content
POST
/
sip-endpoints
Create SIP endpoint
curl --request POST \
  --url https://api.goyappr.com/sip-endpoints \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "After-hours",
  "inbound_agent_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "slug": "after-hours",
  "allowed_source_ips": [
    "203.0.113.0/24"
  ]
}
'
{
  "data": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "After-hours",
    "slug": "after-hours-bz3r3mtypuwuw8tpdw3x392s",
    "inbound_agent_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "is_active": true,
    "last_call_at": "2023-11-07T05:31:56Z",
    "allowed_source_ips": [
      "203.0.113.0/24"
    ],
    "sip_uri": "sip:after-hours-bz3r3mtypuwuw8tpdw3x392s@yappr-byoc.sip.telnyx.com",
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z"
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.goyappr.com/llms.txt

Use this file to discover all available pages before exploring further.

BYOC SIP — bring your own telephony, no SIP setup

A SIP endpoint lets you route inbound calls from your own telephony platform to a Yappr agent without buying a Yappr-managed phone number. Use it when you already have a business line and want unanswered or escalated calls to land on AI instead of voicemail. On create, the server generates a high-entropy slug (a 1–12 char prefix derived from your name + a hyphen + 24 random characters ≈ 120 bits of entropy) and returns the full URI. The slug is the bearer credential — it’s the only thing protecting the endpoint from being dialed by strangers, so treat the URI like an API key. Hand the sip_uri to the customer. They paste it into their PBX or CPaaS as the destination for the relevant route — no username or password, just the URI string.

Configuration on the customer’s side

Three universal facts they’ll need:
  1. URI — the value of sip_uri from the response, e.g. sip:after-hours-bz3r3mtypuwuw8tpdw3x392s@yappr-byoc.sip.telnyx.com
  2. Authentication — none
  3. Transport — UDP/TCP/TLS all work; codecs G711/G722 supported

Caller-ID trust

For calls arriving via SIP endpoints, the calling-party number comes from whichever upstream system you point at us — and that upstream is under your control. By default Yappr does not use that number for lead-memory lookups or returning-caller recognition. If your upstream is trustworthy (e.g. you operate it directly), you can opt an agent in via the dashboard.

Optional: source-IP allowlist

Pass allowed_source_ips as a JSON array of CIDRs/IPs to restrict which network sources can reach the endpoint. Useful when the customer’s PBX has a fixed egress IP. Omit (or pass null) to accept from any source.

Rate limit

A company can create up to 20 SIP endpoints per day.

Rotating access

There is no rotate-password endpoint — the slug itself is the secret. To rotate, delete the endpoint (the URI immediately returns 404) and create a new one with a fresh slug.

Authorizations

Authorization
string
header
required

Your Yappr API key (e.g. ypr_live_...). Generate one in the dashboard under Settings → API Keys.

Body

application/json
name
string
required

Human-readable label, shown in the dashboard.

Example:

"After-hours"

inbound_agent_id
string<uuid>
required

Agent that should answer calls routed to this endpoint.

slug
string

Optional human-readable prefix (max 12 chars). Server appends a hyphen and a 24-char random suffix to produce the final slug. Lowercase letters/digits/single hyphens. Auto-derived from name if omitted.

Example:

"after-hours"

allowed_source_ips
string[] | null

Optional list of CIDRs/IPs that may dial this endpoint. null (default) accepts any source.

Response

SIP endpoint created. Hand the sip_uri to the customer.

data
object

A BYOC SIP endpoint. Customers paste the returned sip_uri into their own telephony system — calls dialed to that URI are routed to the Yappr agent identified by inbound_agent_id. No authentication is required at the SIP layer; the slug embedded in the URI is the bearer credential.

Security model: the slug includes ~120 bits of entropy in its random suffix, so guessing is intractable. Treat the full URI like an API key — anyone with it can dial the agent. To revoke access, delete the endpoint (which makes the URI immediately return 404) and create a new one.

Optional defense in depth: set allowed_source_ips to restrict which source IPs (or CIDRs) can reach the endpoint. Calls from any other source are rejected pre-answer.