Home / Developers

Developers

Trust, in three API calls.

Wrap your existing voice stack — no rip-and-replace. Verify the agent, capture consent, pull the audit log. Everything else is a webhook.

<200 ms verification Node · Python · Go Sandbox from minute one

01 Quickstart

The whole handshake, one call.

A single verify() establishes identity, fires AI disclosure, records consent, arms human escalation, and opens the audit log. It returns a trust decision your app can branch on.

  • 1. Install the SDK and set NAC_KEY.
  • 2. Call verify() when the call connects.
  • 3. Branch on session.trust.verified.
quickstart.ts
// npm i @noaicalls/sdk
import { NoAICalls } from "@noaicalls/sdk";

const nac = new NoAICalls(process.env.NAC_KEY);

const session = await nac.calls.verify({
  agentId: "agent_meridian_care_01",
  disclose: true,
  consent: ["recording"],
  escalation: "on_request",
});

if (!session.trust.verified) hangUp();

session.trust;
// { verified: true, latencyMs: 118,
//   passport: "vp_9f3a24c1",
//   audit: "log_7c21" }

02 API reference

Three endpoints cover the protocol.

POST /v1/verify
Verify an agent

Checks the agent's Voice Passport against the registry, fires disclosure, opens an audit session. Returns a trust decision in under 200 ms.

POST /v1/consent
Record consent

Captures the caller's recording and AI-interaction consent, timestamped and written to the immutable ledger. Revocable via the same endpoint.

GET  /v1/audit/:id
Pull the audit log

Returns the hash-chained event record for a session — disclosure, consent, policy checks, escalation — exportable as signed JSON.

03 SDKs & webhooks

SDKs

Typed, retried, boring.

First-class libraries for Node, Python, and Go — idempotency keys, automatic retries, and full type coverage. Community-maintained Ruby and PHP.

Webhooks

Events, not polling.

Subscribe to consent.granted, consent.revoked, escalation.requested, and trust.scored. Signed payloads, at-least-once delivery.

Sandbox

Fake registry, real flow.

Test passports, a mock registry, and simulated callers from day one. Nothing hits production until you flip the key.

04 Anatomy

The Voice Passport

Every agent presents a signed credential — issuer, model, purpose, policy — verified against the registry on each call. The signature is what makes a spoofed agent impossible to pass off as real.

passport.json
{
  "id": "vp_9f3a24c1",
  "agent": "agent_meridian_care_01",
  "issuer": "Meridian Bank",
  "purpose": "account_servicing",
  "alg": "ed25519",
  "status": "valid"
}

Ship it

Wrap your first call today.

Sandbox in minutes · Talk to an engineer, not a deck