Home / Developers
Developers
Trust, in three API calls.
Wrap your existing voice stack — no rip-and-replace. Verify the agent, capture consent, pull the audit log. Everything else is a webhook.
01 Quickstart
The whole handshake, one call.
A single verify() establishes identity, fires AI disclosure, records consent, arms human escalation, and opens the audit log. It returns a trust decision your app can branch on.
- 1. Install the SDK and set
NAC_KEY. - 2. Call
verify()when the call connects. - 3. Branch on
session.trust.verified.
// npm i @noaicalls/sdk import { NoAICalls } from "@noaicalls/sdk"; const nac = new NoAICalls(process.env.NAC_KEY); const session = await nac.calls.verify({ agentId: "agent_meridian_care_01", disclose: true, consent: ["recording"], escalation: "on_request", }); if (!session.trust.verified) hangUp(); session.trust; // { verified: true, latencyMs: 118, // passport: "vp_9f3a24c1", // audit: "log_7c21" }
02 API reference
Three endpoints cover the protocol.
POST /v1/verify
Checks the agent's Voice Passport against the registry, fires disclosure, opens an audit session. Returns a trust decision in under 200 ms.
POST /v1/consent
Captures the caller's recording and AI-interaction consent, timestamped and written to the immutable ledger. Revocable via the same endpoint.
GET /v1/audit/:id
Returns the hash-chained event record for a session — disclosure, consent, policy checks, escalation — exportable as signed JSON.
03 SDKs & webhooks
Typed, retried, boring.
First-class libraries for Node, Python, and Go — idempotency keys, automatic retries, and full type coverage. Community-maintained Ruby and PHP.
Events, not polling.
Subscribe to consent.granted, consent.revoked, escalation.requested, and trust.scored. Signed payloads, at-least-once delivery.
Fake registry, real flow.
Test passports, a mock registry, and simulated callers from day one. Nothing hits production until you flip the key.
04 Anatomy
The Voice Passport
Every agent presents a signed credential — issuer, model, purpose, policy — verified against the registry on each call. The signature is what makes a spoofed agent impossible to pass off as real.
{
"id": "vp_9f3a24c1",
"agent": "agent_meridian_care_01",
"issuer": "Meridian Bank",
"purpose": "account_servicing",
"alg": "ed25519",
"status": "valid"
}
Ship it
Wrap your first call today.
Sandbox in minutes · Talk to an engineer, not a deck