Save your api_key immediately. Echo stores only a hashed version. If you lose it, you’ll need to generate a new one — it cannot be retrieved.
Pass the API key in the x-api-key header on every subsequent request:
-H "x-api-key: echo_6f437a610fbb..."
The business_summary and industry fields give your agents automatic context — Echo uses them to fill {{business_name}}, {{business_summary}}, and {{industry}} in your prompts automatically.
An Agent is a reusable voice persona. You define it once and trigger it for any customer at notification time.
curl -X POST https://api.meetecho.ai/api/v1/agents \ -H "x-api-key: echo_6f437a610fbb..." \ -H "Content-Type: application/json" \ -d '{ "name": "Appointment Reminder", "system_prompt": "You are a friendly assistant calling {{recipient_first_name}} on behalf of {{business_name}}. Start the call by saying: \"Hi, is this {{recipient_first_name}}? Great — I'\''m calling from {{business_name}} to confirm your appointment on {{appointment_time}} with {{doctor_name}}. Does that time still work for you?\" If they need to reschedule, collect a preferred time and end the call warmly. Do not discuss anything else.", "output_schema": { "type": "object", "required": ["confirmed"], "properties": { "confirmed": { "type": "boolean", "description": "Whether the patient confirmed the appointment" }, "reschedule_request": { "type": "string", "description": "Preferred reschedule time if they want to change it" } } } }'
Save the id — you’ll pass it as agent_id when triggering notifications.output_schema is optional. When provided, Echo extracts structured data from the call transcript and stores it in notification.call_result, then includes it in the webhook payload.
external_id is your own system’s identifier. Use it to look up customers without storing Echo’s UUIDs in your database. Phone numbers must be in E.164 format (+[country code][number]).
With an agent and customer in place, trigger the call. Pass your custom variables in variables to fill any {{placeholder}} tokens in the agent’s prompt.
Save the signing_secret from the response — use it to verify the X-Echo-Signature header on every delivery.Then verify the signature and process the payload on your server:
const crypto = require('crypto');app.post('/webhooks/echo', express.raw({ type: 'application/json' }), (req, res) => { const sig = crypto .createHmac('sha256', process.env.ECHO_SIGNING_SECRET) .update(req.body) // raw Buffer — not parsed JSON .digest('hex'); if (`sha256=${sig}` !== req.headers['x-echo-signature']) { return res.status(401).send('Invalid signature'); } const { event_name, data } = JSON.parse(req.body); if (event_name === 'call.summary') { console.log(data.analysis); // { confirmed: true, reschedule_request: null } } res.sendStatus(200);});
The data.analysis field contains the structured data extracted from the call using your agent’s output_schema.
