Version 1.2.0 • Headless Telephony Reference
Talki Talki provides a bi-directional messaging API. Use the **Outbound API** to send texts and the **Inbound Webhooks** to receive real-time notifications when your numbers receive messages.
Security: All requests are signed and keys are hashed for your protection.
Authentication is handled via a Bearer Token in the Authorization header. Generate keys in the Developer tab of your dashboard.
# Header Format
Authorization: Bearer tt_sk_your_secret_key_here
Send an SMS from a number you own.
| Property | Type | Description |
|---|---|---|
| to | string | Recipient in E.164 (+1555...). |
| from | string | Your Talki Talki number. |
| body | string | Text content. |
To receive messages, provide a URL in your settings. We will POST a JSON object when a text arrives.
# Payload received by your server
{
"event": "sms.received",
"data": {
"from": "+15551234567",
"to": "+15559876543",
"body": "Hello! I saw your ad.",
"mediaUrl": null,
"createdAt": "2026-02-20T14:30:00Z"
}
}Talki Talki signs every webhook request. To ensure authenticity, verify the X-TT-Signature header in incoming requests using your Signing Secret.
// Node.js Verification Example
const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', YOUR_SIGNING_SECRET);
const signature = hmac.update(JSON.stringify(request.body)).digest('hex');
if (signature === request.headers['x-tt-signature']) {
// Request is authentic
}Developer support: api@pandacat.ca