Ingest Protocol Reference
This is the language-agnostic source of truth for the VoiceBot signed ingest protocol (v2) — the push-only contract every backend producer speaks to feed a tenant's catalog and content. The Laravel package, the WordPress plugin, and any custom Node/Python producer all implement exactly what's described here.
You do not need to read this end-to-end to integrate. The per-stack pages (and the shared signing/entity partials they inline) give you a working sync without leaving the page. Come here when you're implementing the protocol yourself or debugging the wire.
Mental model
A producer does three things, forever:
- Pair once — exchange a one-time pair code for a per-tenant HMAC shared secret. After this, every request is signed.
- Snapshot — stream the full catalog as gzipped NDJSON to establish a baseline
(
init→upload→finalize). - Deltas — push small signed
/eventsbatches as data changes, plus a periodic full snapshot to reconcile deletes.
Transport is HTTPS only, TLS 1.2+. JSON on the control endpoints; application/x-ndjson
(optionally gzipped) on the upload.
The contract in four parts
| Page | What it covers |
|---|---|
| Authentication & HMAC | Pairing, the shared secret, the string-to-sign, the required headers, replay protection. |
| Endpoints | The 7 endpoints, their auth, and idempotency semantics. |
| Entities | The 16 entity kinds, the envelope, and the payload rules (money, slugs, plain text). |
| Errors | The error shape, the status table, and why signed requests aren't blindly retried. |
Versioning
The protocol is at major version 2. The wire header X-VoiceBot-Protocol-Version carries the
integer major (2) on every request, including /pair; a mismatch is rejected with
426 Upgrade Required. Minor additions (new optional fields, new entity kinds) do not change the wire
integer — producers may send fields a backend hasn't learned yet, and they're ignored rather than
rejected.
Ground truth
This reference mirrors the running backend. When a detail here and the code disagree, the code wins —
the canonical sources are the ingest module's auth.py (signing), api.py (endpoints), and
parsers/entity_validators.py (entity payloads).
Next
- Authentication & HMAC — start here; everything else is signed.