Post-call webhooks sent with invalid signature headers

Resolved·Degraded performance

Post-call webhooks are fully operational.

Between 1:39 PM UTC and 07:29 PM UTC on July 10, some post-call webhooks (transcripts) using HMAC signatures were sent with invalid signature headers, due to a recent update. Post-call webhooks for transcripts that authenticated via OAuth2 and post-call webhooks for audio were unaffected.

We are implementing improved testing, telemetry, and monitoring to prevent recurrence and enhance response times.

Thu, Jul 10, 2025, 08:53 PM

(9 months ago)

·

Affected components

Jul 10, 2025, 01:39 PM

07:29 PM

Updates

Resolved

Post-call webhooks are fully operational.

Between 1:39 PM UTC and 07:29 PM UTC on July 10, some post-call webhooks (transcripts) using HMAC signatures were sent with invalid signature headers, due to a recent update. Post-call webhooks for transcripts that authenticated via OAuth2 and post-call webhooks for audio were unaffected.

We are implementing improved testing, telemetry, and monitoring to prevent recurrence and enhance response times.

Thu, Jul 10, 2025, 08:53 PM