telnyx-voice-curl
Enables programmatic call control with Telnyx API using curl for making, receiving, and managing calls in real-time.
Install this skill
Security score
The telnyx-voice-curl skill was audited on May 13, 2026 and we found 46 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 328 | curl -H "Authorization: Bearer $TELNYX_API_KEY" "https://api.telnyx.com/v2/calls/v3:550e8400-e29b-41d4-a716-446655440000_gRU1OGRkYQ" |
Curl to non-GitHub URL
| 351 | curl -H "Authorization: Bearer $TELNYX_API_KEY" "https://api.telnyx.com/v2/connections/1293384261075731461/active_calls" |
Curl to non-GitHub URL
| 379 | curl -H "Authorization: Bearer $TELNYX_API_KEY" "https://api.telnyx.com/v2/call_control_applications?sort=connection_name" |
Webhook reference - potential data exfiltration
| 5 | stream audio. Real-time call events via webhooks. |
Webhook reference - potential data exfiltration
| 61 | - Call Control is event-driven. After `dial()` or an inbound webhook, issue follow-up commands from webhook handlers using the `call_control_id` in the event payload. |
Webhook reference - potential data exfiltration
| 62 | - Outbound and inbound flows are different: outbound calls start with `dial()`, while inbound calls must be answered from the incoming webhook before other commands run. |
Webhook reference - potential data exfiltration
| 63 | - A publicly reachable webhook endpoint is required for real call control. Without it, calls may connect but your application cannot drive the live call state. |
Webhook reference - potential data exfiltration
| 67 | Do not invent Telnyx parameters, enums, response fields, or webhook fields. |
Webhook reference - potential data exfiltration
| 71 | - Before reading or matching webhook fields beyond the inline examples, read [the webhook payload reference](references/api-details.md#webhook-payload-fields). |
Webhook reference - potential data exfiltration
| 88 | | `client_state` | string | No | Use this field to add state to every subsequent webhook. | |
Webhook reference - potential data exfiltration
| 122 | | `client_state` | string | No | Use this field to add state to every subsequent webhook. | |
Webhook reference - potential data exfiltration
| 123 | | `webhook_url` | string (URL) | No | Use this field to override the URL for which Telnyx will sen... | |
Webhook reference - potential data exfiltration
| 140 | Common post-answer control path with downstream webhook implications. |
Webhook reference - potential data exfiltration
| 149 | | `client_state` | string | No | Use this field to add state to every subsequent webhook. | |
Webhook reference - potential data exfiltration
| 150 | | `webhook_url` | string (URL) | No | Use this field to override the URL for which Telnyx will sen... | |
Webhook reference - potential data exfiltration
| 169 | ### Webhook Verification |
Webhook reference - potential data exfiltration
| 171 | Telnyx signs webhooks with Ed25519. Each request includes `telnyx-signature-ed25519` |
Webhook reference - potential data exfiltration
| 175 | # Telnyx signs webhooks with Ed25519 (asymmetric — NOT HMAC/Standard Webhooks). |
Webhook reference - potential data exfiltration
| 176 | # Headers sent with each webhook: |
Webhook reference - potential data exfiltration
| 181 | # Use the Telnyx SDK in your language for verification (client.webhooks.unwrap). |
Webhook reference - potential data exfiltration
| 186 | ## Webhooks |
Webhook reference - potential data exfiltration
| 188 | These webhook payload fields are inline because they are part of the primary integration path. |
Webhook reference - potential data exfiltration
| 200 | | `data.payload.call_leg_id` | string | ID that is unique to the call and can be used to correlate webhook events. | |
Webhook reference - potential data exfiltration
| 201 | | `data.payload.call_session_id` | string | ID that is unique to the call session and can be used to correlate webhook ev... | |
Webhook reference - potential data exfiltration
| 213 | | `data.payload.call_leg_id` | string | ID that is unique to the call and can be used to correlate webhook events. | |
Webhook reference - potential data exfiltration
| 214 | | `data.payload.call_session_id` | string | ID that is unique to the call session and can be used to correlate webhook ev... | |
Webhook reference - potential data exfiltration
| 229 | If you need webhook fields that are not listed inline here, read [the webhook payload reference](references/api-details.md#webhook-payload-fields) before writing the handler. |
Webhook reference - potential data exfiltration
| 239 | End a live call from your webhook-driven control flow. |
Webhook reference - potential data exfiltration
| 246 | | `client_state` | string | No | Use this field to add state to every subsequent webhook. | |
Webhook reference - potential data exfiltration
| 271 | | `client_state` | string | No | Use this field to add state to every subsequent webhook. | |
Webhook reference - potential data exfiltration
| 300 | | `client_state` | string | No | Use this field to add state to every subsequent webhook. | |
Webhook reference - potential data exfiltration
| 398 | Use the core tasks above first. The operations below are indexed here with exact SDK methods and required params; use [references/api-details.md](references/api-details.md) for full optional params, r |
Webhook reference - potential data exfiltration
| 403 | | Create a call control application | HTTP only | `POST /call_control_applications` | Create or provision an additional resource when the core tasks do not cover this flow. | `application_name`, `webh |
Webhook reference - potential data exfiltration
| 405 | | Update a call control application | HTTP only | `PATCH /call_control_applications/{id}` | Modify an existing resource without recreating it. | `application_name`, `webhook_event_url`, `id` | |
Webhook reference - potential data exfiltration
| 410 | ### Other Webhook Events |
Webhook reference - potential data exfiltration
| 418 | For exhaustive optional parameters, full response schemas, and complete webhook payloads, see [references/api-details.md](references/api-details.md). |
External URL reference
| 47 | "https://api.telnyx.com/v2/calls" |
External URL reference
| 101 | "https://api.telnyx.com/v2/calls" |
External URL reference
| 131 | "https://api.telnyx.com/v2/calls/v3:550e8400-e29b-41d4-a716-446655440000_gRU1OGRkYQ/actions/answer" |
External URL reference
| 161 | "https://api.telnyx.com/v2/calls/v3:550e8400-e29b-41d4-a716-446655440000_gRU1OGRkYQ/actions/transfer" |
External URL reference
| 255 | "https://api.telnyx.com/v2/calls/v3:550e8400-e29b-41d4-a716-446655440000_gRU1OGRkYQ/actions/hangup" |
External URL reference
| 284 | "https://api.telnyx.com/v2/calls/v3:550e8400-e29b-41d4-a716-446655440000_gRU1OGRkYQ/actions/bridge" |
External URL reference
| 311 | "https://api.telnyx.com/v2/calls/v3:550e8400-e29b-41d4-a716-446655440000_gRU1OGRkYQ/actions/reject" |
External URL reference
| 328 | curl -H "Authorization: Bearer $TELNYX_API_KEY" "https://api.telnyx.com/v2/calls/v3:550e8400-e29b-41d4-a716-446655440000_gRU1OGRkYQ" |
External URL reference
| 351 | curl -H "Authorization: Bearer $TELNYX_API_KEY" "https://api.telnyx.com/v2/connections/1293384261075731461/active_calls" |
External URL reference
| 379 | curl -H "Authorization: Bearer $TELNYX_API_KEY" "https://api.telnyx.com/v2/call_control_applications?sort=connection_name" |