Production checklist

Use this checklist before sending production traffic through FormantAI.

API and authentication

Store API keys in a server-side secret manager.
Rotate keys when team members leave or integrations are retired.
Use idempotency_key for call creation from retrying workers.
Log the returned trace_id for every initiated call.
Handle 4xx and 5xx errors explicitly instead of retrying every failure blindly.

Calls and campaigns

Validate phone numbers before submitting calls or CSV campaigns.
Confirm every prompt variable has a matching API parameter or CSV column.
Start with small batches before scaling campaign volume.
Monitor no-answer, busy, failed, and unreachable rates by agent and campaign.
Keep retry rules conservative so callers are not over-contacted.

Webhooks

Use HTTPS endpoints only.
Verify X-FormantAI-Signature before processing payloads.
Reject stale timestamps to reduce replay risk.
Deduplicate by event ID, conversation ID, or a stable delivery key in your system.
Return a 2xx response only after your backend has safely accepted the event.

Agent behavior

Test interruptions, silence, wrong numbers, angry callers, language changes, and tool failures.
Confirm the agent clearly discloses recording or AI usage if required by your policies or local law.
Define transfer or handoff rules for sensitive or high-risk conversations.
Keep knowledge base content current and remove outdated documents.

Observability

Capture trace_id, agent_id, conversation_id, customer record ID, and campaign ID in your logs.
Alert on webhook failure spikes, call failure spikes, and unusual latency.
Store recordings and transcripts according to your retention policy.
Give support teams a clear runbook for looking up failed calls.

Conversations API

Retrieve the call record, transcript, structured results, trace ID, and recording.

Errors and rate limits

Handle invalid requests, duplicate requests, concurrent limits, and retryable failures.