We are implementing click-to-dial from an external CRM using POST /api/v2/conversations/calls.
From a security audit perspective, does this endpoint enforce call recording automatically, or do we need to explicitly trigger the recording policy? If an agent places a call from outside the native GC interface, we cannot have unrecorded conversations for SOC2 compliance.
Wait, so if my agents call a customer directly using the phone number without going through a queue, the call might not be recorded?
I had no idea. How do I set it up so every single outbound call is recorded no matter what? I can’t afford to miss a recording.
From a callback perspective, this is critical.
If a customer requests a callback and the system dials them back via the API, ensure your callback flow routes through a queue even briefly. If the callback bypasses the queue entirely (direct agent-to-customer), and your recording policy is queue-scoped, that callback won’t be recorded. We caught this during our callback UX audit.
The recording policy is applied at the trunk/queue level, not at the API endpoint level.
Regardless of whether the call originates from the native UI, the Embeddable Framework, or a raw API POST, the recording engine evaluates the policy based on the queue and participants involved. However, if you use click-to-dial without routing through a queue (direct station-to-station), the recording policy may not trigger. That’s a gap worth exploring with voice biometrics use cases too.