software

How to Deploy an AI Voice Agent for Customer Support Using VAPI

Published: (December 4, 2025 at 03:45 AM EST)
4 min read
Source: Dev.to

Source: Dev.to

TL;DR

Most voice agents break when customers interrupt mid‑sentence or when call volume spikes. This guide shows how to build a production‑grade AI voice agent that handles both, using VAPI’s native voice infrastructure and Twilio’s carrier‑grade telephony. Expect sub‑500 ms response times, proper barge‑in handling, and automatic failover when APIs timeout.

Stack

  • VAPI – voice AI
  • Twilio – phone routing
  • Webhook server – business‑logic integration

API Access & Authentication

  • VAPI API key – obtain from dashboard.vapi.ai
  • Twilio Account SID and Auth Token – from console.twilio.com
  • Twilio phone number with voice capabilities enabled
  • OpenAI API key – for GPT‑4 model access

Development Environment

  • Node.js 18+ or Python 3.9+
  • ngrok (or similar tunneling tool) for webhook testing
  • Git for version control

Technical Requirements

  • Public HTTPS endpoint for webhook handlers (production)
  • SSL certificate (Let’s Encrypt works)
  • Server with ≥ 512 MB RAM (1 GB recommended)
  • Stable internet connection (≥ 10 Mbps upload for real‑time audio)

Knowledge Assumptions

  • REST API integration experience
  • Webhook event handling patterns
  • Basic understanding of voice protocols (SIP, WebRTC)
  • JSON configuration management

Cost Awareness

ServiceApprox. Cost
VAPI (model + voice synthesis)$0.05 – $0.10 per minute
Twilio (voice minutes)$0.0085 per minute
Twilio phone number$1 / month

Architecture Overview

flowchart LR
    A[Customer Calls] --> B[Twilio Number]
    B --> C[VAPI Assistant]
    C --> D[Your Webhook Server]
    D --> E[CRM/Database]
    E --> D
    D --> C
    C --> B
    B --> A

Twilio handles telephony routing; VAPI handles voice AI. Your server bridges them via webhooks. Keep these responsibilities separate to avoid phantom‑audio issues.

Assistant Configuration

const assistantConfig = {
  name: "Support Agent",
  model: {
    provider: "openai",
    model: "gpt-4",
    temperature: 0.7,
    systemPrompt: "You are a customer support agent. Extract: customer name, issue type, account number. If caller interrupts, acknowledge immediately and adjust."
  },
  voice: {
    provider: "11labs",
    voiceId: "21m00Tcm4TlvDq8ikWAM",
    stability: 0.5,
    similarityBoost: 0.75
  },
  transcriber: {
    provider: "deepgram",
    model: "nova-2",
    language: "en",
    endpointing: 255 // ms silence before considering speech ended
  },
  recordingEnabled: true,
  serverUrl: process.env.WEBHOOK_URL,
  serverUrlSecret: process.env.WEBHOOK_SECRET
};

Tip: endpointing = 255 ms is aggressive and works well for fast support interactions. Increase to 400 ms if you encounter false interruptions on jittery mobile networks.

Webhook Server (Node.js + Express)

const express = require('express');
const crypto = require('crypto');
const app = express();

app.use(express.json());

// Validate webhook signatures – production requirement
function validateSignature(req) {
  const signature = req.headers['x-vapi-signature'];
  const payload = JSON.stringify(req.body);
  const hash = crypto
    .createHmac('sha256', process.env.WEBHOOK_SECRET)
    .update(payload)
    .digest('hex');
  return signature === hash;
}

app.post('/webhook/vapi', async (req, res) => {
  if (!validateSignature(req)) {
    return res.status(401).json({ error: 'Invalid signature' });
  }

  const { message } = req.body;

  try {
    switch (message.type) {
      case 'function-call':
        // Example: fetch customer data from CRM
        const customerData = await fetchCustomerData(message.functionCall.parameters.accountNumber);
        res.json({ result: customerData });
        break;

      case 'end-of-call-report':
        // Log call metrics
        await logCallMetrics({
          callId: message.call.id,
          duration: message.call.endedAt - message.call.startedAt,
          cost: message.call.cost,
          transcript: message.transcript
        });
        res.sendStatus(200);
        break;

      case 'speech-update':
        // Real‑time transcript for live‑agent handoff
        if (message.status === 'in-progress') {
          await updateLiveTranscript(message.call.id, message.transcript);
        }
        res.sendStatus(200);
        break;

      default:
        res.sendStatus(200);
    }
  } catch (error) {
    console.error('Webhook error:', error);
    res.status(500).json({ error: 'Processing failed' });
  }
});

app.listen(3000);

Important: VAPI expects a response within 5 seconds. For slow external calls, reply immediately with res.sendStatus(202) and process the work asynchronously, sending results later via the VAPI API.

Connecting Twilio to VAPI

  1. In the VAPI dashboard, locate your assistant’s phone settings.
  2. In Twilio Console → Phone NumbersBuy NumberConfigure Webhook.
  3. Set the inbound webhook URL to the VAPI assistant’s phone endpoint (provided in the VAPI dashboard).

For outbound calls, trigger them programmatically when a support ticket is created or escalated.

Monitoring Metrics (first 100 calls)

MetricTarget
Interruption accuracy> 95 %
False barge‑ins 92 %
Transcription accuracy (noisy)> 85 %

If interruption accuracy falls below 90 %, increase endpointing to 300 ms and reduce voice stability to 0.4 for a quicker cutoff.

Audio Processing Pipeline

graph LR
    A[Microphone] --> B[Audio Buffer]
    B --> C[Voice Activity Detection]
    C -->|Speech Detected| D[Speech-to-Text]
    C -->|No Speech| E[Error: Silence]
    D --> F[Intent Detection]
    F --> G[Response Generation]
    G --> H[Text-to-Speech]
    H --> I[Speaker]
    D -->|Error: Unrecognized Speech| J[Error Handling]
    J --> F
    F -->|Error: No Intent| K[Fallback Response]
    K --> G

Local Testing with ngrok

# Start ngrok tunnel (run in terminal)
ngrok http 3000

Example curl test (Node.js snippet)

const crypto = require('crypto');
const fetch = require('node-fetch');

const testPayload = {
  message: {
    type: "function-call",
    functionCall: {
      name: "getCustomerData",
      parameters: { customerId: "test-123" }
    }
  }
};

const hash = crypto
  .createHmac('sha256', process.env.VAPI_SERVER_SECRET)
  .update(JSON.stringify(testPayload))
  .digest('hex');

fetch('https://your-ngrok-url.ngrok.io/webhook/vapi', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'x-vapi-signature': hash
  },
  body: JSON.stringify(testPayload)
})
  .then(res => res.json())
  .then(data => console.log('Webhook response:', data))
  .catch(err => console.error('Webhook failed:', err));

Note: Free‑tier ngrok URLs expire after 2 hours. Update the serverUrl in the VAPI dashboard after each restart to avoid 404 errors.

Signature Validation

The validateSignature function compares the HMAC‑SHA256 hash of the request payload against the x-vapi-signature header. Mismatched signatures result in a 401 response, preventing replay attacks and unauthorized triggering of expensive API calls.

Customer calls → Twilio → VAPI → Your webhook → CRM/Database → (loop) → VAPI → Twilio → Customer.

Back to Blog

Related posts

Read more »

Fitness Copilot - 🎃 Kiroween 2025

Inspiration What if you could snap a photo of your meal or workout and get instant, context‑aware feedback? Not just “that’s 500 calories” but “you’ve got 600...