Docs / CallRail setup · 9 min
CallRail setup
Score every inbound call and auto-flag fraud numbers so CallRail challenges them next time.
What CallRail can and cannot do
CallRail's pre-call webhook fires the moment an inbound call arrives, but CallRail webhooks are one-way: CallRail does not read the webhook response, so no integration can block or reroute the call that is already ringing.
The honest CallerSift pattern on CallRail is score, tag, and protect the next call: every caller is screened and logged, and a blocked verdict marks the number as spam in CallRail via their API, which makes CallRail challenge that caller on every future call. The first call from a brand-new fraud number connects; every one after it does not get through clean.
How the relay works
CallRail posts a fixed JSON payload (the caller is customer_phone_number) and cannot customize the body, so the integration runs through a small relay you host: any serverless function works. It receives the webhook, asks CallerSift for the verdict, and on block marks the call as spam through CallRail's API.
relay function
// Any Node serverless function (Vercel, Netlify, Lambda, ...).
// CallRail webhook in, CallerSift verdict, spam flag back to CallRail.
export default async function handler(req, res) {
const call = req.body; // CallRail call payload
const lookup = await fetch("https://api.callersift.com/v1/your-workspace", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-Api-Key": process.env.CALLERSIFT_KEY,
},
body: JSON.stringify({ caller_number: call.customer_phone_number }),
});
const { verdict } = await lookup.json().catch(() => ({ verdict: "allow" }));
if (verdict === "block" && call.id) {
// Marks the number as spam: CallRail challenges it on future calls.
// Authenticate with your CallRail API v3 key (see their API docs).
await fetch(
`https://api.callrail.com/v3/a/${process.env.CALLRAIL_ACCOUNT}/calls/${call.id}.json`,
{
method: "PUT",
headers: {
"Content-Type": "application/json",
Authorization: `Token token="${process.env.CALLRAIL_KEY}"`,
},
body: JSON.stringify({ spam: true, append_tags: ["callersift-block"] }),
},
);
}
res.status(200).end();
}Attach the relay to the post-call webhook if you prefer: the spam flag only protects future calls either way, and the post-call payload always carries the full call record. Marking spam is irreversible through CallRail's API, so keep the block verdicts you act on reviewable in your CallerSift lookup log.
Set up the webhook in CallRail
- Deploy the relay above and note its URL.
- In CallRail, open the Integrations page, select the Webhooks tile, paste your relay URL into the event you chose, and save.
- Place a test call to a tracking number; the lookup lands in your CallerSift dashboard within seconds.
Also worth turning on in CallRail
- Blocked numbers: manually block or challenge numbers, exchanges, or area codes.
- CallRail's built-in spam prevention: the robodialer challenge database and soft-blocking complement CallerSift's line-type verdicts.
CallRail meters and bills API usage in monthly tiers; the spam-flag call the relay makes per blocked verdict counts toward it.
Official CallRail docs
- Webhooks: event types, setup path, and payload signing.
- API reference: the calls endpoint with the spam flag, and webhook configuration.
- Block calls: the Blocked numbers screen.
- How CallRail prevents spam: the native defenses this integration builds on.