Eedesy
Book Demo
HomeProductsContact
Guide

How to Set Up Call Masking - Step by Step Guide

Step-by-step guide to setting up call masking for your business. From choosing a provider to going live with API integration.

Get Started
View All Guides

Trusted by businesses across India

ShopifyAmazonStripeSlackNotionVercel

What is call masking and why do you need it

Call masking (also called number masking, privacy calling, or anonymous calling) is a service that sits between two parties on a phone call and shows them a virtual number instead of each other's real number. Neither party sees the other's actual phone number — both see the masked number as caller ID.

The most common setup pattern is click-to-call bridging: your application calls a masking API with two phone numbers. The API dials Party A first, and when they answer, it dials Party B and bridges both legs. Both parties talk normally, but both see the masked virtual number as caller ID. When the call ends, the connection is severed.

Teams set this up for one of three reasons:

  • User privacy — marketplaces, classifieds, ride-hailing, food delivery, real estate, and dating platforms need buyer-seller or driver-rider calls without exposing personal mobile numbers.
  • Agent privacy / spam reduction — sales reps, support agents, recruiters, and field staff need to call leads or customers without leaking their personal mobile numbers.
  • Call tracking and compliance — every masked call routes through your provider, which means you can log it, record it, and tie it to a record in your CRM. That's hard to do when agents use their own SIMs.

This guide walks you through choosing a provider, integrating the API, going live, and handling the operational details — webhooks, error codes, recording retention, and compliance.

The full setup, in 7 steps

From signup to first masked call in production

1

Choose a provider

Evaluate India-focused providers (Edesy, Exotel, Knowlarity, MSG91, Plivo, Twilio India) on price, billing currency, GST handling, contract terms, integration ergonomics, and compliance posture.

2

Sign up and fund a wallet

Create an account. With a prepaid provider like Edesy, fund a wallet via Razorpay (minimum Rs 10). With contract-based providers, sign a service agreement and wait for onboarding.

3

Generate an API key

In the portal, create an API key tied to your organization. Store it as an environment variable in your application — never commit keys to git.

4

Build the API call

From your application server, POST two phone numbers to the masking endpoint. Get back a call_sid. The system dials Party A first, then bridges Party B on answer.

5
5

Set up webhooks

Configure a webhook URL in the portal. The provider POSTs JSON events (call.initiated, call.answered, call.completed, recording.ready) to your endpoint. Verify HMAC signatures before processing.

6
6

Handle errors gracefully

Watch for insufficient_balance, invalid_numbers, and rate_limited errors. Use status polling or webhook events to track outcomes (completed, failed, no-answer). Retry where appropriate.

7
7

Monitor and tune

Track success rate (answered vs no-answer vs failed), call duration distribution, and cost per call. Review recordings periodically for quality. Iterate on retry logic and call flow.

Choosing a provider

The decision usually comes down to four factors: pricing model, geographic focus, integration ergonomics, and compliance fit.

Pricing models you'll encounter

  • Prepaid / pay-as-you-go — fund a wallet, pay per minute, stop anytime. No setup fees, no monthly commitments. Best for variable usage and teams that want to evaluate before committing. Edesy is in this category at Rs 1.50/min.
  • Postpaid contract — monthly platform fee plus per-minute charges, often with annual commitment. Common with Exotel, Knowlarity, and similar India cloud telephony providers. Best when you have predictable high volume and want a dedicated account manager.
  • USD billing (Twilio, Plivo) — global providers that bill in USD. Works fine technically but adds FX risk, complicates GST Input Tax Credit, and effective per-minute cost in INR usually exceeds India-native providers after carrier surcharges and per-number monthly fees.

Geographic focus

If your call volume is India-only, an India-native provider (Edesy, Exotel, Knowlarity, MSG91) almost always wins on cost and tax simplicity. If you need international masking, global providers (Twilio, Plivo) are necessary. Many teams run hybrid: India provider for India traffic, global provider for the rest.

Integration ergonomics

Look for:

  • A clean REST API with JSON requests and responses
  • Webhook events for call lifecycle (not just polling)
  • HMAC-signed webhook payloads for security
  • Indian DID provisioning included in the rate (no per-number monthly fees)
  • Recording included or available as a clear add-on
  • Self-serve sandbox or low minimum top-up so you can evaluate without commitment

Compliance fit

If you're in healthcare (HIPAA-equivalent), banking/lending (RBI/SEBI), telecom-regulated communication (TRAI), or payment processing (PCI-DSS), the provider needs to support the control plane you need: encryption at rest and in transit, configurable retention, access logs, tamper-evident audit trails, and BAA-style data processing agreements where applicable. Verify these before signing — retrofitting compliance after going live is expensive.

API integration walkthrough

With Edesy as the example provider, the integration is three API calls plus webhook handling. Full code examples for the initiate-call endpoint in cURL, Node.js, and Python live on the API reference page.

Step 1 — Initiate a call

POST two 10-digit Indian mobile numbers to /v1/masking/calls with a Bearer token in the Authorization header. Body: { "party_a": "9876543210", "party_b": "9123456789" }. The response returns immediately with a call_sid and the masked number that will be shown to both parties.

Step 2 — Track call status

You have two options:

  • Webhook events (recommended) — subscribe to call.initiated, call.ringing, call.answered, call.bridged, call.completed, call.failed, call.no-answer, and recording.ready. The provider POSTs JSON to your endpoint at each transition. No polling, no rate-limit consumption, lowest latency to know the outcome.
  • Status polling — GET /v1/masking/calls/{call_sid} every 2-3 seconds until status reaches a terminal state. Simpler to implement but consumes API rate-limit budget and adds latency. Use only if your stack can't accept inbound webhooks.

Step 3 — Fetch the recording (optional)

When recording.ready fires, the webhook payload includes a recording_url. Alternatively, GET /v1/masking/calls/{call_sid}/recording to retrieve a signed URL valid for 1 hour. Store the recording reference against your call/order record for audit and dispute resolution.

Webhook verification

Every webhook POST includes an X-Edesy-Signature header with an HMAC SHA-256 signature of the request body, signed with your webhook secret. Verify this on every event before processing — otherwise an attacker who knows your webhook URL can spoof events. Reject any request that fails verification with HTTP 401.

Error handling at a glance

Status Code What to do
400 invalid_numbers Validate Indian mobile format and de-dupe Party A vs Party B before calling the API
401 unauthorized Rotate the API key and update the env var
402 insufficient_balance Top up the wallet; consider implementing a low-balance alert at Rs 50
404 not_found The call_sid doesn't exist or recording isn't ready yet — re-check after a delay
429 rate_limited Back off with exponential delay; consider raising the limit on Enterprise

Common setup pitfalls to avoid

Mistakes we've seen teams make on their first masking integration

Polling instead of webhooks

Polling every 2 seconds for 100 concurrent calls = 50 req/sec. You'll hit the rate limit fast. Use webhook events for state transitions; reserve polling for one-off lookups.

Not verifying webhook signatures

Without HMAC verification, anyone who knows your webhook URL can spoof events and cause downstream chaos. Verify the signature on every event before processing.

Hard-coding the API key

Use environment variables. Rotate periodically. Store secrets in a vault (AWS Secrets Manager, HashiCorp Vault, 1Password) — never commit to git, even in private repos.

Skipping the wallet low-balance alert

Insufficient balance silently blocks new calls. Subscribe to wallet alerts and surface them in your ops dashboard — not just the provider's portal.

Recording retention without policy

Call recordings have privacy implications. Define a retention policy (30 days? 90 days? regulator-required minimum?) before going live. Set it programmatically per call where supported.

No rollback path

Before cutting over from a previous provider, document the rollback: how do you flip traffic back if the new provider has an outage? Practice it. Keep both accounts live for at least 30 days.

Forgetting GSTIN at top-up

If you forget to add your GSTIN at the first Razorpay top-up, the invoice is issued without it and you lose Input Tax Credit on that top-up. Update GSTIN in the portal before the first top-up.

Ignoring 'no-answer' as a state

If you treat 'no-answer' as a failure and retry immediately, you'll harass users with rapid-fire calls. Build backoff: 5 mins, 30 mins, 4 hours, give up. Match retry policy to use case.

Going live: pre-launch checklist

Before flipping production traffic to the masking flow, walk through this list:

  1. End-to-end test on real numbers — call yourself and a colleague. Verify both see the masked number as caller ID. Verify the recording is fetchable. Verify the webhook fires.
  2. Load test against rate limits — if you expect 50 calls/min, simulate 100. Confirm you don't hit 429 errors under realistic load.
  3. Wallet headroom — fund the wallet to cover at least 7 days of expected usage. Set up auto-recharge or a low-balance alert at Rs 500 or Rs 1,000.
  4. Webhook idempotency — providers retry failed deliveries. If you process the same call.completed event twice, does anything break? Make handlers idempotent.
  5. Recording access controls — recordings contain PII. Only authorized users in your team should be able to download them. Audit access logs.
  6. Compliance sign-off — if you're in a regulated industry, get internal compliance or legal sign-off on the masking provider's data handling.
  7. Runbook for ops — document common failure modes (insufficient balance, webhook outage on your side, provider outage) and how on-call should respond.

Cost and ROI math

Most teams underestimate masking ROI because they only count direct cost (per-minute charges). The real ROI is in three buckets:

  • Reduced spam / fraud losses — exposed phone numbers leak to scrapers and end up in spam lists. Masking eliminates this. For a marketplace with 100k user calls/month, even 0.1% fraud reduction is large.
  • Higher trust → higher conversion — users complete more buy-sell, driver-rider, doctor-patient interactions when they know their number won't leak. Conversion lift is often 5-15% on listings with masking enabled.
  • Operational visibility — every call is tracked. Disputes get resolved with the recording. Sales/support QA gets real data. The value of "we can audit every customer-facing call" is significant for regulated teams.

A quick calculator: at Rs 1.50/min and an average 90-second call, each masked interaction costs Rs 3 (2 minutes minimum). 10,000 interactions/month = Rs 30,000 + GST. If even 1% of those interactions get "saved" (would have failed without masking) at an average lifetime value of Rs 500, that's Rs 50,000 of recovered revenue — a clean 1.7x ROI on the masking spend alone, ignoring the harder-to-quantify trust and compliance benefits.

When to build vs buy the integration

If your team has 1-2 backend engineers comfortable with REST APIs and webhooks, building the integration takes 2-5 days. Time-to-live is fast and you own the code.

If you're a non-technical founder, an ops lead, or your engineering team is already over-allocated, a done-for-you setup makes sense. Edesy's Number Masking Setup service starts at Rs 14,999 (Starter, 3-5 days) and goes up to Rs 79,999 (Professional, 1-2 weeks) with CRM integration, custom IVR, and compliance setup. The full list of setup packages and add-ons is here.

Either way: the per-minute usage at Rs 1.50/min is the same — the setup service is a one-time cost for getting it integrated correctly.

Key Questions Answered

Explore Number Masking

Discover solutions, integrations, and resources

Use cases for every industry

MarketplacesFood DeliveryRide HailingAll Solutions

Simple Per-Minute Pricing

No monthly fees. No hidden charges. Get started instantly on our self-serve portal.

Most Popular
Pay As You Go
₹1.50/ min
Simple per-minute pricing for all businesses
  • Two-way masking
  • Call recording
  • Real-time analytics
  • API access
  • Webhook events
  • Self-serve portal
  • Email & chat support
Get Started
Enterprise
Custom
For high volume and custom requirements
  • Everything in Pay As You Go
  • Dedicated numbers
  • Custom SLA
  • Dedicated account manager
  • On-premise option
  • Custom integrations
  • Volume discounts
Contact Sales

Ready to Protect User Privacy?

Get started on our self-serve portal. No sales call required. Rs 1.50 per minute.

Go to PortalContact Sales

Stay Updated

Get the latest updates on AI voice technology, product releases, and exclusive resources.

Get Started

Try our products for free
AI Voice Agent
Build voice AI for calls
WhatsApp AI Bot
Automate WhatsApp chats
Website Chatbot
AI chat for websites
Edesy CRM
Manage leads & customers
Book a DemoCall UsEmail Us
Eedesy

Your all-in-one platform for digital innovation. We build AI-powered solutions that transform how businesses operate.

[email protected]+91 95475 31359

Products

  • AI Voice Assistant
  • WhatsApp Voice AI
  • WhatsApp Bot Builder
  • AI Website Chatbot
  • AI-SDR
  • Number Masking
  • Shopify Apps
  • View All Products

Solutions

  • For E-commerce
  • For Healthcare
  • For Real Estate
  • For Restaurants
  • For Appointments
  • View All Use Cases

Services

  • AI Chatbot Development
  • Voice AI Development
  • Shopify Development
  • SaaS Development
  • WhatsApp API Integration
  • View All Services

Resources

  • Documentation
  • Voice Agent Docs
  • API Reference
  • Number Masking API Docs
  • Blog
  • Changelog
  • Book a Demo

Company

  • About Us
  • Contact
  • Careers
  • Privacy Policy
  • Terms of Service

Products

  • AI Voice Assistant
  • WhatsApp Voice AI
  • WhatsApp Bot Builder
  • AI Website Chatbot
  • AI-SDR
  • Number Masking
  • Shopify Apps
  • View All Products

Solutions

  • For E-commerce
  • For Healthcare
  • For Real Estate
  • For Restaurants
  • For Appointments
  • View All Use Cases

Services

  • AI Chatbot Development
  • Voice AI Development
  • Shopify Development
  • SaaS Development
  • WhatsApp API Integration
  • View All Services

Resources

  • Documentation
  • Voice Agent Docs
  • API Reference
  • Number Masking API Docs
  • Blog
  • Changelog
  • Book a Demo

Company

  • About Us
  • Contact
  • Careers
  • Privacy Policy
  • Terms of Service
  • AI Voice Assistant
  • WhatsApp Voice AI
  • WhatsApp Bot Builder
  • AI Website Chatbot
  • AI-SDR
  • Number Masking
  • Shopify Apps
  • View All Products
  • For E-commerce
  • For Healthcare
  • For Real Estate
  • For Restaurants
  • For Appointments
  • View All Use Cases
  • AI Chatbot Development
  • Voice AI Development
  • Shopify Development
  • SaaS Development
  • WhatsApp API Integration
  • View All Services
  • Documentation
  • Voice Agent Docs
  • API Reference
  • Number Masking API Docs
  • Blog
  • Changelog
  • Book a Demo
  • About Us
  • Contact
  • Careers
  • Privacy Policy
  • Terms of Service

Popular Free Tools

Compress PDFMerge PDFPDF to WordGST CalculatorEMI CalculatorSIP CalculatorJSON FormatterBase64 EncoderImage CompressorQR Code GeneratorVoice AI ROI CalculatorAmazon FBA CalculatorAI Email WriterVideo to GIFPrivacy Policy GeneratorCRM ROI CalculatorMeeting Cost Calculator
Categories:PDF ToolsDeveloper ToolsFinance CalculatorsImage ToolsVideo ToolsAI Writing ToolsAudio ToolsWhatsApp ToolsDocument GeneratorsVoice AI ToolsE-commerce ToolsView All Tools

© 2026 Edesy Technology Labs Pvt Ltd

SSL Secured
99.9% Uptime