Receive and Place Calls
Configure your firewall, set up authentication, and verify your phone number assignment to start sending and receiving calls.
In this section, we will learn how to configure a SIP trunk to receive and to place calls. To be able to do this, we need to have:
- a rented phone number that is assigned to a trunk group,
- an endpoint, a trunk group, and a trunk configured in the portal.
How Calls Flow
CarrierX uses two types of endpoints in this setup, and they serve different roles in the call flow:
- System Gateway - represents CarrierX SIP infrastructure (IP addresses used to send and receive SIP traffic)
- Third-party endpoint - represents your external SIP application or PBX
These endpoints work together as follows:
Inbound Calls (Receiving Calls)
When someone calls your phone number:
- The call reaches the CarrierX network via the PSTN
- The phone number (DID) is matched to a trunk group
- The trunk group routes the call to your third-party endpoint
- CarrierX sends the SIP request from the System Gateway IP addresses to your system
This is why your firewall must allow traffic from the System Gateway.
Outbound Calls (Placing Calls)
When your system places a call:
- Your SIP application sends a request using your third-party endpoint credentials
- The request is sent to the System Gateway IP addresses
- CarrierX routes the call through the trunk group
- The call is delivered to the destination via the PSTN
Configure Your Firewall to Accept Calls
To enable call traffic between your network and CarrierX, you will first need to set up your firewall to accept traffic from the CarrierX switch IP addresses listed in your System Gateway endpoint.
A System Gateway is a system-generated endpoint that is automatically created for each account.
To do this, navigate to CONFIGURE > Endpoints and select the System Gateway endpoint.
In the Endpoint Details window, locate the Endpoint Addresses field. Configure your firewall to allow SIP signaling from these IP addresses.
Set Up Authentication to Place Calls
Return to CONFIGURE > Endpoints, click the third-party endpoint we configured earlier. You'll be using it for outbound calls.
CarrierX supports three methods for authenticating outbound calls from your endpoint:
- IP-Based Authentication
- Proxy Authentication
- Header-Based Authentication
IP-Based Authentication
IP-based authentication uses the unique combination of IP address and port for authentication. It is the simplest method and does not require any additional credentials.
Proxy Authentication (Standard Method)
When placing calls, use your third-party Endpoint SID as the username, and the VoIP Token as the password for proxy authentication.
These values are displayed in the Endpoint Details window. Send SIP requests to the System Gateway IP addresses using these credentials.
Header-Based Authentication (Alternative Method)
Header-based authentication sends the X-Auth-VoipToken in clear text as part of the SIP INVITE. This method is provided as a workaround for carriers or devices that do not support standard proxy authentication. Where possible, use proxy authentication instead, as it provides better security for your credentials.
If your SIP device or carrier does not support proxy authentication, you can authenticate by including two custom SIP headers in the INVITE request:
| Header | Value |
|---|---|
X-Auth-EndpointSid | The Endpoint SID of your third-party endpoint |
X-Auth-VoipToken | The VoIP Token of your third-party endpoint |
When using header-based authentication, keep in mind the following:
- Both headers must be present in the INVITE request.
- The
insecure_addressand IP/subnet restrictions configured on your endpoint are still enforced. - Standard authentication methods (IP-based and proxy authentication) continue to work alongside header-based authentication.
Example INVITE with authentication headers:
INVITE sip:1202@carrierx.example.com SIP/2.0
Via: SIP/2.0/UDP 10.222.2.4:5060
From: sipp <sip:sipp@10.222.2.4:5060>;tag=1
To: sut <sip:1202@carrierx.example.com>
X-Auth-EndpointSid: 92d04fa7-f86f-4acd-a589-860569201845
X-Auth-VoipToken: your-voip-token-here
In both cases (Proxy or Header-Based Authentication), send your SIP requests to the System Gateway IP addresses (found in your System Gateway endpoint).
If authentication fails (invalid token or missing headers), CarrierX returns a 401 Unauthorized response.
Verify Phone Number Assignment
In the Endpoint Details window, click the Assigned Phone Numbers tab to view which phone numbers are associated with your endpoint. These numbers can be used for both inbound and outbound calls. In our case, you should be able to see the phone number that we assigned to the trunk group when we configured the SIP Trunk.
This means no phone numbers are currently associated with the endpoint's trunk group.
To fix this:
- Navigate to Configure > Phone Numbers
- Select a phone number
- Click Edit
- Assign the phone number to the appropriate trunk group
- Click Save
After this, the number will appear in the Assigned Phone Numbers tab.
Verification Checklist
Use this checklist to confirm your setup is working correctly:
- Inbound calls reach your SIP system
- Outbound calls are successfully initiated
- Authentication succeeds (no
401or403errors) - Audio is present in both directions