Skip to main content

Deployment Overview

You’ve built and tested your AI agent. Now it’s time to deploy it to production and start handling real conversations. This guide provides an overview of all deployment options, security considerations, and best practices for going live.

Deployment Options

Dasha BlackBox provides three primary deployment methods, each suited for different use cases:
Make and receive real phone calls
  • Inbound calls via dedicated phone numbers or SIP URIs
  • Outbound calls scheduled via API or dashboard
  • SIP trunk integration with compatible SIP providers (Bandwidth, Telnyx, etc.)
  • Call transfers to human agents when needed
Best For: Customer support hotlines, sales outreach, appointment reminders, surveys

Pre-Deployment Checklist

Before going live, verify your agent is production-ready:

Agent Configuration

  • System Prompt Finalized: Clear, specific instructions tested with real scenarios
  • LLM Model Selected: Appropriate model for your latency/quality/cost requirements
  • Voice Configured: Natural-sounding voice with correct language and speed
  • Temperature Tuned: 0.6-0.8 for most use cases (see Best Practices)
  • Max Tokens Set: 150-300 for voice responses to prevent long monologues

Testing Validation

  • Happy Path Tested: Common user scenarios work as expected
  • Edge Cases Covered: Handles unclear input, off-topic questions, errors
  • Voice Quality Verified: Clear pronunciation, natural prosody, correct speed
  • Response Time Acceptable: Under 2 seconds for most interactions
  • 10+ Test Conversations: Reviewed transcripts for quality and consistency

Integrations & Features

  • Tools & Functions Working: All external APIs and integrations tested
  • Webhooks Configured: Endpoints verified and receiving events correctly
  • Transfers Set Up: Call transfer routes tested with real destinations (if applicable)
  • Business Hours Defined: Schedule matches actual availability (if applicable)
  • MCP Servers Connected: Model Context Protocol integrations verified (if applicable)

Security & Compliance

  • API Keys Secured: Stored in environment variables, not hardcoded
  • Origin Restrictions Set: Web integration origins whitelisted
  • Webhook Signatures Verified: Security headers validated on your endpoint
  • PII Handling Reviewed: Agent prompt includes data privacy guidelines
  • Rate Limits Configured: Concurrency caps set to prevent abuse
Never Deploy Without Testing: A poorly configured agent can damage your brand reputation. Always test thoroughly with real scenarios before exposing to customers.

Phone Deployment Overview

Deploy your agent to handle real phone calls via inbound or outbound channels.

Inbound Calls

Every agent is automatically assigned a SIP URI when created. Customers can call this URI to reach your agent. How It Works:
  1. Agent created → SIP URI auto-generated (e.g., sip:agent-abc123@sip.staging.dasha.ai)
  2. Configure your phone provider to forward calls to the SIP URI
  3. Incoming calls automatically routed to your agent
  4. Agent conducts conversation using configured voice and LLM
Common SIP Providers:
  • Bandwidth
  • Telnyx
  • Vonage
  • Any SIP-compatible carrier
Agent details showing inbound SIP URI Inbound SIP URI displayed on agent detail page
No Phone Number Required: You can receive calls via SIP URI without purchasing a phone number. However, most users prefer to assign a memorable phone number for customer convenience.
Next Steps:

Outbound Calls

Schedule calls programmatically or via dashboard. Your agent calls customers at the right time. How It Works:
  1. Configure Outbound SIP settings in agent (server, credentials, caller ID)
  2. Schedule call via API or dashboard with destination number
  3. Call placed at scheduled time using your SIP trunk
  4. Agent conducts conversation and completes objective
  5. Results sent via webhook when call ends
Configuration Required:
  • SIP trunk credentials (server, auth user, password)
  • Caller ID (from user/DID) for outbound calls
  • Transport protocol (UDP or TCP)
  • Optional: CPS (calls per second) limits
Use Cases:
  • Sales outreach and lead qualification
  • Appointment confirmations and reminders
  • Survey collection and feedback
  • Customer follow-ups and notifications
Next Steps:

Web Widget Deployment Overview

Embed your AI agent on your website as a voice or chat widget.

Widget Features

The Dasha BlackBox widget provides a complete conversational UI: Communication Modes:
  • Voice Calls: WebRTC-based voice conversations
  • Text Chat: Real-time text messaging
  • Phone Calls: Click-to-call via phone (optional)
Customization:
  • Theme: Light or dark mode
  • Position: Bottom-right, bottom-left, top-right, etc.
  • Feature Gating: Enable/disable specific capabilities
  • Branding: Matches your website design
Security:
  • Token-based authentication
  • Origin restrictions (CORS)
  • Feature permissions
  • Usage tracking

Deployment Process

1. Create Web Integration Navigate to your agent’s detail page → Web IntegrationsAdd Integration Configure:
  • Name and description
  • Allowed origins (e.g., https://yoursite.com, *.yoursite.com)
  • Enabled features (AllowWebCall, AllowWebChat, etc.)
  • Widget appearance (theme, position)
2. Generate Access Token In the Authentication tab:
  • Enter token name (e.g., “Production Website”)
  • Click “Generate Token”
  • Copy token immediately (shown only once)
Token Security: Tokens cannot be retrieved after creation. If lost, you must generate a new token and update your website code.
3. Embed Widget Code Add to your website’s HTML: 
<!-- Dasha BlackBox Agent Widget -->
<blackbox-agent
  server-url="https://blackbox.dasha.ai"
  token="YOUR_TOKEN_HERE"
  position="bottom-right"
  theme="dark"
  skip-discovery
  data-config='{"features":["AllowWebCall","AllowWebChat"],"enableFeatureGating":true,"uiGatingMode":"disable"}'
></blackbox-agent>

<script src="https://blackbox.dasha.ai/widget/blackbox-widget-v3.min.js" defer></script>
4. Test on Staging Before production:
  1. Deploy to staging/test environment
  2. Verify widget loads correctly
  3. Test voice and chat features
  4. Confirm origin restrictions work
  5. Check token authentication
5. Deploy to Production Once validated on staging, deploy to your production website. Next Steps:

API Integration Overview

Build custom integrations using the Dasha BlackBox REST API.

Common Integration Patterns

CRM Integration: 
// Trigger call when lead enters sales stage
async function onLeadQualified(leadId) {
  const lead = await crm.getLead(leadId);

  const call = await blackbox.scheduleCall({
    agentId: "agent-abc123",
    endpoint: lead.phoneNumber,
    priority: 5,
    deadline: new Date(Date.now() + 10 * 60 * 1000).toISOString(),
    contextVariables: {
      leadName: lead.name,
      leadCompany: lead.company,
      leadInterest: lead.productInterest
    }
  });

  await crm.updateLead(leadId, { callId: call.callId });
}
Webhook Handler: 
// Receive call results and update your system
app.post('/webhooks/blackbox', async (req, res) => {
  const payload = req.body;

  if (payload.type === 'CompletedWebHookPayload') {
    const { callId, agentId, result, transcription } = payload;

    // Update CRM with call outcome
    await crm.updateCall(callId, {
      status: result.status,
      duration: payload.durationSeconds,
      transcript: transcription
    });

    // Trigger follow-up actions
    if (result.status === 'success') {
      await scheduleFollowUp(payload);
    }
  }

  res.status(200).send('OK');
});
Bulk Calling Campaign: 
// Schedule 1000 calls for customer survey
async function scheduleSurvey(customers) {
  const calls = customers.map(customer => ({
    agentId: "survey-agent",
    endpoint: customer.phoneNumber,
    priority: 3,
    deadline: new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString(),
    contextVariables: {
      customerName: customer.name,
      orderNumber: customer.lastOrderNumber
    }
  }));

  // Schedule in batches to respect rate limits
  const batchSize = 100;
  for (let i = 0; i < calls.length; i += batchSize) {
    const batch = calls.slice(i, i + batchSize);
    await blackbox.bulkScheduleCalls(batch);
    await sleep(1000); // Rate limit: 100 calls/second
  }
}

API Best Practices

Authentication:
  • Store API keys in environment variables
  • Rotate keys regularly
  • Use separate keys for staging and production
  • Never commit keys to version control
Rate Limiting:
  • Respect API rate limits (documented per endpoint)
  • Implement exponential backoff for retries
  • Batch operations where possible
  • Monitor usage to avoid throttling
Error Handling:
  • Always check response status codes
  • Handle network errors gracefully
  • Log errors for debugging
  • Implement retry logic for transient failures
Next Steps:

Security Considerations

API Key Management

Best Practices:
  • Store Securely: Use environment variables or secret managers (AWS Secrets Manager, HashiCorp Vault)
  • Rotate Regularly: Change API keys every 90 days
  • Scope Appropriately: Use read-only keys where write access isn’t needed (future feature)
  • Monitor Usage: Track API key usage for anomalies
Example Secure Storage: 
# .env file (never commit to git)
BLACKBOX_API_KEY=sk_live_abc123def456
BLACKBOX_API_URL=https://blackbox.dasha.ai/api/v1

# .gitignore
.env
.env.local

Web Integration Security

Origin Restrictions: 
// In web integration settings
{
  "origins": [
    "https://yoursite.com",      // Production domain
    "https://*.yoursite.com",    // All subdomains
    "https://staging.yoursite.com" // Staging domain
  ]
}
Never Use Wildcard * in Production: Allowing all origins (*) exposes your agent to unauthorized access. Always specify exact domains or subdomain patterns.
Token Best Practices:
  • Generate separate tokens for each deployment (production, staging, development)
  • Use descriptive names: “Production Website”, “Mobile App”, “Partner Integration”
  • Delete compromised tokens immediately
  • Monitor token usage via integration analytics
  • Set up alerts for unusual activity

Webhook Security

Validate webhook requests to prevent spoofing: Signature Verification: 
const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

app.post('/webhooks/blackbox', (req, res) => {
  const signature = req.headers['x-blackbox-signature'];
  const isValid = verifyWebhookSignature(req.body, signature, process.env.WEBHOOK_SECRET);

  if (!isValid) {
    return res.status(401).send('Invalid signature');
  }

  // Process webhook...
});
Additional Security:
  • Use HTTPS for all webhook endpoints
  • Implement IP allowlisting (if supported)
  • Rate limit webhook requests
  • Log all webhook attempts for auditing
See Webhook Security for complete implementation guide.

Scaling Considerations

Concurrency Limits

Dasha BlackBox limits simultaneous calls per agent to prevent abuse and ensure quality: Default Limits:
  • Free tier: 2 concurrent calls per agent
  • Pro tier: 10 concurrent calls per agent
  • Enterprise: Custom limits (contact sales)
Exceeding Limits:
  • New calls queued automatically
  • Calls execute when slot becomes available
  • Queue has priority-based ordering
  • Deadline ensures calls don’t queue indefinitely
Monitoring Concurrency: 
// Check call statistics for a specific agent
const stats = await fetch('https://blackbox.dasha.ai/api/v1/calls/statistics/statuses?agentId=agent-abc123')
  .then(r => r.json());

// stats.statusCounts contains breakdown by status (Scheduled, InProgress, Completed, etc.)
console.log(`Call statistics:`, stats.statusCounts);
console.log(`Total calls: ${stats.totalCount}`);
Scaling Strategy: If you need more concurrency, create multiple agents with the same configuration. Distribute calls across agents using round-robin or load balancing.

Rate Limits

API endpoints have rate limits to ensure fair usage: Common Limits:
  • Call scheduling: 100 requests/second
  • Agent updates: 10 requests/second
  • Call listing: 50 requests/second
  • Webhook delivery: 1000 events/second (receiving side should handle)
Handling Rate Limits: 
async function scheduleWithBackoff(call, maxRetries = 3) {
  for (let i = 0; i < maxRetries; i++) {
    try {
      return await blackbox.scheduleCall(call);
    } catch (error) {
      if (error.status === 429) { // Too Many Requests
        const retryAfter = error.headers['Retry-After'] || Math.pow(2, i);
        await sleep(retryAfter * 1000);
        continue;
      }
      throw error;
    }
  }
  throw new Error('Max retries exceeded');
}

Cost Optimization

Model Selection:
  • Use gpt-4.1-mini or llama-3.1-8b-instant for high-volume use cases
  • Consider deepseek-r1 for 30x cost reduction vs GPT-4
  • See LLM Configuration for model comparison
Token Management:
  • Set max tokens to 150-300 for voice responses
  • Use shorter system prompts when possible
  • Implement prompt caching (where supported)
  • Monitor token usage via analytics
Voice Provider:
  • Cartesia and Dasha are cost-effective for high volume
  • ElevenLabs for premium quality when needed
  • See Voice & Speech for pricing comparison

Monitoring Production

Once deployed, continuous monitoring is essential:

Key Metrics to Track

Agent Health:
  • Success Rate: Percentage of calls achieving their objective
  • Error Rate: Failed calls, system errors, timeouts
  • Average Duration: Call length trends over time
  • Response Latency: Time from user speech to agent response
Call Volume:
  • Daily/Weekly Calls: Track usage trends
  • Peak Hours: Identify high-traffic periods
  • Queue Length: Monitor backlog during peaks
  • Concurrent Calls: Watch for approaching limits
Quality Metrics:
  • Transfer Rate: Calls escalated to humans (lower is often better)
  • User Satisfaction: Post-call analysis scores (if enabled)
  • Conversation Length: Optimal range for your use case
  • Tool Call Success: Function/integration execution success rate

Dashboard Monitoring

Use the Dasha BlackBox dashboard to monitor:
  1. Dashboard Overview - High-level metrics and trends
  2. Call Management - Active and queued calls in real-time
  3. Call History - Search and filter past conversations
  4. Analytics - Detailed performance insights
  5. Agent Performance - Per-agent metrics and comparisons
See Monitor section for complete monitoring guide.

Alerts and Notifications

Set up webhooks to receive alerts: 
// Monitor for high error rates
app.post('/webhooks/blackbox', async (req, res) => {
  const payload = req.body;

  if (payload.type === 'FailedWebHookPayload') {
    errorCount++;

    if (errorCount > 10) { // 10 failures in monitoring window
      await sendAlert({
        channel: 'slack',
        message: `⚠️ High error rate: ${errorCount} failed calls in last hour`
      });
    }
  }

  res.status(200).send('OK');
});
Recommended Alerts:
  • Error rate exceeds 5% in 1 hour
  • Concurrency limit reached
  • Webhook endpoint unreachable
  • Unusual call volume spikes
  • Average call duration exceeds 2x baseline

Performance Optimization

If you notice performance issues: Slow Response Times:
  1. Switch to faster LLM (gpt-4.1-mini, groq models)
  2. Enable service tier priority (OpenAI)
  3. Reduce max tokens to 150-200
  4. Use faster TTS provider (Cartesia, Dasha)
  5. Optimize system prompt length
High Error Rates:
  1. Review error logs in Call Inspector
  2. Check external API/tool availability
  3. Validate webhook endpoint health
  4. Verify SIP trunk configuration
  5. Monitor LLM provider status
Quality Issues:
  1. Review conversation transcripts
  2. Refine system prompt based on patterns
  3. Adjust temperature for consistency
  4. Test different voices for clarity
  5. A/B test configuration changes
See Agent Performance for detailed optimization strategies.

Production Deployment Checklist

Use this final checklist before going live:

Configuration Verification

  • System prompt tested with 50+ conversations
  • LLM model finalized (temperature, max tokens, service tier)
  • Voice provider and settings validated
  • All tools and integrations tested end-to-end
  • Business hours and schedule configured (if applicable)
  • Call transfer routes tested with real destinations
  • Webhooks receiving events correctly

Security & Compliance

  • API keys stored securely (environment variables)
  • Web integration origins whitelisted (no wildcard *)
  • Webhook signatures implemented and verified
  • Rate limits configured appropriately
  • PII handling documented in system prompt
  • Data retention policies understood

Testing & Validation

  • 10+ happy path scenarios tested
  • 10+ edge cases validated (errors, unclear input)
  • Voice quality verified with real users
  • Response times under 2 seconds
  • Load tested with concurrent calls
  • Failover and error recovery tested

Monitoring & Support

  • Dashboard alerts configured
  • Webhook monitoring set up
  • Error tracking implemented
  • Support team briefed on escalation
  • Runbook created for common issues
  • Rollback plan documented

Launch Strategy

  • Start with 10-20% of traffic (if possible)
  • Monitor metrics hourly on launch day
  • Human fallback available for escalations
  • Quick iteration capability (can update prompt rapidly)
  • Post-launch review scheduled (24h, 1 week, 1 month)
Gradual Rollout Recommended: Don’t switch 100% of traffic to your AI agent on day one. Start with a small percentage, monitor closely, and increase gradually based on performance.

Next Steps

Choose your deployment path:

Phone Deployment

Web Deployment

API Integration

Production Readiness

API Cross-Refs

Agent Management: Call Operations: Web Integrations: