Integrations Guide
Detektix integrates with external services for telephony, SMS, AI voice, notifications, and data export. This guide covers setting up and managing each integration.
All integrations are managed in Settings → Integrations.
Phone & SMS
Twilio (Managed)
Detektix uses Twilio as its primary telephony provider. In the managed configuration, Detektix provisions and manages phone numbers for you.
How it works:
- When PhantomIDs are generated, phone numbers are automatically provisioned from Twilio
- Incoming calls trigger webhooks that log call data to your tenant
- SMS messages are received and logged through Twilio's messaging service
- Call recordings and metadata are synced automatically
What you see:
- Phone numbers appear in the PhantomID table with their Twilio number
- Call and SMS logs are available in the Forensics section
- Phone number management is handled in the Phone Numbers page
No configuration is needed for managed Twilio — it works out of the box.
Bring Your Own Twilio (BYOT)
If your organization has its own Twilio account, you can connect it to Detektix to use your existing phone numbers.
Setup:
- Navigate to Settings → Integrations
- Select External Twilio as the integration type
- Enter your Twilio credentials:
| Setting | Description |
|---|---|
| Account SID | Your Twilio Account SID |
| Auth Token | Your Twilio Auth Token |
| Friendly Name Prefix | Optional prefix for identifying Detektix-managed numbers |
- Save and test the connection
Sync behavior:
Once connected, Detektix will:
- Sync phone numbers — Import your Twilio phone numbers into Detektix
- Sync call logs — Pull call history for monitored numbers
- Sync SMS logs — Pull SMS history for monitored numbers
- Sync friendly names — Update display names for easy identification
Sync runs on a configurable schedule. You can also trigger manual syncs from the integration settings.
BYOT sync logs are available in the integration details, showing:
- Numbers processed, created, updated, and failed
- Call logs and SMS logs synced
- Timestamps and error details for any issues
IQSIM SMS Gateway
IQSIM provides SIM-based SMS capabilities — real mobile SIM cards that send and receive SMS, as opposed to virtual numbers.
Why IQSIM?
- Some platforms detect and block virtual/VoIP numbers
- SIM-based numbers appear as real mobile phones
- SIM rotation helps avoid detection and blocking
Setup:
- Navigate to Settings → Integrations
- Select IQSIM as the integration type
- Enter your IQSIM credentials and API endpoint
- Configure webhook URL for incoming SMS
Features:
- Line management — View and manage IQSIM SIM lines (MDN, ICCID, status)
- SIM rotation — Schedule automatic SIM rotation to maintain freshness
- SMS receive — Incoming SMS is delivered via webhook and logged alongside Twilio SMS
- Rotation jobs — Track scheduled and completed rotation operations
SIM rotation periodically swaps SIM assignments to prevent numbers from being flagged or blocked by target platforms.
AI Voice
ElevenLabs
Detektix integrates with ElevenLabs to provide AI voice agents that answer calls to PhantomID phone numbers.
What it provides:
- AI voice agents that answer calls naturally and engage in conversation
- Configurable conversation flows and personalities
- Call recordings and AI-generated transcripts
- Caller intent analysis
Setup:
- Navigate to Settings → Integrations (or the dedicated ElevenLabs section)
- Enter your ElevenLabs API key
- Configure voice agent settings (voice, personality, instructions)
Sync behavior:
- Call metadata from ElevenLabs is synced to Detektix
- Transcripts are stored alongside call logs
- AI conversation records are available in the Forensics section
AI voice agents transform your PhantomIDs from passive honeypots into active intelligence collectors — engaging callers to extract information about who they are and what they want.
Notifications
Slack
Receive real-time alerts in your Slack workspace when PhantomIDs are contacted.
Setup:
- Navigate to Settings → Integrations
- Select Slack as the integration type
- Configure:
| Setting | Description |
|---|---|
| Bot Token | Your Slack Bot OAuth token |
| Channel ID | The channel to post alerts to |
| Upload Format | Format for data uploads: CSV, JSON, or plain text |
What gets posted:
- New PhantomID contacts (calls, SMS, emails)
- Threat actor detections
- Incident creation alerts
- Campaign status updates
Webhooks
Send event data to any external system via HTTP webhooks.
Setup:
- Navigate to Settings and configure outbound webhooks
- Specify the webhook URL and authentication token
- Select which events trigger webhook delivery
Webhook events include:
- PhantomID contacted (call, SMS, email)
- Threat actor detected
- Incident created or updated
- Injection job completed or failed
- Campaign status changes
Webhook payload includes structured JSON data about the event, including all relevant details (PhantomID info, caller info, timestamps).
Security:
- Each webhook delivery includes a verification token in the headers
- Your receiving system should validate this token to confirm the request is from Detektix
- Failed deliveries are retried automatically with exponential backoff
Email Notifications
Configure email notifications for specific events:
- Incident creation alerts sent to designated email addresses
- Configurable event triggers
- Available alongside other notification channels
Data Export
Snowflake
Export Detektix data to Snowflake for enterprise analytics and custom reporting.
Setup:
- Navigate to Settings → Integrations
- Select Snowflake as the integration type
- Configure your Snowflake connection:
| Setting | Description |
|---|---|
| Account | Your Snowflake account identifier |
| Warehouse | Target warehouse |
| Database | Target database |
| Schema | Target schema |
| Credentials | Authentication credentials |
What's exported:
- PhantomID records and metadata
- Call, SMS, and email logs
- Threat actor profiles and activity
- Injection job results
- Campaign and incident data
BigQuery
Export data to Google BigQuery for GCP-based analytics.
Setup:
- Navigate to Settings → Integrations
- Select BigQuery as the integration type
- Configure your GCP project and dataset credentials
The export schema mirrors the Snowflake export, providing the same data in BigQuery's format.
Integration Status
Each configured integration shows a connection status:
| Status | Description |
|---|---|
| Connected | Integration is active and syncing normally |
| Error | Connection failed — check credentials and configuration |
| Syncing | A sync operation is currently in progress |
| Disconnected | Integration is configured but not active |
Monitor integration health in Settings → Integrations to ensure all your data pipelines are functioning correctly.
Credential Security
All integration credentials (API keys, tokens, auth secrets) are stored with database-level encryption. Credentials are:
- Encrypted at rest using dedicated encryption functions
- Decrypted only on the server side during sync operations
- Never exposed to the client application or browser
- Never included in logs or error messages
See Security & Compliance for more on how Detektix protects your data.