Documentation

Discord

Features

Build

Simplified IVR

Build unique voice experiences with simple-to-use XML and container applications.

Call Transfers

Use simple APIs to create seamless call transfer experiences. Warm, cold, and anything in between.

Build with NoCode

Build voice experiences without coding using our Make™ application.

Connect

Ultra Elastic SIP Trunking

Connect any SIP compatible carrier, cloud platform or on-premise equipment - to Cloudonix and multiple agentic AI plattforms.

Painless SBC

Cloudonix connects to any SIP equipment at ease, providing built-in SBC features, such as transcoding, TCP/UDP/TLS negotiation, and more.

Developer Tools

Infrastructure APIs

Messaging APIs

Voice APIs

Mobile and Web SDKs
Solutions

For Developers

Multi-Platform Calling

Build in-app calling capabilities on any mobile platform, native or web.

Wearable Devices

Embed voice communications to smartwatches and other Android wearable devices.

You next challenge

Whatever is your next voice challenge, Cloudonix is here with the most comprehensive set of APIs, SDKs and services.

For Agencies

Analytics and Call Tracking

Add call tracking and integrate with your CRM/ERP systems to fully track your online media spending - stop guessing, start measuring.

Sales and Customer Success

Close sales faster and reduce customer churn with Cloudonix contextual voice calling - make every call count.

Simple AI Voice Agents

Use Cloudonix's built-in AI Voice features, to create simple voice agents for triage and call routing.

For Telecoms and MSPs

CPaaS AI Enablement

Add CPaaS features to your existing communications system, making your existing infrastructure smarter and more valuable.
Resources

Developer Resources

Documentation

Community Discord

Open Source Code and More

Mobile SDK Downloads

Open a support ticket

Corporate Resources

Awards and News

Events

CX-Verse Podcast

Corporate Blog
Pricing

Sales

Signup

Knowledge Center

Vulnerability Disclosure Policy

Knowledge Center

Vulnerability Disclosure Policy

Knowledge Center

Vulnerability Disclosure Policy

Cloudonix Vulnerability Disclosure Policy

The following vulnerability disclosure policy addresses the procedures for reporting and handling disclosures for the following properties that are in scope.

We look forward to working with the security community to find vulnerabilities in order to keep our customers safe.

Cloudonix will award bounties for any vulnerability disclosure that results in fixing an issue, as per the following guidelines.

If you would like to report vulnerabilities for any other service not listed, please do so by emailing security@cloudonix.io, though we do not guarantee any outcome nor even the possibility of receiving a reply.

Use of Platform

Cloudonix provides the security community with a staging platform, where its members may perform their research and identification.
All staging resources are designated by the staging name, as part of their FQDN, and/or resource names.
Research and vulnerability disclosure activities conducted on our Staging platform and consistent with this policy are considered to be “authorized” conduct under the Computer Fraud and Abuse Act, the DMCA, and other applicable computer use laws. Please note that Cloudonix production or non-staging resources are considered out of scope and are not authorized.

General Guidelines

Results of automatic scanning tools without a real exploit demonstration are not valid for vulnerability disclosure reports to Cloudonix, and will be ignored.
A distributed denial of service (DDoS) or other volumetric attacks are never eligible for the bounty program, regardless of any other consideration.
When multiple submissions are received for the same underlying issue (even if presented in multiple ways), we will only award the first report that was received (provided that it can be fully reproduced).
Social engineering (e.g. phishing, vishing, smishing and other practices) does not warrant a bounty without also referring to a fixable technical limitation.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of service. Only interact with accounts you own (created by yourself on the staging platform).

When submitting a report

Make sure that you have tested and can show the work that the issue is real (not just suggested by an automated tool).
Please use our staging platform to test and identify these kinds of issues at cockpit.staging.cloudonix.io End point
Do submit detailed proof and the steps taken to produce an issue with reproducible steps. If the report is not detailed enough for our security team to reproduce the issue, the issue will not be eligible for a reward. (a video may be included if that will help demonstrate the reproduction).
Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.

Send the report to security@cloudonix.io

Services in scope

The following services are in scope of this vulnerability disclosure policy:

Cloudonix API services: api.staging.cloudonix.io, api.cloudonix.io
Cloudonix SIP services: sip.staging.cloudonix.io, wss.staging.cloudonix.io, *.sip.staging.cloudonix.io, *.staging.cloudonix.net
Cloudonix Cockpit: cockpit.staging.cloudonix.io

Resources without the staging designator are production services and are out of scope for the purpose of the vulnerability disclosure policy.

Vulnerability Disclosure Procedure

For each of the above listed properties, if you discover a vulnerability – please send an email, with as much details as possible, to security@cloudonix.io. Please provide – at a minimum:

Your name and contact details
An accurate as possible reproduction with the specific details of the service and any settings required for reproduction – a disclosure without enough details to allow our security team to reproduce the issue will be disregarded.
A reference to any relevant standard or specification being violated.

Per service reward policy

Cloudonix commercial web properties

Cloudonix does not award rewards for vulnerability disclosure on our commercial web properties. These are considered

non-mission-critical and may contain multiple minor issues that are either deemed acceptable risk or are part of required

functionality – and that we have no intention of investing resources to “fix”.

Cloudonix API services

Cloudonix will award bounties for any vulnerability disclosure that results in fixing an issue that is either:

Allows anonymous public access to disclose or modify non-public customer data or meta-data.
Allows customer’s privileged access to disclose or modify non-public data or meta-data of other customers.
Allows anonymous access to modify public customer data.
Allows customer’s privileged access to modify public data of other customers.
Causes a non-trivial, non-distributed, denial of service for other customers (i.e. not anonymous public access).

For the purpose of such disclosure, Cloudonix internal customer accounts are not considered customer accounts or non-public data.

Additionally Cloudonix deems customer’s privileged access gained by guessing customer controlled credentials, or by circumventing a third-party service, to be lawful access that is not a vulnerability.

Cloudonix SIP services

Cloudonix will award bounties for any vulnerability disclosure that results in fixing an issue that is either:

Allows anonymous public access to create and terminate a SIP call.
Allows anonymous public access to disclose information about other SIP sessions.
Allows customer’s privileged access to disclose information about SIP sessions of other customers.

For the purpose of such disclosure, Cloudonix internal customer accounts are not considered customer accounts or non-public data.

Vulnerability Payouts

Details for all payouts are available on our HackerOne page.

Simplified IVR

Call Transfers

Build with NoCode

Ultra Elastic SIP Trunking

Painless SBC

Infrastructure APIs

Messaging APIs

Voice APIs

Mobile and Web SDKs

Multi-Platform Calling

Wearable Devices

You next challenge

Analytics and Call Tracking

Sales and Customer Success

Simple AI Voice Agents

CPaaS AI Enablement

Documentation

Community Discord

Open Source Code and More

Mobile SDK Downloads

Open a support ticket

Awards and News

Events

CX-Verse Podcast

Corporate Blog

Cloudonix Vulnerability Disclosure Policy

Use of Platform

General Guidelines

When submitting a report

Services in scope

Vulnerability Disclosure Procedure

Per service reward policy

Cloudonix commercial web properties

Cloudonix API services

Cloudonix SIP services

Vulnerability Payouts

Success Stories

Resources

#DoMore

Legal and Compliance