Dashboard
The Whsipder dashboard is a Next.js web application for monitoring call activity, configuring scoring thresholds, managing tenants, and reviewing compliance status. It is hosted at admin.whsipder.io or can be self-hosted.
Authentication & Authorization
The dashboard uses email/password authentication with JWT sessions. Tokens are issued on login and stored as HTTP-only cookies. Sessions expire after 24 hours of inactivity.
Roles
| Role | Permissions |
|---|---|
superadmin | Full access across all tenants. Can create/delete tenants, manage users, view global analytics, and modify platform-level settings. |
admin | Full access within their assigned tenant. Can view calls, modify scoring configuration, manage edge nodes, configure alerts, and access compliance reports. |
viewer | Read-only access within their assigned tenant. Can view call history, live feed, scoring data, and compliance status but cannot modify any settings. |
All API routes enforce role-based access control via middleware. Requests without a valid JWT or with insufficient permissions receive a 401 or 403 response.
Key Pages
Overview
The landing page after login. Shows aggregate metrics for the current tenant: total calls today, block rate, average score, active edge nodes, and trend charts for the last 7/30 days. Cards highlight notable events like score spikes, new threat patterns, or edge nodes that have gone offline.
Live Feed
A real-time streaming view of calls as they arrive. Each row shows the caller number, called number, STIR/SHAKEN attestation level, composite score, top scoring layer, and disposition (passed, challenged, blocked). Rows are color-coded: green for low-risk, amber for challenged, red for blocked. Click any row to expand the full scoring breakdown and, if GPU analysis is available, the transcription and deepfake score.
Calls
Historical call log with search, filtering, and export. Filter by date range, score range, disposition, caller number, or called number. Each call record includes the full 25-layer scoring breakdown, SIP headers, STIR/SHAKEN verification result, and any GPU analysis data. Export to CSV for compliance reporting.
Scoring
Scoring configuration panel. View and adjust the 25 scoring layers, their individual weights, thresholds, and enable/disable states. Changes are synced to all edge nodes within the next heartbeat interval (default 15 seconds). The page also shows scoring distribution charts and per-layer contribution analysis.
Compliance
Eight-tab compliance module covering STIR/SHAKEN attestation rates, RMD filing status, TRACED Act obligations, TCPA consent tracking, PCI DSS call recording controls, KYC verification status, traceback response logs, and state-level regulatory status. Each tab includes exportable evidence reports suitable for regulatory filings.
Alerts
Configure alert rules based on scoring thresholds, call volume anomalies, edge node health, or specific threat patterns. Alerts can be delivered via email, webhook, or Slack integration. Each alert rule defines a condition, severity level, cooldown period, and notification channel.
Configuration
Tenant-level settings including edge node management (add/remove/rotate keys), user management (invite/revoke/change roles), GPU server configuration, API key management, and general preferences like timezone and notification settings.
Multi-Tenant Architecture
The dashboard enforces strict tenant isolation at every layer. All database queries are scoped by tenant_id. API routes extract the tenant from the authenticated user's JWT and inject it into every query. There is no mechanism for a tenant admin to access another tenant's data, even by manipulating request parameters.
Superadmins can switch tenant context via the tenant selector in the header. When viewing as a specific tenant, all data is filtered accordingly. The global view (superadmin only) shows cross-tenant analytics and platform health.
Tip: Use the Settings > API Keys page to generate API keys for programmatic access. API keys are scoped to the tenant and respect the same RBAC rules as the dashboard UI.
API Routes Overview
The dashboard exposes a REST API under /api that mirrors the UI functionality. All routes require authentication via JWT cookie or Authorization: Bearer header with an API key.
| Endpoint | Method | Description |
|---|---|---|
/api/calls | GET | List calls with pagination, filtering, and sorting |
/api/calls/[id] | GET | Full call detail including scoring breakdown |
/api/calls/live | GET (SSE) | Server-sent events stream for real-time call feed |
/api/scoring/config | GET/PUT | Read or update scoring layer configuration |
/api/edges | GET/POST | List edge nodes or register a new one |
/api/edges/[id] | GET/DELETE | Edge node detail or deregistration |
/api/compliance/stats | GET | Compliance metrics for the current tenant |
/api/alerts | GET/POST | List or create alert rules |
/api/users | GET/POST | List or invite users (admin only) |