Home / Resources / Recordings

Call Recordings

Enable call recording in your CallStart response, download files via the VNS API, and optionally decrypt AES-GCM encrypted recordings with the provided utility or your own code.

Enabling Recording Formats Downloading Files Decrypting C# Decryptor File Format

Enabling Recording

Add the following fields to the VoiceElements_Instructions block of your CallStart response to enable and optionally encrypt call recordings.

{
  "VoiceElements_Instructions": {
    "aiUrl": { ... },
    "maxSeconds": 300,
    "defaultToolsUrlBase": { ... },

    "recordCall": true,
    "recordCallFormat": "opus",
    "recordCallPassword": "EncryptMe"
  }
}

Field	Type	Description
recordCall	boolean	Set to `true` to enable recording for this call.
recordCallFormat	string \| null	Audio format: `opus`, `mp3`, or `wav`. Defaults to `opus` if null or omitted.
recordCallPassword	string \| null	Encryption password. If null or omitted the file is stored unencrypted.

Recording Formats

Choose the format that best fits your downstream processing needs.

opus

Default. High-quality, low-bitrate codec optimized for voice. Smallest file size.

mp3

Widely compatible. Good choice if the recording will be played back in a standard media player.

wav

Uncompressed PCM. Largest file size. Best choice for downstream transcription or audio analysis.

Downloading Recordings

Completed recordings are retrievable via the VNS API. Recordings that have not been explicitly deleted are automatically purged after 7 days — download or archive any recordings you wish to keep before that window expires.

⚠ 7-Day Retention Policy: VNS does not provide long-term storage. Recordings are purged 7 days after the call ends whether or not they have been downloaded. Download and store recordings in your own infrastructure promptly.

Use the GetRecording endpoint on the VNS API, passing the sessionGuid from the CallEnd webhook. The API returns the .enc encrypted file if a password was set, or the plain audio file if no password was used.

Action	Endpoint
List recordings	GET https://vnsapi.voiceelements.com/api/customer/recordings
Download a recording	GET https://vnsapi.voiceelements.com/api/customer/recordings/{sessionGuid}
Delete a recording	DELETE https://vnsapi.voiceelements.com/api/customer/recordings/{sessionGuid}

Full VNS API Reference — vnsapi.voiceelements.com

Decrypting with the FileDecryptor Utility

A ready-to-run .NET 8 command-line utility is available to decrypt .enc files without writing any code. Only use this section if you set a recordCallPassword — unencrypted recordings download directly as playable audio files.

Download FileDecryptor.zip

Usage

FileDecryptor <fileName> <password> <outputExtension>

Parameter	Description
fileName	Path to the `.enc` file to decrypt
password	The same password used in `recordCallPassword` when the call was recorded
outputExtension	File extension for the decrypted output, e.g. `wav`, `mp3`, `opus`

Example

FileDecryptor recording_abc123.enc EncryptMe opus

This produces recording_abc123.opus in the same directory.

Decrypting in C#

Adapt the following code to decrypt recordings directly in your own application. No external dependencies — only System.Security.Cryptography from the .NET base class library.

using System.Security.Cryptography;

const int SaltSize   = 16;
const int NonceSize  = 12;
const int TagSize    = 16;
const int HeaderSize = SaltSize + NonceSize; // 28 bytes
const int Iterations = 310_000;

// ── Read the .enc file ────────────────────────────────────────────────────────
byte[] fileBytes = File.ReadAllBytes("recording.enc");

// ── Extract header components ─────────────────────────────────────────────────
var salt         = fileBytes[..SaltSize];
var nonce        = fileBytes[SaltSize..HeaderSize];
var cipherAndTag = fileBytes[HeaderSize..];
var ciphertext   = cipherAndTag[..^TagSize];
var tag          = cipherAndTag[^TagSize..];

// ── Derive 256-bit key via PBKDF2-SHA256 ──────────────────────────────────────
var key = new byte[32];
Rfc2898DeriveBytes.Pbkdf2("YourPassword", salt, key, Iterations, HashAlgorithmName.SHA256);

// ── Decrypt with AES-256-GCM ──────────────────────────────────────────────────
var plaintext = new byte[ciphertext.Length];
using (var aes = new AesGcm(key, TagSize))
{
    aes.Decrypt(nonce, ciphertext, tag, plaintext);
}

CryptographicOperations.ZeroMemory(key);

// ── Write the decrypted audio file ────────────────────────────────────────────
File.WriteAllBytes("recording.opus", plaintext);

.enc File Format

The .enc file uses AES-256-GCM with a PBKDF2-derived key. The binary layout is:

Offset	Length	Content
0	16 bytes	Random salt used for PBKDF2 key derivation
16	12 bytes	AES-GCM nonce
28	variable	Encrypted audio ciphertext
end − 16	16 bytes	AES-GCM authentication tag

Key derivation: PBKDF2 with SHA-256, 310,000 iterations, producing a 256-bit key. The authentication tag ensures any tampering with the file is detected before decryption completes.

Back to Developer Guide