Use case · Click-to-call from any web page

Add a Call us button to your website. No install. No third-party cloud. Straight into your sovereign SBC.

The visitor clicks one button on your site, the browser opens an encrypted WebRTC call through their firewall on port 443 (indistinguishable from HTTPS) and lands inside your CodeB Session Border Controller, which routes the call to the right person, the right hunt group, an AI receptionist or a mobile fallback. No app to install, no phone number to dial, no Twilio or Zoom or WhatsApp in the path. Few platforms ship this end-to-end. CodeB does.

Try it now — call our office → Get your own tenant Sovereign SBC
01 · The end-to-end path

From visitor click to ringing telephone, with no third-party cloud in the middle

Most "call us" widgets on the market either dial a tel: link (only works on phones), open a WhatsApp chat (Meta sees everything), or route the call through the vendor's cloud (third-party hears your call metadata, third-party holds the keys to your relay). CodeB does none of that. The call goes straight through your visitor's firewall on TLS port 443 into the SBC you control, on the tenant you own, with the routing rules you wrote.

Visitor's browser Clicks "Call us" button Mic permission granted Their firewall Allows :443 outbound (every firewall does) Public internet YOUR ADMIN BOUNDARY CodeB Sovereign SBC Authenticates · routes Signs CDR · tears down Hardphone Browser tab AI receptionist Mobile fallback TLS :443 WSS + DTLS-SRTP Key properties of this path · All traffic on TLS :443 — visitor's firewall never sees it as VoIP · Media is DTLS-SRTP — encrypted end to end · STUN and TURN run inside the SBC — no third-party metadata leak · No third-party cloud, no Twilio, no Zoom, no WhatsApp in the path · Identity claims (OIDC, EU Wallet) travel with the call if the visitor is signed in · CDR is signed (ECDSA-P256 sidecar), tamper-evident for audit
02 · Embed snippet

One HTML element. Zero JavaScript bundle. Zero cookies set on click.

No SDK, no NPM package, no third-party script tag. The button is a plain anchor pointing at your tenant's phone subdomain with the dial target as a URL parameter. Style it however you want, drop it anywhere on the page, the visitor's browser does the rest.

<!-- Minimal call us button -->
<a class="call-us-btn"
   href="https://phone.YOURTENANT.com/room.html?room=ask-us&dial=610&cam=off&name=Visitor"
   target="_blank" rel="noopener">
  ☎ Call us
</a>
What each parameter does room · the WebRTC room name the visitor lands in. Use a stable string per page (e.g. support, sales-de, ask-us) so calls can be tagged in your CDR.
dial · the destination. Internal extension (610), AI virtual number (1234), trunk number (+356xxxxxxx) or a routing alias defined in the tenant admin.
cam=off · default to audio-only. Add cam=on for video; cam=ask for visitor choice.
name · optional caller-display string the receiving party sees in their softphone UI.

Audio-only by default

Most "call us" buttons should not pop a video preview at the visitor. cam=off opens the call in audio-only mode — one mic permission prompt, no camera ask.

Same button, multiple destinations

Define the destination as a routing alias in admin. Change who picks up — or add time-of-day fallbacks — without touching the website.

No tracking cookies, ever

The button click sets no cookies on your domain. The phone tab on phone.yourtenant.com sets only the session cookie the WebRTC signalling needs — first-party, secure, same-site.

03 · Ringing rules — the part vendors don't ship

What actually happens when the visitor clicks

A bare tel: link or WhatsApp button gives you no control over who picks up, when, or what happens next if no one is around. CodeB gives you the full routing programme.

Parallel fork

Everyone in the team rings at once. First person to pick up wins. The other ringtones stop. Useful for small sales teams where any of three people can take the call.

Sequential fallback chain

Ring receptionist for 15 seconds. If no answer, ring office floor for 20 seconds. If still no answer, drop into the AI receptionist for message-taking.

Time-of-day branching

09:00–17:00 local: ring humans. 17:00–09:00: go straight to the AI receptionist with an after-hours prompt. Weekends: forward to the on-call mobile.

AI-first qualification

Every call starts with the AI receptionist. The AI asks the reason for the call, then transfers via SIP REFER only if the caller needs a human. Cuts noise without losing customer service.

Language-aware routing

Different button on different language pages — ?dial=de-sales for the German page, ?dial=en-sales for the English page — routes to the right native speaker.

VIP routing via identity

If the visitor is signed in via OIDC or has presented an EU Wallet credential, the routing rule can branch on the identity claim. Existing customers go to their account manager; new visitors go to the front desk.

04 · Why this is rare

Six things almost no other vendor ships together

Self-hosted media path

Most "browser call" widgets relay through the vendor's cloud. With CodeB the media terminates in your SBC — you are the only party that sees who called whom and for how long.

Self-hosted STUN and TURN

NAT traversal does not leak to Google or Cloudflare. The STUN responder and TURN relay live in the same install as the SBC.

No app to install for the visitor

The browser is the phone. No Zoom Rooms, no Teams meeting code, no WhatsApp account, no SIP softphone. Click and talk.

Routes to anything that speaks SIP

The destination can be a CodeB-native browser tab, a FRITZ!Box extension, an Asterisk hunt group, a Teams Direct Routing endpoint, a mobile via the PSTN, or an AI virtual number. Mix and match per route.

Identity-aware

If the visitor is signed in via OIDC, Passkeys or EU Wallet, those verified claims travel with the call. The receiving party knows who is on the line before they say hello.

Signed CDR, tamper-evident recording

Every call writes a signed CDR. If you enable recording, the file is paired with an ECDSA-P256 signature so a third party can verify the audio has not been altered — useful for regulated industries.

05 · Who uses this

The six audiences this use case lights up

Regulated SMEs and enterprises

Healthcare, legal, financial services — anyone whose conversations cannot legally cross into a US-cloud third party. The button keeps the entire call inside the EU jurisdiction the tenant is hosted in.

One-person businesses + freelancers

A solo practitioner wants a "call me" button on their website that rings their mobile during business hours and an AI receptionist after. CodeB does both with one rule.

Public-sector portals

Citizens click a button on the agency website and talk to the right department, with their identity already presented via EU Wallet. Higher-trust interactions, no phone-tree fatigue.

White-label communications providers

Sell the call-us-button experience to your customers under your own brand, on your own SBC, with no exposure to a third-party vendor for the call path or the identity layer.

Companies embedding calls into portals

SaaS apps, customer dashboards, training platforms — drop the button into any authenticated context and the call inherits the user's identity automatically.

Specialist vertical phone vendors

Building a healthcare scheduling phone, a legal intake line, a hospitality concierge desk? Use CodeB as the sovereign backend and ship the button on whatever frontend you build.

FAQ — the questions buyers actually ask

How is this different from a tel: link or a WhatsApp button?

A tel: link only works if the visitor is on a phone and has a SIM. A WhatsApp button requires a WhatsApp account and surrenders the conversation metadata to Meta. The CodeB Call us button works from any browser on any device, asks only for microphone permission, and keeps the call inside your tenant boundary.

What does the visitor have to install?

Nothing. The browser is the phone. Chrome, Edge, Firefox, Safari on iOS 14+ and Android Chrome all work. The first click asks for microphone permission once; subsequent calls do not re-ask.

Does the call go through a third-party cloud?

No. The WebRTC session terminates in your CodeB SBC, on your tenant, inside your administrative boundary. STUN and TURN are self-hosted in the same install. No third-party meeting service, no third-party signalling cloud, no third-party media relay.

Does the visitor's corporate firewall block it?

Almost never. WebRTC media falls back to TURN-over-TLS on port 443, which is indistinguishable from HTTPS on the wire. Even networks that block UDP entirely (hotel Wi-Fi, locked-down corporate, hospital guest networks) succeed via the TURN-TLS path.

Can the same button ring multiple people in sequence?

Yes — parallel fork, sequential fork, time-of-day branching, fallback chains, all supported. See the routing-rules section above.

Can the button ring an AI receptionist instead of a human?

Yes. Point the button at any virtual number in your tenant. The AI picks up, speaks any language, takes a message or transfers to a human via SIP REFER. Useful for after-hours coverage, overflow handling, or as the primary line for one-person businesses.

What identity does the call carry?

By default, anonymous browser session. If the visitor is signed in via OIDC, EU Wallet or Passkeys, those verified claims travel with the call and the receiving party knows exactly who is on the line. This is the identity-aware SBC differentiator.

How fast does it connect?

Typically under 2 seconds from button click to first ringtone. ICE candidates are trickled so media flows on the first working path. After-hours fallbacks add the ring time of each step in the chain.

Try the button you would put on your own site

The button below opens a real WebRTC call to our office desk. It uses exactly the same code path the snippet above ships. One click. Microphone permission. Talk.

☎ Call our office now Get your own tenant SBC details
Related: Sovereign SBC · SIP over WebSocket · STUN / TURN / ICE explained · Voice AI platform · Use cases · Compare