ConverCom AG

Version 4

Carrier Service Factory 4 – Feature Overview

Carrier Service Factory 4 is a major evolution of the Carrier Service Factory: a completely modernized platform with a new visual flow editor, powerful integrations, AI-assisted tooling and a comprehensive set of security and reliability features.

HomeDocumentation › Carrier Service Factory 4 – Feature Overview

Security reviewed by AI

In addition to conventional testing and code review, Carrier Service Factory 4 is continuously checked for security using AI-based analysis, helping to identify and address potential issues early.

The table below gives a high-level overview of the features introduced with Carrier Service Factory 4.

No.FeatureDescription
3.1.1Latest frameworks for backend and frontendCompletely rebuilt on the latest .NET generation for a fast, modern and future-proof platform.
3.1.2Real-Time Text (RTT, RFC 4103)Real-Time Text is supported and can be switched on per service with a single option, so text is transmitted in real time alongside voice.
3.2.1Advanced HTTP integrationA powerful HTTP integration to connect flows to any web service, with a built-in AI assistant that turns plain-language descriptions into ready-to-use logic and direct access to Dynamic Tables.
3.2.2Dynamic Table delta updatesDynamic Tables save only what actually changed, so very large tables stay fast and several people can edit them at the same time – both in the interface and via the Management API.
3.2.3New Flow EditorA completely redeveloped, web-based flow editor: drag & drop of dozens of blocks, undo/redo, grouping, zoom, reusable ports, parameters and variables, plus embedded help for every block.
3.3.1Trigger Flow APILaunch outbound calls and campaigns from your own systems and receive their results back into the flow – a dedicated API with full OpenAPI/Swagger documentation and per-service API keys.
3.3.2Resources Management APIManage resource data such as Dynamic Tables and phone-number lists directly from your systems through a documented REST API secured with API keys.
3.4.1Multi-factor authenticationSecure sign-in with multi-factor authentication based on modern identity standards; administrators can enforce MFA for their users.
3.4.2Circuit routing & overflow protectionAutomatic protection against routing loops and call floods: calls that exceed a configurable threshold are safely rejected. Flexible modes cover both classic loop protection and calls-per-second (CAPS) limiting, can be scoped to selected customer profiles, and apply instantly without a restart.
3.5AI tools for service evaluationA range of AI tools for building and evaluating services – including AI resources for leading providers and AI assistants embedded directly in the platform.
4.1Media Path Optimization on by defaultEfficient voice paths thanks to media path optimization enabled by default, adjustable per call when needed.
4.1aCodec renegotiationFine-grained control over media path optimization and codec renegotiation to avoid one-way-audio situations in demanding interconnect scenarios.
4.2Background announcementsPlay a looping announcement in the background while the flow keeps working – for example a "please wait" message during a lookup – and stop it at any time.
4.3Configurable caller ID in outbound callsSet the displayed caller ID (A-number) for an outbound call directly in the call block, with support for variables and parameters.
4.4Dedicated permissions for power featuresPowerful, script-capable blocks and scripting features are protected by their own permissions, so only authorized users can create or edit them.
4.5Voice input with audio opt-inCallers can respond by speaking or by pressing a key – whichever comes first – combining real-time speech recognition with classic key input in a single step.
4.6Versioning of flows (incl. parameters)Every save creates a version snapshot, including parameters. Compare any two versions in a clear diff view and restore an earlier state with one click; retention is configurable.
5.1.1Dark theme & domain themesDark-mode toggle plus per-domain white-label theming with your own logo and colors.
5.1.2Home / dashboard pageA landing page with call statistics, profile overview and quick access.
5.1.3Solutions menu – fast loadingThe solutions list loads on demand with server-side search and filtering, staying fast even with very many services.
5.1.4Resources menu – fast loadingThe resources list loads on demand with server-side search, type filter and sorting across all resource types.
5.1.5AI Assistant chatsA full AI chat with saved history and auto-generated titles; private by default and optionally shareable read-only within a customer profile.
5.1.6Documentation portalIn-app documentation with an embedded AI help chat.
5.1.7FAQ collectionA curated FAQ covering routing/SIP, audio, APIs and more, in German and English.
5.2.1Telemetry targets (Grafana / OTLP)Open telemetry targets configurable per system and per call for live monitoring, for example with Grafana.
5.2.2Usage statisticsInsights into how numbers, blocks and resources are used over time.
5.3.1Customer profiles (multi-tenant)Multi-tenant customer profiles with hierarchy and inherited visibility, with a profile selector on every page.
5.4.1Tenant-scoped audit logA per-tenant audit log so administrators only see their own tenant's activity.
5.4.2Secrets encrypted at restKeys, passwords and other secrets are stored encrypted and are never shown again once saved.
5.4.3SSRF protection for outbound HTTPOutbound HTTP calls from flows are restricted to safe, public targets; internal destinations can be explicitly allow-listed.
5.4.4Sandboxed scripting engineScripting runs in a safe sandbox with no access to the host system.
5.4.5Stable authentication across serversAuthentication stays valid seamlessly across all servers and restarts.
5.4.6Spoof-resistant client-IP handlingClient IP addresses are handled in a spoof-resistant way, trusting forwarding information only from the internal proxy.
5.4.7Injection & data-leak hardeningData handling is hardened against injection across queries, commands, file access and downloads, and error messages never expose internal details.
5.4.8Per-IP request limit (rate limiting)Built-in per-IP request limiting protects the APIs and web interface against request floods (DoS) – always on and configurable per surface.
5.4.9Warning e-mails on protection triggersConfigurable warning e-mails notify administrators whenever a protection mechanism blocks something, throttled to avoid mail storms.
5.4.10AI-assisted security reviewThe platform is reviewed for security with AI-based analysis in addition to conventional testing, helping to catch potential issues early.
5.5.1New resource typesNew resource types – including AI resources, enumerations and Dynamic Table definitions – with rich metadata.
5.5.2"Used where?" usage trackingSee where each resource is used across all solutions.
5.6.1Phrase hints for speech recognitionPhrase hints sourced from Dynamic Tables improve speech-recognition accuracy.

See also: Carrier Service Factory 4 Features (complete overview) →