Skip to main content

We host electronic health records and want to fetch inbound faxes for multiple RC clinic clients via a schedule job. I am all confused over the terminology and the right approach. From the developer console, we have the Client ID and secret along with JWT. Is that belong to our application? Based on what I read, it seems we should use the JWT authentication for each of our client, does that means each client login on their own account, launch their developer console and somehow get the JWT token to us? When the getting start page stated Client ID, is it our app client ID or the client account Client ID?


If someone can guide us on the roadmap, we would really appreciate it. We want to transition our clients from faxage.com to RC.

First of all, as an ISV who provides service to multiple customers, you can create a public app (if your company is not a RingCentral customer, you can signup for a free-tier sandbox account). This public app will be owned and maintained by you, but other RingCentral accounts can authenticate via your app to access their own resources (in this case, their fax messaging).

To authenticate a user via a public app, you have 2 choices:

1. Your app must support the 'Partner JWT' authentication. Or,

2. The Code Flow authorization

Each of the authentication methods above would have the pros and cons.

Option 1: The customer must login their RingCentral developer portal to generate a JWT token designated for your public app (using the app client id) and provide you with the JWT token. The good thing about this option is that the user needs to do this just one time (provided that they don't revoke the JWT token). Your app will be able to use the JWT token to get a valid access token for any RingCentral API call. If the access token and the refresh token expires, you can simple use the JWT token to request for a new access token and refresh token pair. In other words, your app does not need to implement auto refresh function to prevent the refresh token gets expired (which is 7 days).

Option 2: Your app must provide a UI part for your customers to login their RingCentral account (this can be using their username/password or SSO). The burden is on your app that once a user logged in, you have to maintain their access token and refresh token to keep them valid (at least the refresh token) as long as you can. This usually means that you have to implement an auto-refresh function that always refresh the tokens within 7 days if the user is inactive. If your app fails to refresh tokens, then you have to inform your customer and request them to login your app again.

Remember that, in both cases and to be able to access the account's resource or to perform some activities on behalf of any users under an account, the user who generates a JWT token or who logs in your app must be a super admin user or having a custom role that allows the user to perform those activities.


Reply