Skip to main content

In the documentation for OAuth 2.0 authorization code flow there seems to be a discrepancy: https://developers.ringcentral.com/guide/authentication/auth-code-flow

In Step 3 it states that client_id is a required parameter:

client_idstringRequired. Enter your application key (Production or Sandbox) here

But in the sample request provided few lines later it does not list this parameter. When we make a call without this parameter we get the accurate response from the API. Can we get a definitive answer about whether this parameter is required? I want to avoid putting a solution in place that will stop working once someone at RC discovers this gap.

Couple other discrepancies:

1. In Step 3 there is no mention of a header named "Accept", but the sample shows a header:

Accept: application/json

2. In "Step 3 : Auth token response" there is no mention of a return parameter "endpoint_id", but we are receiving a value for this parameter in the response body:

"endpoint_id": "e8kXbhD3Tl-G3QzAxait_"


Good documentation saves us hours of troubleshooting and potential issues down the road!

Thanks for reporting the issue! I am sure that the author made a mistake. I will ask them to fix it.

To your question, the client_id (and the client_secret) is needed but it must be based64 encoded and set in the header (NOT in the body param as documented). Here is an example in PHP

$url = $_ENV["RC_SERVER_URL"] . "/restapi/oauth/token";

      $basic = $_ENV["RC_CLIENT_ID"] .":". $_ENV["RC_CLIENT_SECRET"];

      $headers = array (

              'Content-Type: application/x-www-form-urlencoded; charset=UTF-8',

              'Accept: application/json',

              'Authorization: Basic '.base64_encode($basic)

            );

      $body = http_build_query(array (

              'grant_type' => 'authorization_code',

              'code' => $code,

              'redirect_uri' => $_ENV["RC_REDIRECT_URL"]

            ));

The endpoint_id is just an extra id for developer to identify the tokens of an app. You can pass a valid unique value and get it back or you can omit then the server will send a system generated one.

Reply


Terms & ConditionsCookie settings