Skip to main content

We have an app in Production mode which uses MakeACall endpoint to make RingOut calls. Currently we are using the JWT auth flow. What's happening is all the calls which are going out are through the JWT user who created the app, and we are getting a message "Request rate exceeded" . What we want to do instead is, calls should happen based on the user who is trying to make the call and not based on the user who create the App. We are not sure how to do that and create users for each of the "from" caller. Is there a way to achieve this?


we tried using ringout url with extId as follows but it didnt help:
https://platform.ringcentral.com/restapi/v1.0/account/~/extension/{extId}/ring-out

Also, if there is any other solution you recommend instead of ours, we would like to know.


There are 2 options

1/ You collect the JWT of each user and when that user loads the page, use his JWT token to get the access token and make a ring-out call.

2/ Implement 3-legged authorization so that it requires a user to login with their own RingCentral username/password. Once the user logged in, you get the access token and use it to call the ring-out API.


It would be helpful if you could provide us a working example(maybe a github link to project) for "Implementing 3-legged authorization". That would be much helpful in addition to api docs.


Check out the 3-legged authorization quick start.


Ok, I tried the authorization code flow (Authorization code flow (ringcentral.com) and the callback successfully happens to the redirect_uri mentioned below after sign in on the ringCentral portal

https://platform.ringcentral.com/restapi/oauth/authorize?response_type=code&redirect_uri=http://localhost:53891/api/RingCentral/GetRingCentralCallback&prompt=login&client_id={clientId}&state=Create


Once we get the code at the callback url mentioned above, when we post to /restapi/oauth/token with post data, it seems to fail with the following response:

{ "error" : "invalid_client", "errors" : [ { "errorCode" : "OAU-153", "message" : "Invalid client: {clienId}", "parameters" : [ { "parameterName" : "client_id", "parameterValue" : "{clientId}" } ] } ], "error_description" : "Invalid client: {clientId}" }

I am using the same ClientId which is been passed to /restapi/oauth/authorize endpoint.


Below is the C# code for retrieving the token

string postData = "grant_type=authorization_code&code=" + code + "&client_id=" + rcOAuthClientId;

var rcAuthKey = CommanFunction.StrEncrypt(rcOAuthClientId + ":" + rcOAuthClientSecret);

var header = new WebHeaderCollection();

header.Add("Authorization", $"Basic {rcAuthKey}");

header.Add("ContentType", "application/x-www-form-urlencoded");

var result = HttpReqCall.Request(WebRequestMethods.Http.Post, rcAuthUrl, postData, header, "application/x-www-form-urlencoded");


Is this anything wrong which i am doing?









Reply