Tom Kustura avatar image
Tom Kustura asked Phong Vu answered

Is client_id required in OAuth 2.0 authorization code flow - discrepancy in documentation

In the documentation for OAuth 2.0 authorization code flow there seems to be a discrepancy:

In Step 3 it states that client_id is a required parameter:

client_id string Required. Enter your application key (Production or Sandbox) here

But in the sample request provided few lines later it does not list this parameter. When we make a call without this parameter we get the accurate response from the API. Can we get a definitive answer about whether this parameter is required? I want to avoid putting a solution in place that will stop working once someone at RC discovers this gap.

Couple other discrepancies:

1. In Step 3 there is no mention of a header named "Accept", but the sample shows a header:

Accept: application/json

2. In "Step 3 : Auth token response" there is no mention of a return parameter "endpoint_id", but we are receiving a value for this parameter in the response body:

"endpoint_id" : "e8kXbhD3Tl-G3QzAxait_"

Good documentation saves us hours of troubleshooting and potential issues down the road!

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Phong Vu avatar image
Phong Vu answered

Thanks for reporting the issue! I am sure that the author made a mistake. I will ask them to fix it.

To your question, the client_id (and the client_secret) is needed but it must be based64 encoded and set in the header (NOT in the body param as documented). Here is an example in PHP

$url = $_ENV["RC_SERVER_URL"] . "/restapi/oauth/token";
      $basic = $_ENV["RC_CLIENT_ID"] .":". $_ENV["RC_CLIENT_SECRET"];
      $headers = array (
              'Content-Type: application/x-www-form-urlencoded; charset=UTF-8',
              'Accept: application/json',
              'Authorization: Basic '.base64_encode($basic)
      $body = http_build_query(array (
              'grant_type' => 'authorization_code',
              'code' => $code,
              'redirect_uri' => $_ENV["RC_REDIRECT_URL"]

The endpoint_id is just an extra id for developer to identify the tokens of an app. You can pass a valid unique value and get it back or you can omit then the server will send a system generated one.

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys