News & Announcements User Community Developer Community

Welcome to the RingCentral Community

Please note the community is currently under maintenance and is read-only.

Make sure to review our Terms of Use and Community Guidelines.
  Please note the community is currently under maintenance and is read-only.
Home » Developers
Storing Access Token
Tags: app administration
Jan 11, 2019 at 1:36pm   •   4 replies  •  0 likes

Does RingCentral recommend anything as far as safely storing your OAuth Access Token? Is it okay to save it in plain text in my database and allow users to see it? Should it be hidden from users? Should it be encrypted?

4 Answers
answered on Jul 6, 2019 at 11:49am  

Since the Access token has expiration time of 60 minutes , one of the easy and better way would be use Cache and storing it into Cache for 30 mins rather than storing it into a database. This will also help in efficient call of API reducing the rate limit issue. Storing in DB will not be a good idea as it will be expiring after 60 mins and so no use of storing it

answered on Jan 14, 2019 at 1:32pm  
I would convert the id/app secret to binary and execute a logic operation like AND / NAND / OR / XOR  with a particular value (such as the filename truncated or elongated so that its binary value would contain the same number of bits as the id/app secret) and save that value in your program.

This would allow you to save the id/ app secret in a form that would not be useful to anyone unless they know exactly what logic operation you are executing and what values you are using to perform the logic operation.

Whenever you need to use the id/app secret, simply read the value from your program and reverse the process.

Just a thought ....

answered on Jan 13, 2019 at 5:06am  
Access token expires in 60 minutes by default.

User can refresh it with refresh token. Token refreshing also requires clientId and clientSecret of your RingCentral app.  So do keep your clientSecret a secret.

answered on Jan 11, 2019 at 2:18pm  
Remember that the Access Token expires in 60 minutes. If you store it somewhere (whether hidden or not) it will become invalid unless a renewal request is submitted in less than 60 minutes from the moment it was issued.

Personally, I save the App Key and App Secret in my programs and use a Base64 encoding function I wrote to generate the "Authorization" field in the REST statement (Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxx) when requesting an Access Token.

This way, the Access Token is not stored anywhere.



A new Community is coming to RingCentral!

Posts are currently read-only as we transition into our new platform.

We thank you for your patience
during this downtime.

Try Workflow Builder

Did you know you can easily automate tasks like responding to SMS, team messages, and more? Plus it's included with RingCentral Video and RingEX plans!

Try RingCentral Workflow Builder

Developer Platform
Integrated Apps
App Gallery
Developer support
Games and rewards

Resource center
Product Releases
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Legal Privacy Notice Site Map Contact Us