To homepage To homepage
Question

Are oAuth access and refresh tokens issued per user or account?

  • 19 October 2016
  • 2 replies
  • 3713 views
V
  • v
  • New Participant
  • 4 replies

I'm integrating a CRM system with Ring Central and I cannot find a clear answer whether the access and refresh tokens are issued per user or they are valid for the whole account (main number and all extensions). I would like to know whether I should authenticate all agents separately and maintain independent tokens for all of them or I just need one set on account level. All agents have to be able to ring out and we should be able to access extensions related information and call logs in order to update call dispositions in our database. We use web-hooks in the background where we pick up the correct (user) access token to execute some follow-up API calls. I only have one extension in my sandbox so I cannot perform an appropriate test for this case.

2 replies

B
access_tokens are issued as a combination of (user + application).

If you are integrating with a web application (which CRM is typically a SaaS web application), then you should implement 3-Legged OAuth (which will prevent your application from adding the security risk of storing RingCentral Usernames/Passwords).

You can find multiple demos for implementing 3-Legged OAuth here: https://github.com/grokify/ringcentral-demos-oauth
A

It's basically generated per client I'd and user.. each application I guess have it's own client I'd and secret

Reply


Terms & ConditionsCookie settings
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice