question

mahmoud-mahajna9352 avatar image
mahmoud-mahajna9352 asked John Wang answered

Subscription for post events for multiple accounts

Hi,


I'm planning to implement an integration app to subscribe on posts events, and allow different accounts/companies to use this integration app.


For this subscription, we have to pass the Authorization and Validation-Token as header parameters, is there a way to do that for multiple accounts?


The purpose is to publish an integration app to be apart of the integrations section in Glip, and allow companies install and use the integration.


what can be shown in the installation forum? Can I get the access token and the authorization of the account that wants to install the integration?

getting started
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

John Wang avatar image
John Wang answered
> For this subscription, we have to pass the authorization and validation-token as header parameters, is there a way to do that for multiple accounts?

There is not for the 'Authorization' bearer access token request header. An access token is tied to an app+user so each user will have their own access token which your app needs to keep a track of. The unique id for a user is the user's extensionId so you can create a mapping of extensionId to access token in your app.

The 'Validation-Token' response header is independent of account and user extension since all you need to do with it is populate it with the value you receive in the 'Validation-Token' request header.

> what can be shown in the installation forum?

If you mean the App Gallery ( https://apps.ringcentral.com), we can provide a description of and link to your app for installation into the user's account.

> Can I get the access token and the authorization of the account that wants to install the integration?

Yes, when a user wishes to install your app, you should initiate a 3-legged OAuth flow which will provide a login to the user and return an access token for the user to your app. If you are building a server-side app, you should use the Authorization Code flow. If you are building a client-side (in-browser) app, you should use the Implicit flow.
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

mahmoud-mahajna9352 avatar image
mahmoud-mahajna9352 answered John Wang commented
Thanks, that was helpful:).

I have another question.

To subscribe to posts events, we need to use this testing URL:  https://platform.devtest.ringcentral.com/restapi/v1.0/subscription, and we have to pass as header parameters, the Authorization and the Validation-Token.
I just need to validate if I understand that correctly, the Validation-Token, is the token that was generated in the app, and wont be changed for all the subscription for every account that needs to use the integration. is that right?

And the Authorization is the access token that will get it from the OAuth flow, that corresponds the specific account, is that right? 

Are those parameters enough to listen to the specific account posts events?

Just to clarify, I'm trying to implement a public application, that multiple accounts/companies can use. And my purpose is to subscribe to the posts events for each account separately.

Thanks :).

Mahmoud

1 comment
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

The 'Validation-Token' is not generated by your app and it is only used once. It is generated by the RingCentral server to test the webhook URL you provided in your webhook creation request. It is only used when you register your webhook the first time. After that, it doesn't get passed or need to be use again. When it is used, it is generated by the RingCentral server to validate your webhook is operational. Your webhook endpoint needs to take the value in the 'Validation-Token' request header and return it in the response header. That is it. There is no need to use the 'Authorization' header in this transaction.

The 'access token' from the OAuth 2.0 flow corresponds to a combination of the user (account user) and app.

Having a webhook URL that has an active subscription is enough to listen for events. You will need a minimum of one access token per account/company. You may need more, per-user, depending on what you are trying to do.
0 Likes 0 ·
John Wang avatar image
John Wang answered
BTW, if you are interested in making this a public (vs. private) thread, you may get more responses from our community developers.
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys