To homepage To homepage
Question

Is authorization always needed for sending SMS messages?

  • 6 May 2016
  • 4 replies
  • 3989 views
S

I am trying to better understand how the SMS API works. Newbie so please bear with me. Maybe I am making this too complicated and there is an easier way.

Using ManageEngine's ADSelfService to allow remote users to change their expired and forgotten passwords. It has the ability of sending verification codes via SMS using HTTP GET/POST through a web API. I can define HTTP Parameters and HTTP Request Headers with my POST request. It allows for two variables %mobNo% for the "to" phone number and %message% for the message "text".

My problem is Authorization.

Looking at the example here: https://developer.ringcentral.com/api-docs/latest/index.html#!#TextMessages.html it appears that authorization is not required. But it doesn't work without giving a Bearer token in there. As this example shows: https://developer.ringcentral.com/library/tutorials/message.html. Perhaps in the first example it is assumed that the session is already authorized??

And I am assuming that the token expires and needs to be refreshed. So if I enter a token in the config of ManageEngine, it may work for a short period of time after which it starts getting 401 TokenInvalid and Access Token Corrupted.

All in all using the SMS API seems to be an overly complicated way of sending a simple SMS message. Or maybe I am complicating it too much. But other than the two variable I have mentioned above, my HTTP POST would have to be static every time.

The goal is to be able to send that verification code from the main phone number of the company. So I am looking for sending these SMS messages through RingCentral.

Do I have to write a wrapper app that accepts the HTTP request from ManageEngine and then relays that to the SMS API after authorizing/authenticating? Or is there a way to use static passwords or other forms of authentication and have ManageEngine talk to the SMS API directly?

Thanks,

Shahid


4 replies

A
I'll answer the ManageEngine ADSelfService integration first. From looking online, I found the following which indicates a specification that does not match our API.

https://www.manageengine.com/products/self-service-password/help/admin-guide/Admin/server-settings/s...

To connect the ManageEngine interface below to the RingCentral API, there are a few approaches that can work:

(1) self-service: one way would be to set up a middleware service that would listen for API calls from ManageEngine using their format and then reformat into RingCentral's API format.
(2) assisted self-service: another solution would be for ManageEngine to publish a Zapier app (https://zapier.com/) to make the connection easier. RingCentral already has a Zapier integration with a SMS action that can fulfill sending the SMS text. Here ManageEngine would need to integrate with Zapier, a popular API integration platform, which they may be considering already.
(3) direct integration: ManageEngine or RingCentral can perform direct integration but this may take longer to prioritize.

If you have a way to stand up a simple service, say on AWS or Heroku or your own servers, option 1 may get you to success the fastest. Our SDKs will automatically handle token refresh for you so if you can use one of the SDKs, that will be easier for you to handle:
 
https://developer.ringcentral.com/library/sdks.html

Regarding the other questions:

Sending SMS via the API requires authorization to prevent abuse. Otherwise, anyone could send SMS over HTTP. This is specified in the access token part of our documentation but the SMS section should be updated:

https://developer.ringcentral.com/api-docs/latest/index.html#!#UsingAccessToken.html

Finally, the use of access and refresh tokens are good security practices and part of the OAuth 2.0 specification:

https://tools.ietf.org/html/rfc6749

As mentioned above, it seems like the easiest way to connect the 2 services today would be to set up a middleware server app that listens for ManageEngine calls and translates them to RingCentral API calls using a RingCentral SDK that automates token refresh. Is this something you can do?
S

John,

Thank you for the detailed reply and for looking into ManageEngine documentation.

I have looked at the API. While very intriguing, I am in an environment without any development tools except for basic notepad, ASP.Net, and IIS. So I could possibly create a middleware page in ASP.Net that would relay the SMS message from ManageEngine to the API, handling Authorization and JSON without the ability of installing development tools (NuGet, Visual Studio, DotNet assemblies, etc) on the customer's machine where ManageEngine is setup is just a royal pain.

I agree that access and refresh tokens are good practice, but for a static integration requirement like this where the identity of the server/service that is wanting to send an SMS never changes, its probably overkill and a hindrance that has me looking for other simpler solutions than RingCentral SMS.

Are there any Windows PowerShell cmdlets available for RingCentral?

Thanks,

Shahid

A
I've just posted some information on integrating ManageEngine ADSelfService here:

http://ringcentral-integrations-cookbook.readthedocs.io/en/latest/integrations/manageengine/self_ser...

It doesn't have any code but provides basic integration information for both custom middleware and Zapier.
A

Inspite of issues like token expire or re authorisation, Authorization is required always to send SMS using an API and the simple reason is to prevent misuse and abuse. It provides the security for an API while sending a SMS messages to the phone number as ringcentral always uses real phone number

Reply


Terms & ConditionsCookie settings
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice