Applying OAuth on RingCentral APIs
In this post, we will see how to test the APIs in an API testing tool like postman and generate an OAuth 2.0 token before calling the actual API and passing the token into it.
Join the DZone community and get the full member experience.Join For Free
In this post, we will see how to test the APIs in an API testing tool like postman and generate an OAuth 2.0 token before calling the actual API and passing the token into it. All the RingCentral APIs are secured by OAuth 2.0 with different grant_type.
We will start from where we left off in the last post. Once the application is created in RingCentral developer platform, we can test the application functionality via the API. The API will be automatically bound by the OAuth 2.0 security mechanism.
The main point that needs to be remembered while creating an application in the developer portal is that the application API is supported by a different kind of OAuth 2.0 grant_type that depends on the “Platform type” of your application.
For example, in our last post, we created the application of (Platform type=Desktop/Window), which supports (grant_type=password) also known as “Password flow” in the RingCentral Developer Portal and formally as the “Resource Owner Password Credentials” grant in the OAuth 2.0 IETF RFC 6749 standard.
As we said, we have created the application with Desktop/Window, we will be using (grant_type=password).
We will test our API in postman in 2 parts:
- Generate OAuth token by calling the OAuth API:
- Pass the generated OAuth token as a parameter in the actual API and get the result.
Generating the OAuth token of grant_type=password is simple. We need to pass the URL: https://platform.devtest.ringcentral.com/restapi/oauth/token
"Authorization",:"Basic <ClientID:ClientSecret in base 64>
In the body, we need to pass the parameters in the following way:
username=<account phone number>&password=<account password>&extension=<your extension>&grant_type=password
That’s it, you will able to generate the OAuth token as below:
We can see in the above image that the access_token and the refresh_token has been generated from the API call.
access_token and refresh_token are valid for 1 hour and 1 week respectively. You can cache the tokens and use them without calling the OAuth API frequently.
access_token lifetime is 3600s = 1 hour
refresh_token lifetime is 7 days( 1 week)
Now passing this OAuth token as a parameter, we can call our main API in postman, as shown below:
As we can see from the response, the above API is called to send an SMS, which is an API service provided by RingCentral.
Published at DZone with permission of Anirban Sen Chowdhary, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.