How to send SMS from the Main Company Number

  • 4
  • Idea
  • Updated 2 years ago
  • Under Consideration
There are two scenarios to send and respond to SMS messages from the Main Company number:

Scenario 1: Send and Respond using a single user
In-order to send SMS from the main company number :
  • Set the Operator Extension
  • Authorize using the Operator Extension
  • Send SMS using the Main Company Number
Operator Extension : When a caller presses 0 (zero) or does not enter an extension number, the system connects the call to the designated operator extension by default. An Administrator can configure the operator extension
to have different call handling rules.

Refer to the link here, to know more about assigning Operator extension on the service web :
http://help.ringcentral.com/articles/RC_Knowledge_Article/Assigning-the-Operator-Extension-on-an-Onl...

Scenario 2: Send and Respond using Multiple Users
In-order to send and SMS from Main Company Number and respond to it using multiple users, set up a call-queue and configure the operator extension to point to the Call Queue.
  • Create a Call-Queue and assign a password to it.
  • Set the Operator Extension to point to Call Queue.
  • Authorize using the Operator Extension ( Call -Queue )
  • Send SMS using the Main Company Number
Refer to the link here, to know more about creating a call queue:
https://www.youtube.com/watch?v=CXO6tg-8Q8s
http://success.ringcentral.com/articles/en_US/RC_Knowledge_Article/How-to-edit-the-rules-for-departm...
Photo of AK

AK, Official Rep

  • 4,402 Points 4k badge 2x thumb
  • Main

Posted 3 years ago

  • 4
Photo of Shahid Sheikh

Shahid Sheikh

  • 184 Points 100 badge 2x thumb
Apologies for replying to a 6 month old post.

From a security point of view, this requirement of having to authorize as the operator extension to be able to send an SMS from the company's main number makes little sense to me.

If we are allowed to set the caller id for all the extensions to the company's main number, then why aren't we allowed to set the from number on an SMS to be the company's main number?

My operator extension is in use by the operator/receptionist of the company. Not about to ask her for the password so I can have my app be able to send an SMS as the main company number. 

I guess I can create a call-queue and make the receptionist's extension be part of the that queue, but really? Do we have to make it so complicated?

Please consider changing this and allowing any extension to be able to send an SMS as the company's main number. Or at least allow the administrator to be able to select extensions that are allowed to send SMS from the main number while authorized as themselves.

Shahid 
Photo of John Wang

John Wang, Official Rep

  • 5,664 Points 5k badge 2x thumb
Hi Shahid,

The reasoning behind having the operator extension authorize an app to send SMS from a main company number is that the app sending from a number should also be able to read responses and those responses are sent to the operator's account. Caller ID is different because an incoming caller can usually reach any extension from the main company number via the IVR.

To have the account administrator delegate SMS permission for the main company number without receiving the administrator's password, configure your app to use the OAuth 2.0 Authorization Code flow. In this case, RingCentral's servers will receive and process the administrator's password, not you or your app. You can also limit your app to the SMS permission so the only rights the administrator will grant your app will be to send and read SMS messages.

For more information on Authorization Code flow, you can see the following page which has links to our documentation and example code:

https://devcommunity.ringcentral.com/ringcentraldev/topics/using-oauth-2-0-authorization-code-grant-...

Thanks,
John
(Edited)
Photo of Shahid Sheikh

Shahid Sheikh

  • 184 Points 100 badge 2x thumb

John,

Thanks for your comment.

I probably did not explain my environment and requirement very clearly. We are not using IVR. The operator in our environment is a person (the receptionist) and the extension of that person has the operator role. That person has their own password for that extension.

I am the administrator of the system. And I have written a small C# code (which is my App) that interfaces an Active Directory password reset web portal with Ring Central's SMS API. Users that have forgotten their password go to this portal and have it send them a reset code as an SMS which they can use to unlock/reset their password.

The from number of that SMS message needs to be main number for the company per policy. Users are told that if they receive a reset code from any other number to not consider it authentic. 

I'm finding out that, even though I have administrator access, the only two ways for me to do this are:

1. Get the password from our receptionist for her extension and have my App authorize with the receptionist/operator extension.

2. Setup a Call-queue, make it the operator, and add the receptionist's extension to the call-queue. Then authorize my app with the call-queue's credentials.

While #2 is a workable solution, the administrators of the system should be allowed to authorize as the main number's extension anyway for any automation applications such as mine. Instead of having to use the loophole of call-queues.

Thanks,

Shahid

(Edited)
Photo of John Wang

John Wang, Official Rep

  • 5,664 Points 5k badge 2x thumb
Hi Shahid,

Your solution #1 seems to use the OAuth 2.0 Password Flow which requires your app to get the password from your receptionist:

https://developers.ringcentral.com/api-docs/latest/index.html#!#PasswordFlow

A solution #3 would be to use the OAuth 2.0 Authorization Code Flow which will enable your receptionist to authorize your app without supplying her password to you. This is documented here:

https://developers.ringcentral.com/api-docs/latest/index.html#!#AuthorizationCodeFlow

Using the Authorization Code flow, your app would redirect to the RingCentral login service so the receptionist password would only be supplied to RingCentral, as if she were logging into our Online Account Portal or Glip. The link above provides more information on the Authorization Code flow grant and the demo app below includes two screenshots. This works similarly to apps using Facebook / Google / Twitter Auth where users authorize apps to access Facebook / Google / Twitter accounts without ever handing over their passwords to the apps.

https://github.com/grokify/ringcentral-demos-oauth

Does this help?

Thanks,
John
(Edited)
Photo of Shahid Sheikh

Shahid Sheikh

  • 184 Points 100 badge 2x thumb

Hi John,


Thanks for the pointer to Authorization Code Flow. I have not tested it yet. It appears that the authorization is time limited and that it expires. In my application asking the receptionist to re-authorization the application over and over again would be worse than asking her for the password once and telling her not to change it.


We are trying to accomplish a very simple task of sending an SMS message. All these authentication and authorization requirements are making this a difficult task. As requested in my first post in this thread, please do consider allowing extensions to send SMS messages from the company's main number.


Thanks,

Shahid

Photo of John Wang

John Wang, Official Rep

  • 5,664 Points 5k badge 2x thumb
Hi Shahid,

The access tokens provided in both Authorization Code and Password Flows can be refreshed indefinitely using the OAuth 2.0 Refresh Token Flow described here:

https://developers.ringcentral.com/api-docs/latest/index.html#!#RefRefreshTokenFlow

By default the access token has a 1 hour life (access_token_ttl) and the refresh token has a 1 week life (refresh_token_ttl) which means as long as your app performs the Refresh Token Flow once per week, your app will always be authorized.

Our official SDKs will automatically handle token refresh for you so that if you make 1 API call per week, you will always have a live access token. Our C# SDK is here:

https://github.com/ringcentral/ringcentral-csharp

Thanks,
John
(Edited)
Photo of Shahid Sheikh

Shahid Sheikh

  • 184 Points 100 badge 2x thumb

I cannot guarantee that my app will be called at least once a week. I would have to create a separate scheduled task just to keep refreshing the token.

In the sandbox development of the app, I had refresh_token_ttl set to -1 and was authenticating every time there was an SMS to send.

Thanks,

Shahid  

Photo of John Wang

John Wang, Official Rep

  • 5,664 Points 5k badge 2x thumb
I'm not sure how your app runs but, for many apps, it's possible to add a timer in the app to perform the API call / refresh so no separate scheduled task is necessary. It can be handled inside a single app. This may not work for some app types (e.g. PHP) so for some a separate scheduled task may be necessary as you state in certain environments. We also have a new C# SDK we're working on that has an auto-refresh feature built right in:

https://github.com/ringcentral/ringcentral-csharp-client/blob/master/RingCentral/RestClient.cs#L51

If you cannot support having the receptionist authorize your app using the Authorization Code Flow, is it possible to set up a second, well known main company number assigned to your extension? Companies will often have separate well known numbers for different purposes. In this situation you can stay with the Password Grant and setting refresh_token_ttl to -1.

We can consider changing the existing behavior as you mention above, but it will need to go through our prioritization process.
(Edited)
Photo of Ryan Ryan

Ryan Ryan

  • 174 Points 100 badge 2x thumb
Agree with @Shahid Sheikh.  The authentication and authorization over and over for a user is overkill when we have the master credentials.  The admin should be able to send "from" a ringcentral number associated with the account.