Using OAuth 2.0 Authorization Code Flow to Access RingCentral APIs

  • 2
  • Idea
  • Updated 2 years ago
  • (Edited)
RingCentral APIs use the OAuth 2.0 protocol (https://tools.ietf.org/html/rfc6749) for authentication and authorization. Common OAuth 2.0 grant flows for web-based and installed applications are supported. For web-based applications, the OAuth 2.0 authorization code flow is supported and required, providing consistency, more trust and additional capabilities making it ideal for web use.

The authorization code flow provides the following benefits:
  1. a consistent and trusted UI
  2. integrated password reset
  3. integrated single sign-on (SSO) via SAML support
This is described in detailed in the RingCentral API Developer Guide:
Overall, just 2 HTTP requests are necessary, one to request an authorization code, and a second request to exchange the authorization code for an access token. A high-level description of the authorization code includes:
  1. configuring the redirect_uri in the Developer Portal: https://developers.ringcentral.com/
  2. request #1: launching a browser window to make a call to an authorization URL
  3. having that window handle authentication and authorization
  4. having that window redirect back to the pre-configured redirect_uri
  5. extracting the authorization_code
  6. request #2: exchanging the authorization_code for an access_token
  7. closing the browser window
Additionally, the RingCentral JavaScript SDK has methods to handle the authorization code grant flows. Below are some official and community resources that can be used to understand and use RingCentral's OAuth authorization code flow:
If you have any questions regarding this, please reach out to us on online or open a support case:
Photo of John Wang

John Wang, Official Rep

  • 5,622 Points 5k badge 2x thumb

Posted 2 years ago

  • 2

Be the first to post a reply!