Why does adding new API permissions require a whole new app?

  • 1
  • Question
  • Updated 2 years ago
  • Answered
I've been developing software professionally for 16+ years, and have never come across an API policy quite like RingCentral's.

Specifically this policy: https://devcommunity.ringcentral.com/ringcentraldev/topics/how-can-i-add-new-permissions-to-an-app-w...

Makes no sense at all to me. The post explains the "how" but not the why. Please help me understand why this crazy amount of hoops is needed to work with your API?

Here's my history with this, and why it's so frustrating:
  • We had to switch to RingCentral quickly from another phone provider, so we needed to implement RingCentral's API as quickly as possible, to download call logs and recordings.
  • Our phone numbers/etc were already switched over to RingCentral and collecting data/processing calls.
  • I can't access the production data.. nope. I have to go through the sandbox and am told I need to create my own phone call data/recording data to test with. What? Why isn't there test data provided?
  • Also discover that apps are only graduated once a week (Thursdays) after the team reviews them. What? Why is a team needed? Why only once a week?
  • My code was sitting waiting to talk to production, yet I had to jump through other hoops (you have to make a certain number of successful requests on ALL permissions/endpoints in order to even request your app be reviewed). I just emailed the dev support email until my app was finally put into production.
  • Fast forward a few weeks, and we need to start actually downloading recordings. I try and do it, and get an access denied. Come to find out we need a special hidden API permission to do this. Email dev support over and over until they finally give me the permission on production app.
  • And now, today, I find in order to download voicemail data, I will need a new permission on my app. If I want to follow the rules, I'll have to go through a ton of work just to get this new permission, and I'll have to switch out all my app credentials to "go live". What a mess.
Can someone explain to me the purpose of all this? It's completely frustrating and maddening, and almost made our company bail on using RingCentral-- and maybe we're not a "huge" contract to you guys but we're easily a $3-4k/month contract.

I've literally never had to deal with API "graduation" requirements like RingCentral has. I understand locking down permissions on an app-- and that's great! But don't treat me like a child when I need more permissions from the API, and make me waste my development time on trying to get fake data into your sandbox, and query on the fake data a certain amount of times. It's insulting.

I'd like to either start a real dialog about why this policy exists, and if we can get it changed, at least for some users (like myself) who are "power users" and know how to integrate with an API. At the very least, I need the "ReadMessages" permission added to my existing app in my account.

Thanks.
Photo of Nicholas Head

Nicholas Head

  • 222 Points 100 badge 2x thumb
  • frustrated

Posted 2 years ago

  • 1
Photo of Benjamin Dean

Benjamin Dean, Alum

  • 8,642 Points 5k badge 2x thumb
Hey Nicholas,

We sincerely appreciate your patience, dedication, and willingness to share your concerns and pain points with us as our Platform matures from infancy and while we are in beta mode (as a Platform).

TL;DR   -->  Our Platform is less than a year old and in a constant state of evolution, we have a finite amount of people...but an infinite amount of tasks, and prioritize tasks based on customer/developer feedback. :)

If you're still reading there's good news, and there's bad news.

Let's start with the bad news:
  • Crazy amounts of hoops you endure are caused by growing pains for our Platform (which only turned a year old back in March). We are sincerely working on improving as much as we are able, as fast as we are able, in the most stable and backwards-compatible manner possible.

  • Having pre-configured test-data in Sandbox accounts is an unbelievably large challenge technologically speaking (especially since Sandbox accounts are really Production accounts with service limits in place).

  • As a veteran developer, I genuinely understand your "need for speed" in terms of shipping your product. The delays caused by our Production Access Criteria do present an additional hurdle developers must endure before finally being able to work on "hot" data in Production. I have helped build out three (3) enterprise-grade Platforms over the past 5 years of my career, and please believe me when I tell you that having this additional layer of protection for our customers and developers as a feature of our Platform. No other company I worked for had a Sandbox environment, and I watched developers in tears when they made mistakes which harmed the data, their company, or their own customers. The Sandbox has saved everyone involved (developers, customers, employees, etc...) an UNBELIEVABLY large amount of headache, and here is why:

    1.
    Having a Sandbox environment has prevented the painful and horrible experience that developers must go through when they make a mistake (which we all do...even if we do not want to admit it). The Sandbox environment provides a safe place for developers to build/test/fix their source code while having an identical environment to Production, but without the risk.

    2.
    The Sandbox environment helps our customer's leadership sleep better at night, because they do not have to worry that a developer will make a change in a Production environment for their RingCentral integration which might introduce risk or potentially alter operational state (unless they modify the code-behind, but that is outside of our control). This is especially important for our HIPAA-compliant customers.

    3.
    As we grow our Platform, having the Sandbox environment has given us the ability to help improve the developer experience over time and to prevent some customers who would have unknowingly violated our company's EULA or TOS had they continued forward with their integration in Production without us being more engaged in the process.

    4.
    It has provided us the ability to monitor how people use our Platform and to make improvements for not only the Production implementation, but more importantly...the developer on-boarding experience.

    5.
    The Sandbox environment has been applauded by many developers as a great tool for them to learn without feeling like they might damage their company's business.
Now let's end with the good news:
  • Graduation is no longer weekly on Thursdays, but is being executed EVERY WORK DAY. We are evaluating requests from the previous day (or weekend) each work day. So that is no longer a blocker!

  • Generating test data manually is a great way to learn how to administrate RingCentral and how things operate if you are a developer who doesn't come from a telephony background.

  • We have a community tool available on Github to help generate Call Log and Recording data into your Sandbox account, just read the "community" section of our SDKs page in Developer Portal (https://developers.ringcentral.com/library/sdks.html) and search on the page for:

    RingCentral-Call-Generator-Recordings-Downloader An app to generate call logs and sync recordings to AWS S3 and Dropbox

Please believe me from the bottom of my heart when I say that EVERY customer/developer matters at RingCentral (I only say this because I believe it based on how much importance, late/off-hours engagement, and dedication every member of the team puts forth for our customers and developers). My one hope of my message is to resolve as much of the pain you are feeling, be transparent with you in as much as I am capable of being, and to take all of the information you share about your experience back to our Product/Platform Engineering team(s) for consideration and hopefully prioritization to be addressed.

Hope this helps, let us know if you need ANYTHING further.

Thanks,
Benjamin Dean
Developer Relations Manager
RingCentral Platform
(Edited)
Photo of Nicholas Head

Nicholas Head

  • 222 Points 100 badge 2x thumb
Thank you very much for your well written response! It has given me a good insight to how things are happening with the API and RingCentral.

I would like to clarify -- I'm definitely not opposed to the sandbox at all! It's a staple of most any serious API out there. The thing I take main issue with is having to "prove yourself" to get out of that sandbox. I would argue that shouldn't be necessary, or there should be a checkbox or some "I Agree" type sign off that allows you to immediately graduate your app. I'd also suggest being able to modify the permissions of a deployed app. Not sure why that's not allowed right now (and taking it out of Production isn't really an answer -- nor is having to spin up a whole other app).

Thanks for taking my feedback into consideration. You've by far been the most friendly/helpful person I've dealt with so far on the API team.
(Edited)
Photo of Benjamin Dean

Benjamin Dean, Alum

  • 8,642 Points 5k badge 2x thumb
Absolutely my pleasure Nicholas...anytime.

While I clearly see your desire to be self-service (as far as being able to include additional API permissions to a previously approved Production application), do you feel that a Platform which has taken so many careful and well-thought-out steps as to add a Sandbox + Production Access Process....would be willing to be so reckless with that same Production access as to permit additional API permissions to be added in Production (which === unknown functionality and app-performance/behavior)? Every member of the Product, Platform, and Engineering team has a single focus: help empower developers without adding risk.

There are many ways to mitigate this risk, but each of those approaches must be evaluated, measured, and considered prior to us investing the hard-earned dollars ALL of our customers/developers bestow upon us as an organization. We are considering several approaches, but the best one for now is this:

1. Submit a Developer Support Ticket if you need a modification to an application in Production
2. If you are not being responded to in a fast enough manner...add a message in the DevCommunity (as you have here)
3. If you do not receive a response from the DevCommunity (oh please Lord...help me to answer all of these), then contact your RingCentral Account Executive

I promise that I will be sharing everything you have provided here with our Platform leadership team, but I am unable to promise what will happen next (except...the DevCommunity is ALWAYS here for you, and all our developers)!

:D