Proper cURL options to get an access token from RingCentral

Discussion created by jsanders on Nov 22, 2018
Latest reply on Dec 17, 2018 by jsanders

-Get a (free) ringcentral developer account.

-Create/Register an "app" from your dev account panel.  Set it up so you can use "Password Flow" Authentication

-In Filemaker use the  "Insert from URL" scrip step with the following prameters:


Specify URL: "https://platform.devtest.ringcentral.com/restapi/oauth/token

Check "Automatically encode URL" I don't know why.


Target: $yourTokenHoldingVariable

Success means that this variable will populated by by the API with a JSON object containing Access and Refresh tokens.. both of which are subjects for a different day.


cURL Options: <--------where the magic happens and where I died many times on the hill of disappointment


Here is what you are trying to create (less the carriage returns I added here fror easy reading):



-H "Accept: application/json"

-H "Content-Type: application/x-www-form-urlencoded"

-H "Authorization: Basic  [Base64Encoded<appKeyorID>:<appSecret>]"

-d "username=<username>&password=<password>&extension=<extension>&grant_type=password"

-D $dump



Here is the code (again with some returns for easy reading):


"-X POST" &

" -H \"Accept: application/json\"" &

" -H \"Content-Type: application/x-www-form-urlencoded\"" &

" -H \"Authorization: Basic "& Base64EncodeRFC (4648;API::Client ID &":"& API::secret ) & "\"" &

" -d grant_type=password&username=*********&extension=101&password=************" &

" -D $dump"



Here are results from the calculation engine with some carriage returns here for ease of reading:



-H "Accept: application/json"

-H "Content-Type: application/x-www-form-urlencoded"

-H "Authorization: Basic EkjfiKkfjikjcksidfjskeiowcolonappfsdfdfKFAKETRUNCIATEDFORTHISPOST=="

-d grant_type=password&username=15834234193&extension=101&password=notReallyMyPassword

-D $dump



Further breakdown... someone who *actually* knows what they are doing: Chime in!





We are posting here... let the API know.



-H "Accept: application/json"


Header telling the api we are expecting (Accepting?) JSON in return.



-H "Content-Type: application/x-www-form-urlencoded"


Uh... some HTTP / cURL stuff.  I think this is telling the API that we are passing data in a URLencoded form.



-H "Authorization: Basic EkjfiKkfjikjcksidfjskeiowcolonappfsdfdfKFAKETRUNCIATEDFORTHISPOST=="


"Basic" "Authorization" Header. Here we are Authorizing or Authenticating our APPLICATION. To build that big random looking string of characters: You need to Base64Encode, the concatenation of, your Client ID, a : (colon), AND your Application Secret. Read the previous sentence again... slowly.  This concatenated, encoded string is your Application Key.


If you store your Client ID and Secret in fields, this function should work:


Base64EncodeRFC (4648;API::AppKeyOrClient ID &":"& API::secret )





-d grant_type=password&username=1585643673&extension=101&password=NotReallyMyPassword


Here we are Authenticating the USER of the Application.  The user name is the users phone number or email address.


-d means "here is a payload of data"



-D $ourDumpVariable


This is not required by the API but is helpful to us for troubleshooting. -D in cURL means "dump" (send back to us?) the entire response... success or failure.  and $ourDumpVariable is a filemaker variable conjured by the cURL options of this Insert from URL script step.  This is a critical tool for figuring out WTF when wrong.