Idea

ak avatar image
ak Posted ·

How to send SMS from the Main Company Number

There are two scenarios to send and respond to SMS messages from the Main Company number:

Scenario 1: Send and Respond using a single user
In-order to send SMS from the main company number :
  • Set the Operator Extension
  • Authorize using the Operator Extension
  • Send SMS using the Main Company Number
Operator Extension : When a caller presses 0 (zero) or does not enter an extension number, the system connects the call to the designated operator extension by default. An Administrator can configure the operator extension
to have different call handling rules.

Refer to the link here, to know more about assigning Operator extension on the service web :
http://help.ringcentral.com/articles/RC_Knowledge_Article/Assigning-the-Operator-Extension-on-an-Onl...

Scenario 2: Send and Respond using Multiple Users
In-order to send and SMS from Main Company Number and respond to it using multiple users, set up a call-queue and configure the operator extension to point to the Call Queue.
  • Create a Call-Queue and assign a password to it.
  • Set the Operator Extension to point to Call Queue.
  • Authorize using the Operator Extension ( Call -Queue )
  • Send SMS using the Main Company Number
Refer to the link here, to know more about creating a call queue:
https://www.youtube.com/watch?v=CXO6tg-8Q8s
http://success.ringcentral.com/articles/en_US/RC_Knowledge_Article/How-to-edit-the-rules-for-departm...



topic-default
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Comment

· Write a Comment
shahid-sheikh avatar image
shahid-sheikh Posted ·
Apologies for replying to a 6 month old post.

From a security point of view, this requirement of having to authorize as the operator extension to be able to send an SMS from the company's main number makes little sense to me.

If we are allowed to set the caller id for all the extensions to the company's main number, then why aren't we allowed to set the from number on an SMS to be the company's main number?

My operator extension is in use by the operator/receptionist of the company. Not about to ask her for the password so I can have my app be able to send an SMS as the main company number. 

I guess I can create a call-queue and make the receptionist's extension be part of the that queue, but really? Do we have to make it so complicated?

Please consider changing this and allowing any extension to be able to send an SMS as the company's main number. Or at least allow the administrator to be able to select extensions that are allowed to send SMS from the main number while authorized as themselves.

Shahid 
8 comments
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Hi Shahid,

The reasoning behind having the operator extension authorize an app to send SMS from a main company number is that the app sending from a number should also be able to read responses and those responses are sent to the operator's account. Caller ID is different because an incoming caller can usually reach any extension from the main company number via the IVR.

To have the account administrator delegate SMS permission for the main company number without receiving the administrator's password, configure your app to use the OAuth 2.0 Authorization Code flow. In this case, RingCentral's servers will receive and process the administrator's password, not you or your app. You can also limit your app to the SMS permission so the only rights the administrator will grant your app will be to send and read SMS messages.

For more information on Authorization Code flow, you can see the following page which has links to our documentation and example code:

https://devcommunity.ringcentral.com/ringcentraldev/topics/using-oauth-2-0-authorization-code-grant-...

Thanks,
John
0 Likes 0 · ·

John,

Thanks for your comment.

I probably did not explain my environment and requirement very clearly. We are not using IVR. The operator in our environment is a person (the receptionist) and the extension of that person has the operator role. That person has their own password for that extension.

I am the administrator of the system. And I have written a small C# code (which is my App) that interfaces an Active Directory password reset web portal with Ring Central's SMS API. Users that have forgotten their password go to this portal and have it send them a reset code as an SMS which they can use to unlock/reset their password.

The from number of that SMS message needs to be main number for the company per policy. Users are told that if they receive a reset code from any other number to not consider it authentic. 

I'm finding out that, even though I have administrator access, the only two ways for me to do this are:

1. Get the password from our receptionist for her extension and have my App authorize with the receptionist/operator extension.

2. Setup a Call-queue, make it the operator, and add the receptionist's extension to the call-queue. Then authorize my app with the call-queue's credentials.

While #2 is a workable solution, the administrators of the system should be allowed to authorize as the main number's extension anyway for any automation applications such as mine. Instead of having to use the loophole of call-queues.

Thanks,

Shahid

0 Likes 0 · ·
Hi Shahid,

Your solution #1 seems to use the OAuth 2.0 Password Flow which requires your app to get the password from your receptionist:

https://developers.ringcentral.com/api-docs/latest/index.html#!#PasswordFlow

A solution #3 would be to use the OAuth 2.0 Authorization Code Flow which will enable your receptionist to authorize your app without supplying her password to you. This is documented here:

https://developers.ringcentral.com/api-docs/latest/index.html#!#AuthorizationCodeFlow

Using the Authorization Code flow, your app would redirect to the RingCentral login service so the receptionist password would only be supplied to RingCentral, as if she were logging into our Online Account Portal or Glip. The link above provides more information on the Authorization Code flow grant and the demo app below includes two screenshots. This works similarly to apps using Facebook / Google / Twitter Auth where users authorize apps to access Facebook / Google / Twitter accounts without ever handing over their passwords to the apps.

https://github.com/grokify/ringcentral-demos-oauth

Does this help?

Thanks,
John
1 Like 1 · ·
Hi Shahid,

The access tokens provided in both Authorization Code and Password Flows can be refreshed indefinitely using the OAuth 2.0 Refresh Token Flow described here:

https://developers.ringcentral.com/api-docs/latest/index.html#!#RefRefreshTokenFlow

By default the access token has a 1 hour life (access_token_ttl) and the refresh token has a 1 week life (refresh_token_ttl) which means as long as your app performs the Refresh Token Flow once per week, your app will always be authorized.

Our official SDKs will automatically handle token refresh for you so that if you make 1 API call per week, you will always have a live access token. Our C# SDK is here:

https://github.com/ringcentral/ringcentral-csharp

Thanks,
John
1 Like 1 · ·
Agree with @ Shahid Sheikh.  The authentication and authorization over and over for a user is overkill when we have the master credentials.  The admin should be able to send "from" a ringcentral number associated with the account.
1 Like 1 · ·
Show more comments

Write a Comment

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Your Opinion Counts

Share your great idea, or help out by voting for other people's ideas.