Authorization to gain access to company data is a requirement of every integration and RingCentral is making this easier and more secure by extending its OAuth 2.0 support to include 3-legged OAuth. 3-legged OAuth enables developers to use RingCentral’s servers for user login and password reset in an industry standard way. This also allows developers to transparently support enterprise customers that use third-party providers for single sign-on (SSO), such as PingFederate, Okta, and others.

The benefits of using 3-legged OAuth authorization include providing a consistent RingCentral login to users and additional security that will be appreciated by enterprise customers, while reducing the amount of code that needs to be written to perform integration with RingCentral services.

For developers, implementing 3-legged OAuth is comprised of three simple steps:

  1. Establishing a redirect URI to configure for the app on the Developer Portal
  2. Opening a browser window to the RingCentral authorization URI embedding the redirect URI
  3. Adding code to the redirect URI page to exchange the authorization code for an access token

When using 3-legged OAuth, the user is presented with the RingCentral login and authorization pages, they will see the following pages:

RingCentral 3-legged OAuth This process is documented in the RingCentral OAuth Developer Guide and Developer Tutorial as well as implemented in the RingCentral JavaScript SDK. Here is a quick example from the Developer Tutorial.

Use the following link to open a window to the RingCentral authorization service:

// Get user authorization URL
var myRedirectUri = '';
var authorizeUrl = rcsdk.getPlatform().getAuthURL({
redirectUri: myRedirectUri
// Open window for authorizeUrl

In your redirect URL, retrieve the code form the query string and exchange it for an access token as follows:

// Get query string
var qs = rcsdk.getPlatform().parseAuthRedirectUrl(window.location.href);
var myRedirectUri = '';
qs.redirectUri = myRedirectUri;

if (‘code’ in qs) {
var res = rcsdk.getPlatform().authorize(qs)
.then(function(response) {
// process response and close window (if popup)”, ‘_self’, ”);
}).catch(function(e) {
console.log(“Error: Authorization”)
} else {
console.log(“Error: No Code”)

If you have questions on this service, please contact us at or reach us on the Developer Community at