I'm looking to create a Twilio Conference through the rest API. And I'm not sure how to start the conference. I'd prefer to do this without the SDK.
Heres the flow that I'm looking for.
In browser I enter a phone number to be called and click a call button.
A request is sent to my server. I handle my back end logic.
In PHP the rest API is used to hit Twilio and start a conference. (Hopefully connect the initial user via JS Client in this request)
Once the connection is established use the callback request to add a phone number to the conference.
I have used rest for outbound calls but I can't figure out how to set up a conference.
For outbound calls I use the rest endpoint https://api.twilio.com/version/Accounts/account/Calls.JSON
What would the endpoint be for creating a conference and adding the client?
I found https://api.twilio.com/version/Accounts/account/confrences.JSON
but it seems to be geared toward get requests for pulling data about conferences not creating an outbound conference.
Twilio developer evangelist here.
If you're saying that you'd like to make Twilio calls from the browser without the Twilio Client JS SDK, then I can't help you there. We don't publish the API and it's not recommended you try to write your own library.
You can achieve the flow you want here. You can use the REST API to generate a call to your client:
use Twilio\Rest\Client;
// Your Account Sid and Auth Token from twilio.com/user/account
$sid = "your_account_sid";
$token = "your_auth_token";
$client = new Client($sid, $token);
$call = $client->calls->create(
"client:CLIENT_IDENTITY", "YOUR TWILIO NUMBER",
array("url" => "YOUR APPLICATION URL")
);
Note, you need to use client:CLIENT_IDENTITY as the to number.
The URL you pass to this call should point to an endpoint on your server that will return the TwiML to start the conference:
<Response>
<Dial><Conference>Conference room name</Conference></Dial>
<Response>
During this request that you return the conference TwiML, you can also kick off a new request to start a call to the phone number you want to dial, again using the REST API.
Does this all make sense?
Related
I am a bit confused. The requirement is that we need to create a REST API in Salesforce(Apex class) that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:
Making a POST request first with username, password, client_id, client_secret(that are coming from connected app in Salesforce), grant_type to receive access token.
Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.
However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API in Salesforce and submits lead request.
I am wondering how would that happen since we can't use POSTMAN for that.
Thanks
These "various different web forms" would have to send requests to Salesforce just like Postman does. You'd need two POST calls (one for login, one to call the service you've created). It'll be bit out of your control, you provided the SF code and proven it works, now it's for these website developers to pick it up.
What's exactly your question? There are tons of libraries to connect to SF from Java, Python, .NET, PHP... Or they could hand-craft these HTTP messages, just Google for "PHP HTTP POST" or something...
https://developer.salesforce.com/index.php?title=Getting_Started_with_the_Force.com_Toolkit_for_PHP&oldid=51397
https://github.com/developerforce/Force.com-Toolkit-for-NET
https://pypi.org/project/simple-salesforce/ / https://pypi.org/project/salesforce-python/
Depending how much time they'll have they can:
cache the session id (so they don't call login every time), try to reuse it, call login again only if session id is blank / got "session expired or invalid" error back
try to batch it somehow (do they need to save these Leads to SF asap or in say hourly intervals is OK? How did YOU write the service, accepts 1 lead or list of records?
be smart about storing the credentials to SF (some secure way, not hardcoded). Ideally in a way that it's easy to use the integration against sandbox or production changing just 1 config file or environment variables or something like that
We have an API that sends a verification code to user's mobile number. The API is:
POST /api/users/verification/start/
{
"mobile": "9849735434"
}
The above API returns following response:
{
"isVerified": false
}
If the response is "isVerified": true, we don't send a verification code to user's mobile. If it is false, we send a code.
Currently, all this works on the just mobile number. We want to make it based on (mobile + device) to make it more secure.
To achieve this, we store a user-identification cookie on the client machine and we are planning to identify the device on basis of that. How should API be modified for this new requirement? Few approaches:
Create different API that works on basis of (mobile + cookie) and sends isVerified: true only if both matches with the value stored in our database.
Modify existing API to achieve this - Since this support for device-specific OTP is not required always, we will have to pass some flag to make it only mobile-based OR (mobile and cookie).
How should we design such API to verify users based on mobile and device?
Hope this would help you, you can modify code and follow some client and server steps.
CLIENT SIDE
Step 1.
Get mobile no and country from user
GET UUID from user device. ( UUID :Is Secure.ANDROID_ID unique for each device?)
Hit Own Api with this params.
SERVER SIDE
Step 2.
Get Validate it, is this mobile no is Valid https://github.com/googlei18n/libphonenumber (we can do it from Client side too)
Step 3.
Generate OTP between 0001 - 9999 or more
Send OTP api call to send on Mobile no as per OTP service provider’s API.
Save OTP no into database along with Mobile no And UUID.
CLIENT SIDE
Step 4.
get mobile no and OTP and hit api
check OTP from DB same OTP then response success else Wrong OTP message you can send.
There are different options.
When you want to use cookies, why do you need a separate API at all? If the client has a cookie, let the client send this cookie as a cookie. Your service can analyze the cookie when needed and decide about further steps.
If you cannot send cookies and the 1st approach is not an option to you:
Device should not know, what type is it from the point of view of your service. That is why I'd suggest to use two services - one without cookies and one with cookies.
You say "RESTful". In the current form your service is not RESTful.
A) Using verbs makes the service NOT RESTful. Rename it for instance to
"POST /api/users/verification/"
B) Two operations are mixed within a single one: Check if client is authenticated and starting authentication process. Split it into two:
To check if the client is authenticated:
"GET /api/users/verification/mobile/9849735434"
To start authentication:
"POST /api/users/verification/mobile/9849735434"
For the POST you don't need a body in this case.
I would modify the existing API to fit the new requirement and here is the important thing I would do while modifying.
Whenever you create any API always have a "version" passed from the client this way you would know which section of the code to execute.
e.g Assume your mobile users have 2 different version of the app, once before this release another after. To have both the user running versioning is helpful.
Pass "Device Type" from client to check whether the client is mobile/tab or other, this will have multiple advantages firstly you will know how much user base is in phone/web, another advantage is you can customize the output size accordingly as web will have more information compared to the mobile app.
Now that you have device and version information you just have to write condition in your existing API. Once you feel there is no old version usage we can retire that portion of API.
I have been successful with sending messages to Twilio via C# and Powershell but trying to use a Web Service call in Cherwell has me stumped.
I have setup the web service call.
I'm passing all the authentication tests because I can perform a lookup for the last 50 messages (which requires authentication) but when I try to call the Messages POST with To, From and Body I get a 400 error.
Unfortunately Cherwell only shows me the 400 error and not the return text from Twilio so I can't debug any further.
If anyone has done this can you please let me know how?
Also if you could recommend a way to put an HTTPS proxy between my Cherwell server and the Twilio endpoint to view the result values, that would help me out.
The key to this is building the message body as a single block of text that should be used as the body of the Web Service call.
Essentially, what you would have is a value that looks like
From=+17195550199&To=+17195550100&Body=Your text message here
I ran into this same issue while building this mApp to provide outgoing SMS capabilities: https://synapsesoftware.com/portfolio/twilio-mapp
I was wondering if there is a good way to send a message with a topic to a service bus queue via HTTP Post in postman for example.
I red something about Sas-key encryption but, lets say I would like to expose the url to someone for them to send my service bus messages, how do I do that the simplest way for them so to speak?
I just want them to have a url not crating a program to generate w token for it..
I know the Service Bus has a URL linked to it but I cant seem to send anything to it...
Is this possible?
I just want them to have a url not crating a program to generate w token for it..
From the Azure Service Bus send message API, we could know that Authorization header is required. If want to let someone to use just with a url. In my opinion is that we need to implement it ourself.
We could develop a Rest API service then we could give a rest api url to somebody who want to use. We could get some demo code about how to create topic and send message from the azure document.
When a user register to my web application I send an email to verify his inbox.
In the email there are a link to a resource like this:
GET /verify/{token}
Since the resource is being updated behind the scenes, doesn't it break the RESTful approach?
How can I do it in a RESTful manner?
What you are talking about is not REST. REST is for machine to machine communication and not for human to machine communication. You can develop a 1st party REST client, which sends the activation to the REST service.
You can use your verification URI in the browser to access the REST client:
# user follows a hyperlink in the browser manually
GET example.com/client/v1/verify/{token}
# asking the client to verify the token
and after that the REST client will get the hyperlink for verification from the REST service and send the POST to the service in the background.
# the REST client follows the hyperlinks given by the service automatically
# the REST client can run either on the HTTP client or server side
GET example.com/api/v1
# getting the starting page of the REST service
# getting the hyperlink for verification
POST example.com/api/v1/verification {token}
# following the verification hyperlink
If you have a server side 1st party REST client, then the HTTP requests to the REST service will run completely on the server and you won't see anything about it in the browser. If you have a client side REST client, then you can send the POST in the browser with AJAX CORS or you can try to POST directly with a HTML form (not recommended). Anyways the activation should be a POST or a PUT.
It depends on what are you trying to do.
Does it fire an email after validating the user for example? If so, it is not an idempotent method and you should use POST.
Example:
POST /users/{id}/verify/{token}
If the method doesn't have any consequence besides the update, I think you should use PUT.
Aren't you overthinking REST? With e-mail verification you want the user to be able to simply click the link from whatever mail user agent he is using, so you'll end up with a simple GET on the server (presented as a hyperlink to the user) with the token either in the path or as part of the query string:
GET http://example.com/verify-email/TOKEN
GET http://example.com/verify-email?token=TOKEN
Either is fine for this use case. It is not really a resource you are getting or creating; just a trigger for some process on the backend.
Why do you think this would run afoul of good design?