Twilio controlling video room access - twilio

jut for a background, I'm building a poc of twilio based video chat contact center and I've came upon one issue. Most of the people using the service will be anonymous customers, no logging / authentication here. Looking at the twilio api, once I produce a Token with VideoGrant I loose all control of what the javascript client does with it, for example, someone can modify my JS client to create their own room, instead of joining the one assigned by my app.
Is there any way to create VideoGrant which would allow only joining a room, preferably a single, selected room?
There is a mention of Room Events in the console, but I didn't see any docs on it, maybe it would allow to catch rooms creation and kill the unknown ones, btw is there a REST api for rooms? nothing on official REST api docs again.
Sorry if the questions are a bit vauge, I'm aware that they might not meet SO standards, but I know that few Twilio developer evangelists are active so maybe you guys can propose some best practices here or just point out to the right docs if I am dumb enough to have missed them.

Lukasz,
Rob Brazier here, PM for Video. In the next few weeks we'll be adding a new grant to the Video section of our Access Tokens that allow you to lock down access only to a specific Room.
The basic flow will be:
User visits your site.
Your app server decides what Room they should connect to.
Your app server creates a Room using whatever identifier you like as the name (using the upcoming Video REST API).
Your app server generates an Access Token with a grant for the specific Room created in #3.
Your app server returns that Access Token to the client.
Client connects using the provided token and is joined to the specified Room.
Let me know if this is clear. Thanks,

Related

Teams bot, which approach to go for?

My use case requires me to integrate teams with an app. Whenever a message is sent from that app, a private channel will be created and the message will be sent to teams. I've been reading the documentation and it has only confused me further. Do I need to use graph or bot? Can I do this using only graphs or only bot?
It's possible to send a message using Graph API - see here for more: https://learn.microsoft.com/en-us/graph/api/chatmessage-post?view=graph-rest-1.0&tabs=http
HOWEVER, there are two ways to authenticate with Graph, either via an "application" permission (kind of like background service), or via "delegation", which means your app would work on behalf of a user. For this specific Graph endpoint, Microsoft mentions in the page that Application permissions are only allowed for "migration" (e.g. if you were building a tool to migrate from, say, slack to Teams). That means that you would have to use "delegation" which means the message would appear to come from a specific user.
As an example, instead of the message coming from "ABC Application", it would appear to come from "Syed Muhammad Ibrahim". If that's ok, then you can use Graph. If not, you would need to go the Bot route.

Twilio New Requirements for A2P 10DLC Registrations

We are not prepared to persist customer's EIN's in our systems because of the associated risks and liabilities. Does Twilio have any alternatives for registering our low-volume customers? For example, an API that our web page could interact with for our customers to register themselves?
Is there perhaps an alternative path? For example, creating sub-accounts for each of our hundreds of customers that would allow them to register on Twilio and still allow our software to interact with SMS on their behalf?
Are there any third party apps that Twilio endorses that could assist in the SMS registration for us? Or even perhaps a third party API that persists encrypted data like EINs for us and assumes that liability for us?
Thanks.
Update: I realized we have options to pursue for registration without needing to persist sensitive data like their EIN. We could inject user interaction in the middle of our current registration steps, meaning the registration steps stop at the required points in the process, our user is notified of needed data, then the registration resumes when they furnish the data. The data like EIN would be transferred directly to Twilio API without being persisted on our server. Problem solved. Still, it would be good to know if there are any good answers to my other questions. Thanks again.
Twilio developer evangelist here.
Our Messaging Product Lead says they are not aware of any 3rd party apps that help with 10DLC registrations and believe the best option is what you mentioned in your update!

Posting to a teams channel from a logic app or flow which includes an banner alert / activity feed item

I have a logic app which posts a channel chat message to teams automatically when a new item is created in SharePoint. This I have working but our client requires that all the team members receive a banner alert and activity feed which I am having a lot of difficulty with.
What I've already tried...
Using a Incoming web hook on the teams channel - this was a very simple way to post from the logic app but the incoming webhook don't seem to support mentions.
Using the msft graph api - The /team/channel/message endpoint can post messages and user mentions but the this endpoint doesnt support channel or team mentions. It also appears that the graph API needs to use delegated permissions to post messages in teams. I'm using application permissions as this is a logic app. The logic app HTTP post connector doesnt offer the "connect as username#tenant.com" some of the other connectors use.
Using the flowbot post message - Like the above channel and team mentions are supported here so the post is added to the channel but with no notification to the team members
Using a notification only bot - I thought I nearly had it with this one. Microsoft's node bot sample number 57 looked like it can do most of what I want, it iterates through the users in the team and messages them this a customisable alert message...
https://github.com/microsoft/BotBuilder-Samples/tree/master/samples/javascript_nodejs/57.teams-conversation-bot
However I can't see how this bot can be triggered from my logic app as it seems to require an existing conversation context or an #mention from within teams to start communicating with users.
What I'm considering trying next
Iterating users within the logic app - Next I plan to try and get team membership from the graph API and iterate the members in the Logic App, posting a message to each user separately. I had hoped to utilise the group #mention feature as a simpler way so I'd be grateful if anyone had any thoughts on other ways of doing this, or maybe there's something wrong with what I've already tried that you could give me some expertise on.
Thanks in advance ;)
Andy
You're on the right track with the Bot, but you're wanting to send something called a "Pro-active" message. You need the bot registered in the channel in order to get access to a few key properties (conversation id, service url, etc.), but you can use those to send a message from -outside- your bot (e.g. in an Azure Function). You might be able to do this directly from a Logic App, but I haven't tested that specifically.
To find out more, see my answer at Programmatically sending a message to a bot in Microsoft Teams but I've also got a recent blog post that you might find interesting for background on this at How Bots Actually Work.
Hope that helps
You can use Graph to post a message in 1:1 chat as long as you have the chat it. You can find the answer in this post Send message to personal Chat via Graph API
You can also call Graph API from Logic Apps. (https://techcommunity.microsoft.com/t5/integrations-on-azure-blog/calling-graph-api-from-azure-logic-apps-using-delegated/ba-p/1997666#:~:text=Calling%20Graph%20API%20from%20Azure%20Logic%20Apps%20using,Manage%20-%3E%20Certificates%20%26%20secrets%20More%20items...%20)

twilio how to get possible users

I retrieved an access token from my server and have connected the JavaScript SDk chat client like so. I have created a channel like so. The next step I'd like to invite a user like this. In that example they invite the user 'elmo'. Where do I get 'elmo' or how do I present the user with a selection of possible 'elmo's? The client sdk has no list users functionality.
Edit:
It looks like the REST API has a list users method. But can't find any examples of it used. Should the 1st person chat client be using the REST API as well to supplement gaps in the client SDK or should it get the identity from backend? Our team has different interpretations of the docs: twilio REST API is strictly for backend vs. twilio REST API can and should be used any where. Moved to twilio REST API: strictly backend?
Twilio developer evangelist here.
In my opinion Twilio's Chat API should not be the central source of truth of the users in your system. I don't know anything more about your application than what you've written here, but I would expect that you have a user model within your own system that you have used to generate or create an identity that is then used by the Chat API as well as how your user logs in to your system. I would then use that user model to connect users and provide their identities so that they can join chats together.

how to make an quickbooks Api call and bypass login

I know I'm probably going to get a "no, you can't do that" but it doesn't seem reasonable to me.
My client uses Quickbooks Online and wants to be able to have his customers sign in to his web site and see how much they owe, and then pay their invoices with a credit card.
Obviously, the customers themselves can't be signing into Quickbooks Online. We want the web server to be able to directly access the data via the api.
I've found the api but I'm not sure if it's possible to have the webserver connecting to it and getting the data it needs.
I know this can be done with other systems. I've done it with GMail and Salesforce using OAuth2.
The biggest piece I want to load from quickbooks as well might be something unavailable as I couldn't find it in the API anywhere. When my client opens Quickbooks Online, he can send an email to any customer that will include a link to pay online by credit card. We'd like to be able to find that link and redirect the user to it. But I'm not sure if it's available via the api.
I could go with webhooks but that would require storing all that data on our webserver, and syncing it for existing data. Not to mention what happens if an update happens to fail.
You're misunderstanding how OAuth works a bit, which is what is causing the confusion here.
The person who owns the QuickBooks company logs in, not the end-user. They log in ONCE, and that gets you OAuth tokens that you can use to make server-to-server calls forever going forward.
Soooo...
I know I'm probably going to get a "no, you can't do that" but it doesn't seem reasonable to me.
You can do what you're trying to do, you're just going about it the wrong way.
Obviously, the customers themselves can't be signing into Quickbooks Online.
Correct.
We want the web server to be able to directly access the data via the api.
That's fine, and totally do-able.
I've found the api but I'm not sure if it's possible to have the webserver connecting to it and getting the data it needs.
It is do-able.
The key understanding here is that you're going to have an OAuth connection process that the person who owns QuickBooks is going to go through just once, to get you OAuth tokens.
You're then going to store those OAuth tokens server-side (e.g. in your database).
You can then use those stored OAuth tokens to make future server-to-server API calls whenever you want.
When my client opens Quickbooks Online, he can send an email to any customer that will include a link to pay online by credit card. We'd like to be able to find that link and redirect the user to it. But I'm not sure if it's available via the api.
I don't think this information is available via the API right now.
There is an API endpoint to send an email invoice, if that's helpful:
https://developer.intuit.com/docs/api/accounting/invoice

Resources