Intro‎ > ‎

Security

API

We made the API  easy to use -- just REST stuff with an app key parameter.   No complex OAuth, just a plain old  API using SSL.  

Users

You interact with the user’s communications devices as objects within the API based on their corresponding network ID’s, for example:

                                facebook         6815841748 call 658849357

                                twitter            @barakobama call @michelebachmann

                                etc.                more..

Security within our API system won't let you do this, of course, unless both users have registered with your application and Telesocial and the social network involved -- 3 way security plus handset security -- just because you have an API key does not mean that you can just make @barakobama call anyone.  That is, unless Obama uses your app and has enabled calling.  Go for it.

User's anonymity is always preserved through the system in many ways, but most importantly - we do human detection and protect your own phone's voice mail using our communication request.  The communication request must be opt-in for the receiver -- to connect a call, to join a conference / group call (TalkSpace) or even to listen to recordings or music that plays over the phone.

Calls should always be "opt-in" -- your phone shouldn't just ring --only when you want it to ring.  All calls should be opt-in with "Press 1" security, human detection and anonymous calling, but by design calls should only be made when users request them to be made.  With an API something triggers the call, in an application, in a  social network, online playing a game, but in reality a cascade of interactions may occur before any phones start ringing.  That is the sort of magic in the user case -- I don't call you, I ask you first "do you want to talk to me" and if you accept, then the call happens.  No annoying ringing -- ringing when you want it, on demand, by design.  Users opt in and select the communications through applications,  ringing phones when appropriate - and giving choices.  Think about it -- picking up the phone and dialing is so quaint and annoying.  Opt-in calling, or calling on demand -- when both parties consent -- that makes sense.

Authentication & Authorization

The Telesocial API is a free and powerful system that enables mobile calling and advanced communications is safe for users and developers. It is best to think of Telesocial as a “Single Sign On” system for phone numbers and social networks. Telesocial provides a strong physical device challenge system to register phone numbers and map them to social networks and applications.  The system is self healing by using a device challenge mechanism and thus correct for phone number churn and loss or errors in mapping devices.

Telesocial provides a hard device registration mechanism that lets developers register users and devices and allow apps to communicate. The Telesocial API does not require hard authorization and physical challenge unless the user is new in the system or is using the challenge method.  Soft registration is an opt-in mechanism designed to enable the developer with way to signify that the user has enabled the features and wishes to activate communications with a particular application.  Typically a soft registration would correspond to prompts to the user to enable calling or disable calling in a particular application as a feature opt-in.

As a best practice, getting the status for a user in the system will establish whether your application can use the user's mobile device, if it is unavailable, needs to be re-mapped to a different number etc., using status codes in this documentation.





Comments