Set up your partner account

Once you've registered as an RBM partner, you have a partner account. To access your partner account settings, open the Business Communications Developer Console and click Partner account settings. From here, you can do the following:

Update partner account information

From the Settings page, you can view your partner ID and update the following information:

Field Description
Partner name Name of your partner account
Display name Name will appear in the RBM billing reports that carriers receive (as the owner_name field). Carriers will use this to identify you as a trusted partner and to ensure they generate the correct invoicing information for your use of RBM to reach their subscribers. The name you provide here should align with the name used in your carrier messaging contracts.
Technical point of contact

The person Google will contact if there are any technical issues with your agents. You can update their

  • Name
  • Corporate email address
  • Phone number
Webhook This is your webhook endpoint URL. Click Configure to update it. When you configure your partner webhook, it applies to all of your agents. If you want to use a different webhook for an individual agent, you can configure an agent webhook that will only apply to that agent.

Manage brands

As an RBM partner, you can create agents on behalf of brands.

Use the Brands page in the Account settings to add, edit, and remove the brands associated with your partner account.

Add a brand

To add a brand, enter its name in the input field and click Add.

Edit a brand

To edit a brand:

  1. Click the checkbox next to the brand's name.
  2. Click the button, and click Edit name.
  3. Make your edits, and click Done.

Remove a brand

A brand can't be removed if it's associated with an agent, even if the agent is not launched.

To remove a brand, click the checkbox next to the brand's name, and click Delete.

Manage users

The Users page in the Account settings is where you manage the users of your partner account. The user who created the partner account has the role of Owner. New users can have the role of Manager or Reader.

  • Managers can access all the capabilities of the Developer Console, to manage any and all agents belonging to the partner account.
  • Readers have read-only access to the Developer Console, to view any and all agents belonging to the partner account.

Add a user

To add a user, enter their email address in the input field and select their Role.

When you add a new user, they receive an email notifying them that they have access to the partner account.

Remove a user

To remove a user:

  1. Find the user you want to remove, and click the button in their table row.
  2. Select Remove user.
  3. Confirm the removal.

The user you removed receives an email notifying them that they no longer have access to the partner account.

You can't remove a user with an Owner role. To change or remove the Owner, you need to reach out to support.

Change a user's role

To update a user's role:

  1. Find the user you want to update, and click the button in their table row.
  2. Select Edit role.
  3. Choose a new role from the drop-down.
  4. Click Save.

Set up service account to authenticate API calls

When you make calls to the RBM API, you authenticate calls with a service account key. This key lets you create and manage brands and agents, and to send messages and requests as an agent. A service account can have up to 10 keys.

Follow these steps to generate a service account key:

  1. In the Account settings, navigate to the Service account page.
  2. Click Create key, then click Create. Your browser downloads the service account key.

Store your service account key in a secure, private location. Don't share your key publicly. You'll need this key later to access the RBM APIs.

Configure your partner webhook

A webhook is a partner-created HTTPS callback that specifies how your agent should respond to messages and events. Once you configure your webhook, you can start receiving messages and events.

To configure your partner webhook, follow these steps:

  1. Open the Business Communications Developer Console and sign in with your RBM partner Google Account.

  2. Open the Account settings.

  3. For RCS Business Messaging webhook URL, click Configure.

  4. For Webhook endpoint URL, enter your webhook URL beginning with "https://".

  5. Note your clientToken value. You need it to verify that messages you receive are coming from Google.

  6. Configure your webhook to accept a POST request with the specified clientToken parameter and send a 200 OK response with the plain text value of the secret parameter as the response body.

    For example, if your webhook receives a POST request with the following body content

    {
      "clientToken":"SJENCPGJESMGUFPY",
      "secret":"1234567890"
    }
    

    then your webhook should confirm the clientToken value and, if clientToken is correct, return a 200 OK response with 1234567890 as the response body:

    // clientToken from Configure
    const myClientToken = "SJENCPGJESMGUFPY";
    
    // Example endpoint
    app.post("/rbm-webhook", (req, res) => {
      const msg = req.body;
      if (msg.clientToken === myClientToken) {
          res.status(200).send(msg.secret);
          return;
      }
      res.send(400);
    });
    
  7. In the Developer Console, click Verify. When RBM verifies your webhook, the dialog closes.

Verify incoming messages

Because webhooks can receive messages from any senders, you should verify that Google sent incoming messages before processing message content.

To verify that Google sent a message you received, follow these steps:

  1. Extract the message's X-Goog-Signature header. This is a hashed, base64-encoded copy of the message body payload.
  2. Base-64-decode the RBM payload in the message.body element of the request.
  3. Using your webhook's client token (which you specified when you set up your webhook) as a key, create a SHA512 HMAC of the bytes of the base-64 decoded message payload and base64-encode the result.
  4. Compare the X-Goog-Signature hash with the hash you created.
    • If the hashes match, you've confirmed that Google sent the message.
    • If the hashes don't match, check your hashing process on a known-good message.

      If your hashing process is working correctly and you receive a message that you believe was fraudulently sent to you, contact us.

Node.js

  if ((requestBody.hasOwnProperty('message')) && (requestBody.message.hasOwnProperty('data'))) {
    // Validate the received hash to ensure the message came from Google RBM
    let userEventString = Buffer.from(requestBody.message.data, 'base64');
    let hmac = crypto.createHmac('sha512', CLIENT_TOKEN);
    let data = hmac.update(userEventString);
    let genHash = data.digest('base64');
    let headerHash = req.header('X-Goog-Signature');

    if (headerHash === genHash) {
      let userEvent = JSON.parse(userEventString);

      console.log('userEventString: ' + userEventString);
      handleMessage(userEvent);
    } else {
      console.log('hash mismatch - ignoring message');
    }
  }

  res.sendStatus(200);
  

Next steps

Now that your partner account is set up, it's time to build your first agent.