We have a question about the supported recovery flow if the partner-side IoT system is wiped or factory-reset after Ring linking was already completed.
In our architecture, the installed IoT system is the component that stores the Ring access/refresh tokens and makes the Partner API calls. If that system is reset, it loses those tokens and can no longer make API calls or refresh access, even though Ring still considers the app integrated.
From what we understand from the docs, the Account Link URL is used during the initial linking flow, while the App Homepage URL is the post-link landing/manage page. In practice, if the user goes back into Ring and selects Manage App, it appears to take them to the homepage/manage experience, but it does not seem to initiate a new claim, nonce match, or token exchange.
So in that situation, what is the supported way to re-establish access for a new or factory-reset partner system?
More specifically:
-
If the original partner system has lost the stored Ring tokens, is there any supported way for Manage App / App Homepage to trigger a fresh linking or re-registration flow?
-
Is there any supported way for the partner to recover or re-bind the existing Ring integration to a newly registered system without first uninstalling/removing the app from Ring?
-
Or is the expected recovery path to have the user remove the app from Ring and then reconnect it from the Ring Appstore so a new token exchange and account-link flow can occur?
We want to make sure we handle this case the way Ring expects, especially for systems where the local controller is the only component that holds the Ring credentials.
Hi Darrell,
We confirmed with our engineering team. Here’s the answer:
The only way to obtain new tokens is for the user to remove and reconnect the app from Ring My Apps. There is no mechanism to re-issue tokens for an existing integration without a full disconnect/reconnect. The remove and reconnect flow triggers a new token exchange and account linking sequence, giving your system fresh credentials.
On architecture: Storing Ring credentials on a volatile system (like a local IoT controller) as the sole source of truth is not recommended for exactly this reason. If the system is reset, the tokens are unrecoverable without user intervention. If your architecture allows it, consider backing up tokens to a persistent cloud-side store that the IoT system can restore from after a reset. This avoids requiring the user to go through the disconnect/reconnect flow every time the local system is wiped.
Summary of the recovery flow for your users:
-
User removes the app from Ring My Apps
-
You receive an app_integration_removed webhook
-
User reconnects the app from the Ring AppStore
-
New token exchange fires to your Token Exchange URL
-
New nonce redirect to your Account Link URL
-
Your system stores the fresh tokens
For your UX, we’d suggest detecting the broken state (e.g., token refresh fails with invalid_grant) and guiding the user through the reconnect process with clear in-app instructions.
Thanks, that helps.
We have one follow-up on the recovery flow after a factory reset.
In our case, a factory reset wipes not only the local Ring tokens, but also the identity of the local IoT controller itself. After reset, the rebuilt controller is effectively a new partner-side system with a new system ID. That means there is no longer any stable local system identity tying the rebuilt controller to the old Ring-linked controller.
So even if we preserved the Ring refresh token in our cloud, we still would not have a supported way to associate that existing Ring integration with the newly rebuilt partner system. The original system ID that was associated with the prior link is gone, and we do not see a way to re-bind the integration from Manage App / App Homepage.
We also have a related UX question: if the local system has been reset and no longer has Ring tokens, is there any supported way for the partner to detect that Ring already considers the app linked for that user/account? That would let us tell the user that they need to remove the existing app integration in Ring before re-adding it.
So the questions are:
-
Is there any supported way to re-bind an existing Ring integration to a newly rebuilt partner system after a factory reset, when the original partner system identity is gone?
-
If not, is there any supported way for the partner to detect that Ring already considers the app linked, so we can guide the user to remove the app and then reconnect it?
-
Or should we assume that remove-and-reconnect is always the only supported recovery path in this situation?
Put differently: if the partner-side system that originally stored the Ring credentials no longer exists, and the rebuilt controller has a different system ID, is there any supported API or flow that lets the partner either:
-
re-associate the existing Ring integration with that new system ID, or
-
at least determine that Ring still considers the account linked,
or should the partner treat that state as unrecoverable except through user-driven remove-and-reconnect?
Hi Darrell,
We confirmed with our engineering team. Here are the answers:
- Is there any way to detect that Ring considers an integration active without a valid token?
No. Ring does not allow any access or status queries without valid tokens. There is no unauthenticated endpoint to check integration state.
- Is there any way to re-bind an existing integration to a new partner-side system identity?
Not today. This is recognized as a valid feature need, but it does not exist yet. Currently, if the integration is broken (e.g., tokens lost, system reset), Ring moves the app to an “Unhealthy” state for the user and partner to take action. Depending on the underlying issue, this may require the user to reinstall the app. A “re-sign-in” flow that re-shares tokens without full reinstallation would require a feature enhancement that has not been built yet.
- Can Manage App / App Homepage trigger a fresh linking or re-registration flow?
Not currently. This is also a feature request that could be built in the future, but is not supported today.
Summary: remove-and-reconnect is the only supported recovery path today.
If the partner-side system that held the Ring credentials no longer exists and cannot be restored, the user must remove the app from Ring My Apps and reconnect it from the Ring AppStore to trigger a new token exchange.
We’ll note the re-binding and re-sign-in flows as feature requests.
1 Like