A: 
Enjoy coding
+1  A: 

This is known as 3rd party call control. With Cisco Communications Manager (which is likely what you're IP phone is talking to), all of the methods to control your IP phone will require credentials configured in admin interface of Cisco Communications Manager. There are multiple ways to do what you're doing. The various APIs are:

  1. Cisco IP Phone Services XML (which you referenced above). Specifically, you would send an HTTP Post to your IP phone with an IPPhoneExecute message. Inside this message, the action will be a Dial URI in the form: Dial:12345. 12345 is, of course, the number you want to call. You can achieve this method with only a browser--it is the simplest way to go.

  2. Cisco JTAPI or TAPI. Both of these require you to write a program using a somewhat complicated API. Both JTAPI and TAPI will give you control over your IP Phone and allow you to place calls, etc.

  3. Cisco WebDialer API. This is a SOAP web service that runs on one of the Cisco Communications Manager nodes. It provides similiar, but fewer, capabilities as JTAPI/TAPI, but does bring the added benefit that it is a SOAP API and will be generally easier to consume for a non-telephony programmer.

  4. Finally, you can look at Cisco Unified Application Environment. This is a development environment that wraps all of the above functionality and makes it very easy to consume. You can write applications in C#, Java, or with a graphical modeling language in the Cisco Visual Designer.

In terms of complexity, #1 is the easiest. #4 is the second easiest to program but is more complicated to setup and maintain. The CUAE is also not free so it will cost money to purchase the licenses from Cisco.

Depending on how motivated you are, it is fairly straightforward to fake out the IP phone. When the IP phone is asked to authenticate a user, it does an HTTP get to http:///Authenticate.jsp (I think, you will need to verify the actual URL as it has been some time). The username and password are passed in clear text to the web page for validation. The response is a simple text/plain response alng the lines of "VALID" or "NOT VALID" (again, do some checking as it has been a very long time for me). If you want, you can try to put a computer you control between the phone and the switch to see if you can intercept these HTTP requests. This method won't work if your network guys have configured fancy voice VLANs or done some other tricks to ensure that IP phones are plugged into the switch ports, but it's worth a try if you care enough to get control over your IP phone. Certainly the easiest thing to do is get your username/password from your administrator.

lrm
Thank you very much. The login credentials are the problem for me. I have been asking my network guys for password of these but either they dont know how to get it or they dont want to give it... end of the day i am getting no help from them. I will definitely try your methods and see if there is any way i can do to get it and let u know if it works. Thanks again for your help.
Enjoy coding
There's no way to do it w/o the user/pass or w/o faking out the phone. Looking back at my old notes I believe the authentication URL returns 0 or 1, not VALID or NOT VALID. You can see what the authentication URL is by looking at the IP phone settings (assuming the key hasn't been disabled by your admin). There should be a setting called: "Authentication URL". Also ensure that if you get a user from your admins that they enable IP phone services in the user's capabilities.
lrm
Something else you can try: Plug your computer into the switch port of the IP phone. If you look at the back of the phone, it has an ethernet jack you can plug into. I recall some time ago (years) that if you sent an IP phone XML execute message from a machine connected to the embedded switch port that it wouldn't authenticate against Communications manager. Again, this is probably configurable by now so they may have turned it off, but it's worth a try.
lrm