cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

If your Cloud Collaboration question is not answered quickly, please email devsupport@webex.com for additional help

144
Views
5
Helpful
4
Replies
Cisco Employee

Webex Meetings XML API Password Encryption

Hello all,

 

When sending a request to the API, there needs to be authentication, and the documents show that this password is stored on the XML as plain text, what options do we have to encrypt this password so it's not showing in plain text?

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Webex Meetings XML API Password Encryption

Using HTTPS, verifying certificates, and pinning the Webex API cert will be your main approach for passwords.

If your Webex site is configured for SSO, then OAuth will certainly be the best.  This sample includes an example of using Webex OAuth for Meetings XML requests: https://github.com/CiscoDevNet/webex-meetings-python-samples

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Re: Webex Meetings XML API Password Encryption

Using HTTPS, verifying certificates, and pinning the Webex API cert will be your main approach for passwords.

If your Webex site is configured for SSO, then OAuth will certainly be the best.  This sample includes an example of using Webex OAuth for Meetings XML requests: https://github.com/CiscoDevNet/webex-meetings-python-samples

View solution in original post

Highlighted
Cisco Employee

Re: Webex Meetings XML API Password Encryption

Thanks so much David. Really helpful, I have to interact with both SSO and non-SSO, so will definitely look at your repo. Thanks for that.

 

For your first point, is there any documentation I can look at for using certificates for authentication? Or is it just relying on the TLS communication for the encryption, and not worry about the password being stored on the XML script?

Highlighted
Cisco Employee

Re: Webex Meetings XML API Password Encryption

Just good old TLS...it's actually better to have the passwords in 'plain text' in the encrypted body than in 'Base64' encoding in the header, as with Basic Auth....

Highlighted
Cisco Employee

Re: Webex Meetings XML API Password Encryption

I've seen a third party that when I enter the password to the field, it encrypts the password inside the XML, I wonder what format will accept the encrypted password as.

 

Anywho, thanks for the input David, really helpful.

CreatePlease to create content