cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2023
Views
5
Helpful
4
Replies

Webex Meetings XML API Password Encryption

yhung
Cisco Employee
Cisco Employee

Hello all,

 

When sending a request to the API, there needs to be authentication, and the documents show that this password is stored on the XML as plain text, what options do we have to encrypt this password so it's not showing in plain text?

 

Thanks.

1 Accepted Solution

Accepted Solutions

dstaudt
Cisco Employee
Cisco Employee

Using HTTPS, verifying certificates, and pinning the Webex API cert will be your main approach for passwords.

If your Webex site is configured for SSO, then OAuth will certainly be the best.  This sample includes an example of using Webex OAuth for Meetings XML requests: https://github.com/CiscoDevNet/webex-meetings-python-samples

View solution in original post

4 Replies 4

dstaudt
Cisco Employee
Cisco Employee

Using HTTPS, verifying certificates, and pinning the Webex API cert will be your main approach for passwords.

If your Webex site is configured for SSO, then OAuth will certainly be the best.  This sample includes an example of using Webex OAuth for Meetings XML requests: https://github.com/CiscoDevNet/webex-meetings-python-samples

yhung
Cisco Employee
Cisco Employee

Thanks so much David. Really helpful, I have to interact with both SSO and non-SSO, so will definitely look at your repo. Thanks for that.

 

For your first point, is there any documentation I can look at for using certificates for authentication? Or is it just relying on the TLS communication for the encryption, and not worry about the password being stored on the XML script?

dstaudt
Cisco Employee
Cisco Employee

Just good old TLS...it's actually better to have the passwords in 'plain text' in the encrypted body than in 'Base64' encoding in the header, as with Basic Auth....

yhung
Cisco Employee
Cisco Employee

I've seen a third party that when I enter the password to the field, it encrypts the password inside the XML, I wonder what format will accept the encrypted password as.

 

Anywho, thanks for the input David, really helpful.