Solved: Webex Meetings XML API Password Encryption

yhung · ‎02-13-2020

Hello all,

When sending a request to the API, there needs to be authentication, and the documents show that this password is stored on the XML as plain text, what options do we have to encrypt this password so it's not showing in plain text?

Thanks.

dstaudt · ‎02-14-2020

Using HTTPS, verifying certificates, and pinning the Webex API cert will be your main approach for passwords.

If your Webex site is configured for SSO, then OAuth will certainly be the best. This sample includes an example of using Webex OAuth for Meetings XML requests: https://github.com/CiscoDevNet/webex-meetings-python-samples

View solution in original post

dstaudt · ‎02-14-2020

Using HTTPS, verifying certificates, and pinning the Webex API cert will be your main approach for passwords.

If your Webex site is configured for SSO, then OAuth will certainly be the best. This sample includes an example of using Webex OAuth for Meetings XML requests: https://github.com/CiscoDevNet/webex-meetings-python-samples

yhung · ‎02-14-2020

Thanks so much David. Really helpful, I have to interact with both SSO and non-SSO, so will definitely look at your repo. Thanks for that.

For your first point, is there any documentation I can look at for using certificates for authentication? Or is it just relying on the TLS communication for the encryption, and not worry about the password being stored on the XML script?

dstaudt · ‎02-14-2020

Just good old TLS...it's actually better to have the passwords in 'plain text' in the encrypted body than in 'Base64' encoding in the header, as with Basic Auth....

yhung · ‎02-14-2020

I've seen a third party that when I enter the password to the field, it encrypts the password inside the XML, I wonder what format will accept the encrypted password as.

Anywho, thanks for the input David, really helpful.