Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
3
Replies

Are UDS API secure ?

mmenozzi
Cisco Employee
Cisco Employee

‎12-18-2015 02:19 AM - edited ‎03-01-2019 02:52 AM

Hi team

assuming that I'm not an expert in development area and especially in APIs I got a question from a financial customer that I really don't know how to address.

Question raised from this link

https://developer.cisco.com/site/user-data-services/overview/authentication/

Customer is complaining about UDS API resources are not secure.


Here is the story:this customer is approaching a Mobile Remote Access UC architecture and he would develop an application that leverages on UDS API to allow external user to search contact on this application and not on CUCM. The reason is that CUCM is currently (and correctly for me) limited in terms of contact sync.

Ok, no problem if you have a third party that support UDS maybe we can do that but looking at page above the got scared. They saw that several resources don't require user authentication in HTTP session so they are complaining because these API don't guarantee that transactions or access to some resources are all authenticated and their security department currently asks for this.

I really don't know what to say. I even don't understand very well the differences in terms of resources, however I ask you kindly in which could be the best approach to give a feedback here without making them to much disappointed.

thanks

regards

Marco

Labels:
0 Helpful
3 Replies 3

Geevarghese Cheria
Cisco Employee
Cisco Employee

‎12-20-2015 11:22 PM

Hi Marco,

   I would request you to post your query under the community - User Data Services

Also more details  please refer FAQ also - Cisco DevNet: User Data Services - FAQ

Thanks and Regards,

Geevarghese

0 Helpful

amoherek
Cisco Employee
Cisco Employee

‎12-23-2015 10:18 AM

Hi Marco,

UDS is secure and enforces https for all the requests. If anyone sends the request to http then it gets redirected to https.

Here is the API’s references

https://developer.cisco.com/media/cisco-user-data-serviccs-usd-api-refs/overview.html


Thanks,

Adrienne

0 Helpful

mmenozzi
Cisco Employee
Cisco Employee
In response to amoherek

‎01-17-2016 08:18 AM

Hi Adrienne.

Sorry for the delay but I have been stuck for a while with other urgent topics for the same customer.

Actually I got a feedback from a colleague that effectively there are some resources that for some reason don't require authentication and for this reason the session would be http only and not secure.

This option is worrying the customer as they don't allow corporate HTTP not secure sessions. Based on the UDS Dev page I added at the beginning sounds like that.

regards

Marco

0 Helpful
Customers Also Viewed These Support Documents