Webex Meetings > Develop and Test > XML API > Release Notes

XML API 8.0.0 SP 12 Release Notes

Overview

This release note describes improvements included in Webex? XML API 8.0.0 SP12.

All changes described in this release note are backward compatible with existing integrations.

Enhancement To Simplify Authentication Error Messages

Description:

Cisco has simplified authentication error messages. The username/password based authentication now returns an error if the server encounters either an Invalid Password or a User Not Found error.

The error code is 030002

The error message is “Incorrect user or password”. 

Note that error code 030002 is an existing error code. This means that existing integrations should already be able to handle this error code.

Affected APIs

All APIs that use the securityContext element and that pass username/password information for authentication are affected.

Note that the schema definition of the securityContextType element has not changed, as shown in the following diagram. Only the error codes and error messages have changed.

securityContext schema definition

Further Details

This change is related to security bug: CSCur24176 - User and password enumeration via XML API securityContext header.

Before this change, there were two possible error messages related to authentication errors that could occur from the securityContext header information:

  • "Invalid Password." (error code=030002
  • "Corresponding User not found" (error code=030001

Those two messages have been merged into a single error message: 

  • "Incorrect user or password" (error code=030002)


Community

Visit the Webex Developer Forum to ask questions and interact with other developers. Forums