XML API 8.0.0 SP 6 Release Notes
Use "POST" instead of "GET" when request URLs include a password
Description:
This change was made to improve security in HTTP(S) using Post instead of Get in requests. A new feature which is configurable by Webex Cloud Services which will limit access to Post requests only when the requests include passwords. The configuration is off by default.
All Webex REST APIs now use Post instead of Get, whether Webex encryption is used or not. This change affects Page and Server HTTP(S) URLs and APIs which use passwords, plain or encrypted. In Server/Page/Client requests, GET is changed to POST.
- This fix does not apply to public links (such as, pages, emails, or clients) where the user can potentially copy and paste or forward links to other users.
Affected API's:
All Webex APIs
Using XMLAPI when XML requests are made with Get
Description:
XMLAPI informs the requester that Get requests are not supported by the site.
This is a New Feature for use with XML requests.
The XML Services has been modified to throw an exception (SiteNotSupportHttpGETException) for GET methods in an XML request, regardless of whether a password is included in the request or not.
When an exception is thrown, SiteNotSupportHttpGETException sends the error message, "The site doesn't support the HTTP GET method."
Affected API's:
- joinMCMeetingEventHandler - Encrypt 'pw' in meetingURL, which will call the URLAPI m.php to join a meeting.
- getLoginPrefixURL in GetSessionInfoEventHandler - If the event handler does not get a correct response, it returns a URLAPI call requesting a password parameter. The new logic is:
if (no username or no password)
return null
else
throw WBXAppException(“E000035”)
Get/Set OneClickSetting supports CMR via useCollaborationMeetingRoom
Description:
Valid ep:useCollaborationMeetingRoom values are "true" and "false". If there is no this tag in the request, "false" is assumed as the default value.
SetupOneClickSettings->enableOptions->useCollaborationMeetingRoom schema:
SetupOneClickSetting and GetOneClickSettings use of useCollaborationMeetingRoom
Description:
SetupOneClickSettings
Calling the SetupOneClickSetting XML API with useCollaborationMeetingRoom=”true” causes the site level configuration and the user level settings to be verified. If the site supports CET and CMR, and the user supports CMR, the return will be success. Other conditions will return a failure result, and the failure message will be displayed.
GetOneClickSettings
Calling the GetOneClickSettings XML API will return the useCollaborationMeetingRoom value ("true" or "false"). If the site supports CET and CMR, the user supports CMR, and the user checked the "Use my Collaboration Meeting Room for all my instant meetings" in My Profile page, the returned value of useCollaborationMeetingRoom will be true. Other conditions will return "false".
Error handling
There are 3 new exception IDs introduced with these changes:
| Exception ID | Message |
|---|---|
| 010084 | The site does not support cloud enabled telepresence |
| 010085 | The site does not support collaboration meeting room |
| 030086 | The user does not support collaboration meeting room |
Affected API's:
SetupOneClickSettings, GetOneClickSettings
All meeting lists exclude CMR static meetings but include other CET meetings
Description:
The CMR meeting is a special permanent meeting which doesn’t list meetings, so the CMR meeting should be excluded from all meeting lists.
| APIs | Logic |
|---|---|
| lstsummarySession | When user calls lstsummarySession, the CMR meeting session is excluded. If there is no session, XML API will throw a NoRecordException. |
| lstsummaryMeeting | When user calls lstsummaryMeeting, the CMR meeting session is excluded. If there is no session, XML API will throw a NoRecordException. |
Affected API's:
lstsummarySession, lstsummaryMeeting
Return error when edit/delete is attempted on CMR static meeting
Description:
The CMS static permanent meeting’s settings are followed by the original site/session type/user level settings and can’t be changed, even if the corresponding site or session type or user level settings are changed.
| APIs | Logic |
|---|---|
| SetMeeting | If user updates the meeting that is a CMR meeting, XMLAPI will throw a CannotUpdateCMRException. |
| DelMeeting | If user deletes the meeting that is a CMR meeting, XMLAPI will throw a CannotDeleteCMRException. |
Return one of the following errors if an edit/delete is attempted on CMR static meeting:
| No. | Exception ID | Message |
|---|---|---|
| 1 | 060046 | CMR meeting cannot be updated |
| 2 | 060047 | CMR meeting cannot be deleted |
Affected API's:
SetMeeting, DelMeeting
Schedule/set/delete MC CET Meeting support
Description:
XML API now allows creating of CET enabled meeting if site and user level are appropriately configured. If site and user have CET privileges, all new scheduled MC meetings will be CET meetings.
- Updated Meeting Invitation
- Meeting Rescheduled
- Meeting Scheduled
- Meeting Registration Confirmed
- Meeting Information Updated
- Meeting Invitation
Error handling
3 new possible exception IDs have been introduced:
| Exception ID | Message |
|---|---|
| 060048 | No telephony privilege for CET user (Webex audio or TSP is required) |
| 060049 | TelephonySupport can not be NONE or OTHER for CET user |
| 010086 | The site does not support hybrid audio |
Affected API's:
CreateMeeting, SetMeeting, DelMeeting, DelSession
Support IVR and Silence Join
Description:
The ep.xsd schema has changed with the addition of dialiInSequences to "telephony".
Schema Change
getSessionInfoResponse -> ep:telephony -> ep:dialInSequences:
Affected API's:
All APIs which use getSessionInforesponse.telephony
Community
