- Webex Meetings
- XML API
- XML to REST Migration Guide
- XML API Services
- XML API Reference Guide
- Code Samples & Test Tool
- Release Notes
- XML API Latest Release Notes
- XML API 11.0 SP9 Release Notes
- XML API 11.0 SP8 Release Notes
- XML API 11.0 SP7 Release Notes
- XML API 11.0 SP5 Release Notes
- XML API 11.0 SP4 Release Notes
- XML API 11.0 SP3 Release Notes
- XML API 10.0 SP12 Release Notes
- XML API 10.0 SP8 Release Notes
- XML API 10.0 SP7 Release Notes
- XML API 10.0 SP6 Release Notes
- XML API 10.0 SP5-10 Release Notes
- XML API 10.0 SP5 Release Notes
- XML API 10.0 SP4 Release Notes
- XML API 10.0 SP3 Release Notes
- XML API 10.0 SP2 Release Notes
- XML API 10.0 SP1 Release Notes
- XML API 10.0 Release Notes
- XML API 9.0 SP7 Release Notes
- XML API 9.0 SP6 Release Notes
- XML API 9.0 SP5-1 Release Notes
- XML API 9.0 SP5 Release Notes
- XML API 9.0 SP4 and SP3 Release Notes
- XML API 9.0 SP2 Release Notes
- XML API 9.0 SP1 Release Notes
- XML API 9.0 Release Notes
- URL API
- Single-Sign On (SSO)
- NBR Web Services API
- Learn
- Community and Support
Release Notes 9.0.0
_Important: The **XML API 9.0.0 ** release changes some schema definitions. For the latest schema definitions, see the release notes announcements page. The features in this release are backward compatible with previous releases. This release note is last updated on 2015-08-04.
Overview
This release note describes the changes made in the release of Webex XML API 9.0.0. These changes apply to your integration with WBS 30. All features are backward compatible with existing integrations. The changes to the latest schema definitions are explained below.
What is New in this Release
This section describes the new features in XML API 9.0.0.
- API Compatibility For WBS 30 and "Spark Meet with Webex" Offers
- API Compatibility For Existing Webex Sites and WBS 30 Sites Not Provisioned With Spark Meet
- API Compatibility: WBS 30 sites for Spark Meet with Webex
- Site Type Information
- Personal Room Enhancements
- Collaboration Meeting Room (CMR) Enhancements
- Security Enhancements
- Enhancement To User Authentication
API Compatibility For WBS 30 and "Spark Meet with Webex" Offers
With WBS 30, Cisco Webex introduces the Common architecture and Common user profiles for Spark Meet with Webex new orders. There is some impact to API backward compatibility for sites provisioned this way. For more information, see API Compatability below.
API Compatibility For Existing Webex Sites and WBS 30 Sites Not Provisioned With Spark Meet
Existing sites that are upgraded to WBS 30 will not be on the Common architecture until a later release. The common architecture is currently available to new sites only. New WBS 30 sites that are provisioned with offers other than "Spark Meet with Webex" will not be on the Common architecture until a later release.
Note: Only non-lockdown sites will be upgraded to WBS 30.
API Compatibility: WBS 30 sites for Spark Meet with Webex
There are two ways that new integrations of WBS 30 can be set up with the Webex service:
- Spark Meet with Webex WBS 30
- Webex WBS 30 without Spark Meet
In WBS 30, Cisco Webex introduces the features associated with a Common Identity site (CI-site): Common architecture and Common user profiles. These features are only available with new orders of Spark Meet with Webex. There is some impact to API backward compatibility for the sites provisioned this way as explained in detail below. The most significant impact is the limit of CI-enabled sites to perform user provisioning through API calls. On a CI-enabled site, operations associated with user provisioning are not supported through the API.
Note: Existing sites that are upgraded to WBS 30 will not be on the Common architecture until a later release. Only Non-lockdown sites will be upgraded.
Note: On CI-enabled sites, the
webExIDof a user is the same as their email address. The following example shows that the requests to CI-enabled sites use an email address for the sample value of thewebExIDelement.
API Compatibility and Authentication
The XML API that supports WBS 30 maintains backward compatibility for the following authentication mechanisms:
- Username/password
- Token obtained through SAML Response
- One Time Login Ticket
The XML API that supports WBS 30 does not support the following functionality or has limited functionality:
- NOT supported: Partner SAML is not supported through the XML API.
- NOT supported: User provisioning and de-provisioning operations are not supported through the APIs (requests to create a new user (
createUser), to delete a user (delUser), or to activate a user (activateUser) will not be successful). - LIMITED support: Modifying Webex-specific attributes through APIs continues to be supported, but updates (changes or modifications) to attributes that are part of the common user profile are not supported. See
setUserbelow for the list of attributes that cannot be modified.
Affected APIs
CreateUserSetUserDelUserActivateUserAuthenticateUser
createUser
For non-CI-enabled sites, the createUser API works the same as in the previous release. There is no change to the createUser API for the sites that are not CI sites.
For CI-enabled sites, a request sent to the createUser API will result in a response that contains the following exception message:
030098: User management is not allowed on unified site
Example Request to a CI site to createUser
Example Response from a CI site to createUser
setUser
Requests sent to the setUser API on a CI-enabled site ignores some fields that are defined in the API.
Note: The schema is not changed; but certain fields are ignored.
The attributes/elements/fields that are ignored on a CI-enabled site are:
newWebexId, firstName, lastName, title, address, phones,
email, email2, password, passwordHint, passwordHintAnswer,
timeZone, timeZoneID, timeZoneWithDST,
locale, language, languageID, active, security
We recommend that your client applications should not use the above elements in a setUser request sent to a CI-enabled site.
Example Request setUser API sent to CI site
Example Response from setUser API
delUser
For non-CI-enabled sites, the delUser API works the same as in the previous release. There is no change to the delUser API for sites that are not CI sites.
For CI-enabled sites, a request sent to the delUser API will result in a response that contains the following exception message:
030098: User management is not allowed on unified site
activateUser
For non-CI-enabled sites, the activateUser API works the same as in the previous release. There is no change to the activateUser API for sites that are not CI sites.
For CI-enabled sites, a request sent to the activateUser API will result in a response that contains the following exception message:
030098: User management is not allowed on unified site
authenticateUser
For non-CI-enabled sites, the authenticateUser API works the same as in the previous release. There is no change to the authenticateUser API for sites that are not CI sites.
For CI-enabled sites, a request to the authenticateUser API can use an accessToken as the input credential. The authentication server validates the input credential, and if successfully authenticated, returns a value for the sessionTicket element, a createTime value, and a timeToLive value (in seconds).
Be aware of the new exception message associated with this kind of request:
200006 : AS Server response error
The authentication server can also return the exception:
000035: ASService not responding
Example Request to a CI site to authenticateUser with accessToken
Example Response from CI Site
Site Type Information
The release of WBS 30 introduces a new API that allows you to identify a site's type: Unified, Standalone, Standalone SSO (single sign on).
- Unified sites are WBS 30 sites created from Spark Meet with Webex Orders.
- Standalone and Standalone SSO sites are all other existing or new WBS 30 sites.
New API
getSiteType
A request for getSiteType requires that the siteName should be included in the header portion of the request. The server returns the site's type as a number as explained below:
The following diagram shows the getSiteType element that is passed in a request message:
The following diagram shows the getSiteTypeResponse element that the server returns with a successful response to the getSiteType request.
The returned element siteType is a long datatype. The following are the possible valid values:
- 1 = CI
- 2 = SSO
- 3 = Train Non-SSO
- 4 = W11 SSO
- 5 = Non-SSO
Obtaining information about the site type can be useful in identifying and supporting mobile login scenarios.
Example Request
The following sample shows an example of a request for site type information. In this example, the request is for a siteName called acme.
Example Response
Personal Room Enhancements
This release includes enhancements to Personal Rooms, providing more controls to users. These enhancements are made in the XML API:
- User can set auto-lock preference
- User can set auto-lock wait time preference
- User can set Personal Room notifications preferences
- If Webex site is set up for “PR Force Login”,
GetSessionInfoAPI returns the flag
Two new data types are added to user.xsd: PRNotificationTypeEnum and PRNotificationType. Three new attributes have been added to the PersonalMeetingRoomTypeelement:PMRAutoLock, PMRAutoLockWaitTime, and PRNotifications`.
Affected APIs
createUsersetUsergetSessionInfo
createUser
There are 3 new attributes available in the personalMeetingRoomType element. These attributes can be used with a call to the createUser API. Any, all or none of these attributes can be part of a createUser request. If a value is not specified in the createUser request, a call to GetUser returns default values for these attributes.
Example Request
The following XML snippet shows an example of a portion of a request for createUser using the new attributes: PMRAutoLock, PMRAutoLockWaitTime, and PRNotifications.
On a CI-enabled site, a call to the createUser API will return the following new exception message:
030098: User management is not allowed on unified site
Example Response On a CI-Enabled Site
setUser
There are 3 new attributes available in the personalMeetingRoomType element:
PMRAutoLockPMRAutoLockWaitTimePRNotifications
These attributes can be used with a call to the setUser API. Any, all or none of these attributes can be part of a setUser request. If a value is not specified in the setUser request, a call to GetUser returns default values for these attributes.
getSessionInfo
The getSessionInfo API for PMR meetings includes a field in the returned Response: <ep:joinRequiresAccount>. This field is returned based on the site level flag PMR_ForceLogin. A value of "1" indicates true, other values or a value of null indicates false. A non-PMR meeting uses the flag at the meeting level.
The following figure shows the PMR flag in the site admin console:
Collaboration Meeting Room (CMR) Enhancements
A GetSessionInfo request returns a SIP URL if the meeting is CMR enabled.
Affected APIs
getSessionInfo
getSessionInfo
The request message for getSessionInfo has not changed. However, there is a new element defined for the response that provides information about the SIP URL for a CET-enabled meeting.
The following diagram shows a portion of the getSessionInfoResponse element and its new child element: sipURL.
Example Request
The following sample shows an example of a getSessionInfo request message. The schema of this request message is not changed in this release.
Example Response
The following sample shows an example of a getSessionInfoResponse message.
Note: The
bodycontentof this response contains the<ep:sipURL>element.
Security Enhancements
If a site is enabled through the site admin flag to create passwords for audio login, scheduling a meeting through pages will set password automatically and getSessionInfo will return the audio password. Once a site is enabled for this feature, integrations should be updated to provide this password to users who are joining the meetings with the audio-only option.
Affected APIs
getSessionInfo
getSessionInfo
The request message for getSessionInfo is not changed. However, this release introduces three new return elements in the GetSessionInfoResponse message. These new elements are children of the ep:accessControl element:
ep:audioPasswordep:isEnforceAudioPasswordep:isEnforceAudioLogin
When both super admin and site admin enabled audio password feature, schedule meeting will automatically generate the audio password if session password is provided. The privilege to return the audio password is as same as session password.
Example Request
The following sample shows an example of a getSessionInfo request message. The schema of this request is not changed in this release.
Example Response
The following XML snippet shows an example of a getSessionInfoResponse message. Notice the security-related elements in the Response contained by the <ep:accessControl> element:
ep:audioPasswordep:isEnforceAudioPasswordep:isEnforceAudioLogin
Enhancement To User Authentication
In order to support better user authentication, WBS 30 adds support for passwords as well as support for Common Identity (CI) access tokens.
In releases before WBS 30, the authenticateUser API did not validate user passwords. Previous releases were able to validate SAML assertions from a Single-Sign-on (SSO) site. In WBS 30, authentication is expanded to accept passwords on SSO sites (in addition to SAML assertions) and passwords or CI Oauth access tokens on CI sites as methods of user authentication.
In order to support backward compatibility, we follow a specific order of priority checks of the input credentials as follows.
SSO Sites
Order of processing input credentials for SSO sites:
- samlResponse
- password
The authentication server validates the input credentials, and if successfully authenticated, returns a value for the sessionTicket element.
CI Sites
Order of processing input credentials for CI sites:
- password
- accessToken
The authentication server validates the input credentials, and if successfully authenticated, returns a value for the sessionTicket element, a createTime value, and a timeToLive value (in seconds).
Affected API
authenticateUser
authenticateUser
The schema of authenticateUser now allows the passing of a user password.
Note: For a CI-enabled site, the user name is the same as the user's email address.
Example Request (using a password on a CI-enabled site)
Example Response (from a CI-enabled site)
Related Release Information
The XML API schemas and release notes are available at the Cisco Webex Developer Portal:
The URL API release notes are available at the Cisco Webex Developer Portal: