2022 Cisco and/or its affiliates. All rights reserve.
• Compliance APIs for Data Loss Prevention (DLP): The Webex Messaging service supports publicly available
APIs that can be used by (machine) accounts with the compliance officer entitlement to integrate with a DLP
provider to identify policy violations and take remediation action.
• eDiscovery: The Webex eDiscovery console allows administrators with the compliance entitlement to search
user generated content and extract relevant messages and files, as well as contextual data such as
timestamps, space IDs and participants IDs.
• Enterprise Content Management (ECM): Webex also allows IT administrators the flexibility to enable Microsoft
OneDrive, Google Drive, and Box as an ECM solution to their users, in addition to Webex existing built-in file
sharing and storage. Users can share, edit, and grab the latest Microsoft OneDrive, Google Drive, and Box
files right within Webex spaces, while files are kept safe, secure, and protected in ECM via the customer’s
existing DLP/CASB and anti-malware solution.
Extending Webex Messaging
The Webex Messaging service provides open APIs that enterprises can use to automate Webex Messaging and
connect it with other services. There are three different ways to extend the Webex Messaging service:
1. Bots provide extended functionality for an entire enterprise. A bot must either create a space or be
invited to it before it has access. Even within a space, a bot only has access to messages that reference
the bot explicitly (with an @ “mention”).
2. Integrations provide extended functionality for a single user, such as a personal assistant or document
translation. Integrations have the same Webex Messaging capabilities that the associated user does —
access to the same spaces, messages, files, calls, etc. An integration can be thought of as a cloud or
server hosted application with no user interface and with some additional intelligence.
3. Webhooks are a way that bots or integrations can have the Webex Messaging service “call out” to
external services when certain events happen. Webhooks are only provided with metadata that is already
visible to the Webex Messaging service; they do not have access to KMS encrypted user generated
content. For example, a user can set a webhook to be notified when there is a message in a space, and
the webhook will only be informed that the message has been posted; information such as who sent the
message and which space it was sent in, not the content of the message.
More information about Webex APIs can be found at https://developer.webex.com/
.
In order to provide developers with APIs that are easy to learn and use, we do not require bots and integrations
to explicitly integrate with the Webex Messaging KMS encryption system. Instead, developers can use a Webex
Messaging SDK or the Webex Messaging API server.
Using the SDK is the more secure option. When developers use the Webex Messaging SDK, the SDK will handle
all the work of integrating with the KMS encryption system — the SDK authenticates directly to the appropriate
KMS and does all the encryption/decryption locally. Customers that use SDK-based bots and integrations only
need to make sure that the code for the bots/integrations runs in a secure context.
In contexts where it’s not possible to use the SDK, the Webex Messaging service also provides an API server
that can handle KMS interactions and decrypt content on behalf of the bot or integration. When a bot or
integration requests access to encrypted content (such as a message or file), the API server requests the
necessary encryption key from the appropriate KMS, decrypts the content, and provides it to the bot or
integration. It is up to the organization to decide whether to provide the integrations and bots access to the
enterprise’s content.
While we believe that Webex security is the best in the industry, every Cisco customer has different security
requirements. The key to making this hybrid model work is customer choice. Customers can choose to use only