Build
Platform IntroductionBotsButtons and CardsIntegrationsWidgetsGuest IssuerDeveloper SandboxPromote your AppFAQs
Embedded Apps
OverviewDeveloper GuideDesign Guidelines for MeetingsDesign Guidelines for MessagingAPI ReferenceSubmission Checklist for Embedded Apps
APIs
XML API DeprecationGetting StartedREST API BasicsComplianceWebhooksWebex APIs
Admin
OverviewAdmin APIsAuthentication
Guides
Hybrid ServicesWebhooksReal-time File DLP Basics
Reference
Admin Audit EventsAuthorizationsEventsGroupsHistorical AnalyticsHybrid ClustersHybrid ConnectorsLicensesLocationsMeeting QualitiesMembershipsOrganizationsPeopleRecording ReportRecordingsReport TemplatesReportsResource Group MembershipsResource GroupsRolesSpace ClassificationsWebex Calling Organization SettingsWebex Calling Person SettingsWorkspace LocationsWorkspace MetricsWorkspaces
Calling
Overview
Guides
Webex for BroadWorksIntegrations and AuthorizationWebex for Wholesale
Reference
BroadWorks Device ProvisioningBroadWorks EnterprisesBroadWorks SubscribersCall ControlsLocationsPeopleRecording ReportWebex Calling Organization SettingsWebex Calling Organization Settings with NumbersWebex Calling Person SettingsWebex Calling Voice MessagingWebex Calling Workspace Settings with NumbersWholesale CustomersWholesale Subscribers
Devices
Overview
Guides
Workspace Integrations Guide
Reference
Device ConfigurationsDevicesPlacesWorkspace LocationsWorkspace MetricsWorkspace PersonalizationWorkspacesxAPI
Meetings
Overview
Guides
Meeting Resource GuideEmbedded Apps GuideEmbedded Apps ReferenceIntegrations and AuthorizationEmbedded Apps Design and Experience GuidelinesWebhooksWebinar Guide
Reference
Meeting ChatsMeeting InviteesMeeting ParticipantsMeeting PreferencesMeeting QualitiesMeeting TranscriptsMeetingsPeopleRecording ReportRecordingsWebhooks
Messaging
Overview
Guides
Embedded Apps GuideEmbedded Apps ReferenceBotsIntegrations and AuthorizationEmbedded Apps Design and Experience GuidelinesWebhooksButtons and Cards
Reference
Attachment ActionsEventsMembershipsMessagesPeopleRoom TabsRoomsTeam MembershipsTeamsWebhooks
Webex Assistant Skills
Overview
Guides
Skills SDK GuideSkills Developer PortalSkills Reference Guide
FedRAMP
Overview
Guides
Create a BotCreate an Integration
Notes on API Support
Full API Reference
Admin Audit EventsAttachment ActionsAuthorizationsBroadWorks Device ProvisioningBroadWorks EnterprisesBroadWorks SubscribersCall ControlsDevice ConfigurationsDevicesEventsGroupsHistorical AnalyticsHybrid ClustersHybrid ConnectorsLicensesLocationsMeeting ChatsMeeting InviteesMeeting ParticipantsMeeting PreferencesMeeting QualitiesMeeting TranscriptsMeetingsMembershipsMessagesOrganizationsPeoplePlacesRecording ReportRecordingsReport TemplatesReportsResource Group MembershipsResource GroupsRolesRoom TabsRoomsSpace ClassificationsTeam MembershipsTeamsWebex Calling Organization SettingsWebex Calling Organization Settings with NumbersWebex Calling Person SettingsWebex Calling Voice MessagingWebex Calling Workspace Settings with NumbersWebhooksWholesale CustomersWholesale SubscribersWorkspace LocationsWorkspace MetricsWorkspace PersonalizationWorkspacesxAPI
API Changelog
SDKs
iOSAndroidBrowserNode.jsJavaCommunity
Developer CommunityCertifications

Create a FedRAMP Integration

Integrations, in contrast to bots, must be authorized by users and act on the user's behalf. During the authorization process the integration requests fine-grained controls which the authorizing user has visibility into. The rolls determine which REST endpoints the integration is allowed to call.

Just like bots, a Webex Integration must be created by a FedRAMP Webex Control Hub admin user in the applications file first. In the Webex FedRAMP environment, an integration can only be created via the Webex API. Once the integration is created, an OAuth client ID and secret can be used with an OAuth 2 authorization code flow to obtain an access token. The Integration creation by an admin is a one-time affair for each integration. Once the developer receives the OAuth URL and secret, they can handle user authorizations correctly.

anchorCreating an Integration in FedRAMP
anchor

First the admin must retrieve their access token from the control hub environment as described above. Admin tokens are valid for no longer than 12 hours. The admin, using the access token, creates a new integration by sending a POST request to the Applications API (see Applications API Reference later in this document for more details) with a tool like Postman or the cURL command line tool. This is no different than bot creation aside from the payload now identifying an integration.

Example Request
POST https://api-usgov.webex.com/v1/applications

Include the access token in an Authorization header with “Authorization: Bearer YOUR_TOKEN_FROM_ABOVE”, and a Content-Type of application/json.

Include the

  • Type
  • Name
  • Description
  • Contact email
  • Redirect URLs for authentication
  • Necessary scopes.

The OAuth client ID and client secret will be included in the response. This is the only time you will see the client secret. Store it in a safe place as your developers will need it in the OAuth2 authorization flow.

Example Headers
Authorization: Bearer <your token>
Content-Type:application/json
Example Request Body
{
  "type":"integration",
  "name":"My Admin Integration",
  "description":"A brief description of the app",
  "contactEmail": "myEmail@example.com",
  "companyName":"My Company",
  "redirectUrls":["https://my-application.example.com/"],
  "scopes": ["audit:events_read"]
}
Example Response Body
{
  "isNative":false,
  "id":"Y2lzYmNiNTE2YzA1NmZhYmJiOTA5NWM3MWQ2Y2JjZWRjYTYwNmJh",
  "friendlyId": "my-app-1234","type":"integration",
  "name":"My Admin Integration",
  "description":"A brief description of the app",
  "orgId":"Y2lzY29zcGFyazowNGVkLTRlZGUtYWI3ZC1iNWRiNDYyYjgzMzM",
  "contactEmail":"myEmail@example.com",
  "companyName": "My Company",
  "redirectUrls":["https://my-application.example.com/"],
  "scopes": ["audit:events_read"],
  "clientId": "Cd3e3f3d9576dca606ba",
  "clientSecret":"06feae95907defef0a45c",
  "isFeatured":false,
  "submissionStatus":"none",
  "createdBy": "Y2lzY29zcGFyaEtYjY0MS1lZTdiYTI5MWYyM2Y",
  "created":"2020-02-29T21:40:51.150Z"
}

Use the OAuth ClientID and Client Secret with your application.

anchorUsing the Integration in FedRAMP
anchor

See the Requesting Permission section of the Integrations guide on the Webex for Developers site (https://developer.webex.com/docs/integrations#requesting-permission) for detailed instructions on how to use an integration.

Use https://api-usgov.webex.com/v1/authorize for the authorization URL and https://api-usgov.webex.com/v1/access_token for the access token URL.

Once your application is authorized by a full admin, a new access token and a refresh token are generated and can be used with the authorized Webex REST APIs. An access token is valid for 14 days and can be refreshed using the refresh token which is valid for 60 days. Creating a new access token refreshes the refresh token expiration timer.

anchorIntegration API Reference
anchor
Method
POST https://api-usgov.webex.com/v1/applications
Request Parameters
NameTypeDescriptionRequired
typestringThe type of application. Use integration.Y
namestringA brief name for the application.Y
descriptionstringA brief description for the application.Y
contactEmailstringThe email address of the application developer.Y
redirectURLsarray[string]An array of redirect URLs for the integration. These URLs will be used after authenticating the user.Y
scopesarray[string]An array of OAuth scopes required by the application. See Scopes for more information https://developer.webex.com/docs/integrations#scopes.Y
Example Request Body
{
  "type":"integration",
  "name":"My Admin Integration",
  "description":"A brief description of the app",
  "contactEmail": "myEmail@example.com</a>",
  "companyName":"MyCompany",
  "redirectUrls":["https://my-application.example.com/"],
  "scopes": ["audit:events_read"]
}
Example Response Body
{
  "isNative":false,
  "id":"Y2lzYmNiNTE2YzA1NmZhYmJiOTA5NWM3MWQ2Y2JjZWRjYTYwNmJh",
  "friendlyId": "my-app-1234",
  "type":"integration",
  "name":"My Admin Integration",
  "description":"A briefd escription of the app",
  "orgId":"Y2lzY29zcGFyazowNGVkLTRlZGUtYWI3ZC1iNWRiNDYyYjgzMzM",
  "contactEmail":"myEmail@example.com",
  "companyName":"My Company","redirectUrls":["https://my-application.example.com/"],
  "scopes": ["audit:events_read"],
  "clientId": "Cd3e3f3d9576dca606ba",
  "clientSecret":"06feae95907defef0a45c",
  "isFeatured":false,
  "submissionStatus":"none",
  "createdBy":"Y2lzY29zcGFyaEtYjY0MS1lZTdiYTI5MWYyM2Y",
  "created":"2020-02-29T21:40:51.150Z"
}

A successful request will return HTTP 200 OK.