AnsweredAssumed Answered

UDS resource authentication

Question asked by mmenozzi on Dec 22, 2015
Latest reply on Jan 17, 2016 by mmenozzi

Hi team


assuming that I'm not an expert in development area and especially in APIs I got a question from a financial customer that I really don't know how to address.


Question raised from this link


Customer is complaining about UDS API resources are not secure.

Here is the story:this customer is approaching a Mobile Remote Access UC architecture and he would develop an application that leverages on UDS API to allow external user to search contact on this application and not on CUCM. The reason is that CUCM is currently (and correctly for me) limited in terms of contact sync.


Ok, no problem if you have a third party that support UDS maybe we can do that but looking at page above the got scared. They saw that several resources don't require user authentication in HTTP session so they are complaining because these API don't guarantee that transactions or access to some resources are all authenticated and their security department currently asks for this.


I really don't know what to say. I even don't understand very well the differences in terms of resources, however I ask you kindly in which could be the best approach to give a feedback here without making them to much disappointed.