Cisco makes application integrations easy

To provide developers with APIs that are easy to learn and use, Cisco does not require bots and integrations to explicitly integrate with the Webex E2E encryption system. Instead, developers can use a Webex Software Development Kit (SDK) or the Webex API.

Using the SDK is the more secure option

When developers use the Webex SDK, the SDK will handle all the work of integrating with the E2E encryption system. Customers that use SDK-based bots and integrations need to make sure that the code for the bots/integrations runs in a secure context, but they don’t need to worry about Cisco Webex having access to any keys or content.

In contexts where it’s not possible to use the SDK, Webex also provides an API server that can handle and decrypt content on behalf of the bot or integration. When a bot or integration requests access to encrypted content (such as a message or file), the API server requests the necessary encryption key, decrypts the content, and provides it to the bot or integration.

Notably, Cisco applies the same protections to content shared with third-party integrations. From a security perspective, the API server is a plaintext service, placing it on the end-to-end critical path. That means that it’s up to each organization to decide whether to provide it access to the enterprise’s content.