The Webex FedRAMP environment is separate and distinct from our “commercial” environment and is tailored to the Federal government's collaboration business. Access to the Webex FedRAMP environment is for federal government organizations and partners invited by those entities.
The environment is specially isolated and secured in accordance with the mandated standards. Consequently, some of the convenience tools in support of application development are not available. As an example, today there is no developer portal, like there is for the commercial environment (developer.webex.com), which could be used to develop applications for the Webex FedRAMP environment. Instead, partners are encouraged to develop their applications – respecting the API limitations outlined in this document – in the commercial environment and then follow the approach to register their apps as described later here for the FedRAMP Webex system.
Partners that are already familiar with the Webex API's and therefore do not need the guides, API explorer, blogs and other support infrastructure from the commercial developer portal will be able to develop apps in the Webex FedRAMP environment directly with the help of the instructions in this document.
The information and instructions in this document are intentionally succinct. A limited FedRAMP developer portal will be available in due time and subsume this document's content.
anchorAPI Gateway and Control Hub addresses for FedRAMPanchor
The Webex APIs in FedRAMP are accessible under api-usgov.webex.com. For example, the full address for the messages endpoint would be https://api-usgov.webex.com/v1/messages, which is notably distinct from the commercial environment at webexapis.com. Applications for the FedRAMP environment must call that API address alone. The Control Hub login screen is available at https://admin-usgov.webex.com, also separate and distinct from the commercial environment.
The Webex XML APIs used to control the meetings experience are accessed under the site name, in the same way as the commercial APIs. For example, if one of FedRAMP customer site's name is ‘abc', its DNS is abc.webex.com, and the XML API can be accessed at https://abc.webex.com/WBXService/XMLService.
anchorFedRAMP application typesanchor
In the Webex commercial environment, there are a set of application types available that do not translate directly to the FedRAMP environment. There are bots (standalone persons), integrations (acting on a user's behalf), SDK apps (push notifications for inbound calls), and guest issuers (create anonymous persons) available in the commercial environment. SDK apps and Guest Issuers are not available in FedRAMP, and there is no substitute currently planned. Those app types have been intentionally disabled. As such, this document will cover the development of bots and integrations as its primary goal.
anchorOrganization Permission to create appsanchor
In the Webex FedRAMP environment, we have turned off the ability for an organization to create applications by default. That is done as an additional security measure to prevent API access, which is often undesired by an organization.
To have your organization added to an allow list, please have the primary admin make a request to your sales rep, or email to email@example.com with your FedRAMP
orgId included. Your request will be internally reviewed by our security team, and, if approved, will be executed usually within 24-48 hours. All API requests are denied if your organization is not on the allow list independent of a valid access token.