Gateway Security Options
The XWS uses the same mechanism to protect traffic between itself and the Crestron Fusion Scheduling and Groupware services as the Resource Data Web Service uses for itself and its clients. For more information, refer to Security Options.
Security for the XWS can be provided by the following mechanisms used individually or in combination:
- The API client passcode that is established in the Configuration Web Client is used to prevent casual HTTP requests from being handled by the XWS.
- HTTPS can be implemented between Crestron Fusion services and the XWS.
- Additional encryption of the URL components can be enabled between Crestron Fusion services and the XWS by selecting the appropriate options in the Crestron Fusion Configuration Web Client.
For initial development and testing, it is recommended to turn off all security mechanisms; however, since the credentials for the third-party calendaring application must be transferred to the gateway, the password must always be encrypted regardless of the configuration settings.
The security settings for the gateway must be set in its app.config file in the appSettings section with the SecurityLevel key. The value of that key corresponds to the configuration settings in the table below.
Enable API Security | Encrypt Security Tokens | SecurityLevel Value |
---|---|---|
Unchecked | Unchecked | NoSecurity |
Checked | Unchecked | ClearToken |
Checked | Checked | EncryptedToken |
Unchecked | Checked | (not defined) |