Which EWS operations does Cronofy utilize?

Cronofy utilizes Exchange Web Services (EWS) to access Exchange and Office365 calendars. This is through a URL, which usually looks like https://mail.example.com/EWS/Exchange.asmx

When a user is authenticating themselves, whether via username and password or OAuth token, Cronofy requests full access to the mailbox and the calendars within it.

Similarly, when using Enterprise Connect, the default recommendation is to use a service account and apply the ApplicationImpersonation role, which effectively grants the same access.

The ApplicationImpersonation role allows us to create and read events within a calendar, and register for push notifications to inform us of changes so we can keep their schedule as up-to-date as possible.

Information on how to configure ApplicationImpersonation can be found in our documentation, Configuring ApplicationImpersonation.

EWS Operations #

With access configured using ApplicationImpersonation, Cronofy utilizes the following EWS Operations:

For those who want to implement more restrictive set of permissions, there are numerous methods for doing so. They include restricting access to certain mailbox folders, and restricting impersonation access using DistributionGroups.

Finally, if those permissions are still too permissive, Cronofy also supports free-busy only access, which you can read more about in our documentation, configuring free-busy only access.

Further reading #

For more information on enabling, or configuring Exchange Web Services, please see Microsoft’s documentation, Explore the EWS Managed API, EWS, and web services in Exchange.