Calendar Admin FAQs

How does Cronofy connect to Exchange servers?

Cronofy uses the Exchange Web Services API to interact with end-user’s Exchange servers.

Does Cronofy provide fixed IP addresses for calendar service traffic?

Cronofy uses fixed IP address when communicating with calendar servers according to the data center the calendar service is connected to.

Your application vendor will be able to tell you which data center applies to your integration so that you can set your firewall rules accordingly.

Fixed IPs are provided for two classes of traffic:

From Cronofy to external servers
From on-premise Exchange servers to Cronofy

All other traffic to Cronofy, including browser-based requests and calls to our API, does not guarantee a fixed set of IPs.

Please note that our Exchange connection utilizes Exchange Web Services API, which means that our services also require HTTPS (TCP, port 443) access to the Exchange Services API endpoint.

What are the differences between EWS and Graph API?

While EWS and Graph connections do the same thing, they work in a different way from one another. Here are the key differences between the two to help with the decision on which one to use with your application.

Why does the Google OAuth screen say the Cronofy will be able to 'Permanently delete calendars'?

Cronofy requires full calendar access for some operations, such as creating calendars and setting the URL of an event. This requires the full-access calendar scope, and this scope also includes the ability to delete calendars. However, Cronofy does not support any way of deleting calendars - we do not have any code which can delete a calendar, despite it being mentioned in the scope description. Read More

What data does Cronofy store?

In order to provide the sync and scheduling infrastructure to our software clients, we maintain a cache of the calendar data for users who have authorized access. This cached data is protect through encryption in transit and at rest. Our primary infrastructure provider, Amazon Web Services, provide the controls and management tools to secure this.

This cache of data is retained for 30 days for third party events from the last authorisation, 90 days of partner events from the date of authorisation termination and 30 days after the event date for smart invites.

This main reasons we do this are:

What is Cronofy doing about the upcoming changes to Exchange Web Services (EWS) API for Office 365?

Microsoft have announced that they are removing Basic authentication access support for EWS on October 1st, 2022 (originally planned for October 13th, 2020): Basic authentication and Exchange Online

Similarly to how we dealt with Apple changing to required app-specific passwords in 2017, we have made this transition as seamless as possible.

What is Cronofy's OAuth2 Client ID for approving Google Workspace application installation?

Cronofy’s Google Web Application OAuth2 Client ID is 902414518019.

Why does Cronofy require full mailbox access?

The APIs utilised by Cronofy to access Exchange and Office 365 require full Mailbox Access so we can create and update events.

'Need admin approval' when authorizing Cronofy

As part of providing a service to our Office 365 customers, Cronofy installs an application on the Office 365 tenant of the customer integrating with Cronofy. This application is essential to integration, but can result in end users seeing a “Need admin approval” message when authenticating their calendars.