Calendar Admin FAQs

How does Cronofy connect to Exchange servers?

Cronofy uses the Exchange Web Services API to interact with end-user’s Exchange servers.

Does Cronofy provide fixed IP addresses for calendar service traffic?

Cronofy uses fixed IP address when communicating with calendar servers according to the data center the calendar service is connected to.

Your application vendor will be able to tell you which data center applies to your integration so that you can set your firewall rules accordingly.

Fixed IPs are provided for two classes of traffic:

From Cronofy to external servers
These are the IP addresses from which Cronofy will be making requests to get events, create subscriptions, executing a callback/webhook request etc.
From on-premise Exchange servers to Cronofy
These are the IP addresses we accept requests from your on-premise Exchange server for callbacks regarding event updates, for example.

All other traffic to Cronofy, including browser-based requests and calls to our API, does not guarantee a fixed set of IPs.

Please note that our Exchange connection utilizes Exchange Web Services API, which means that our services also require HTTPS (TCP, port 443) access to the Exchange Services API endpoint.

How to identify customers that need to migrate from EWS to Graph API?

ApplicationImpersonation will stop working on Microsoft 365 Exchange service accounts from February 2025 which will stop EWS Service Accounts from successfully syncing M365 calendars. This will mean that customer connections not using Graph API by this point will stop working.

You will need to reach out to your customers to ensure that any customers using EWS apps that access Exchange Online migrate to Graph API before this date.

Migration from EWS to Graph API

ApplicationImpersonation will stop working on Microsoft 365 Exchange service accounts from February 2025 which will stop EWS Service Accounts from successfully syncing M365 calendars. You can read more about this via Microsoft’s announcement.

Therefore, you will need to migrate your EWS apps that access Exchange Online to Graph API before this date to avoid any interruption to your connections. To do this, you need to follow our ‘Migrate from EWS to Graph API Flow’.

What are the differences between EWS and Graph API?

While EWS and Graph connections do the same thing, they work in a different way from one another. Here are the key differences between the two to help with the decision on which one to use with your application.

Why does the Google OAuth screen say the Cronofy will be able to 'Permanently delete calendars'?

Cronofy requires full calendar access for some operations, such as creating calendars and setting the URL of an event.

This requires the full-access calendar scope, and this scope also includes the ability to delete calendars.

However, Cronofy does not support any way of deleting calendars - we do not have any code which can delete a calendar, despite it being mentioned in the scope description.

What data does Cronofy store?

In order to provide the sync and scheduling infrastructure to our software clients, we maintain a cache of the calendar data for users who have authorized access. This cached data is protect through encryption in transit and at rest. Our primary infrastructure provider, Amazon Web Services, provide the controls and management tools to secure this.

This cache of data is retained for 30 days for third party events from the last authorisation, 90 days of partner events from the date of authorisation termination and 30 days after the event date for smart invites.

This main reasons we do this are:

Are GCC High Tenants supported?

As GCC High is a government system, we don’t have the approval to use it for testing purposes so we cannot guarantee that it can always be connected.

At present, attempting a connection via Individual Connect will not work. However, in some cases this is possible to set up via Enterprise Connect. To do so, we need to have access to your Exchange/Office365 tenant and be able to connect to it, meaning you would need to allow Cronofy’s access in any external connections’ security policies you might have.

To do this, you will need to follow some specific steps:

What is Cronofy's OAuth2 Client ID for approving Google Workspace application installation?

Cronofy’s Google Web Application OAuth2 Client ID is 902414518019.

Why does Cronofy require full mailbox access?

The APIs utilised by Cronofy to access Exchange and Office 365 require full Mailbox Access so we can create and update events.

Office 365 and Teams

As part of providing a service to our Office 365 and Teams customers, Cronofy installs an application on the Office 365 tenant of the customer integrating with Cronofy. This application is essential for a successful integration, but can result in end-users seeing a “Need admin approval” message when authenticating their calendars.

Does Cronofy support Office 365 in China?

Cronofy does not support Office 365 in China.