How does Cronofy connect to Exchange servers?

Cronofy uses the Exchange Web Services API to interact with end-user’s Exchange servers.

Does Cronofy provide fixed IP addresses for calendar service traffic?

Cronofy uses fixed IP address when communicating with calendar servers according to the data center the calendar service is connected to.

Your application vendor will be able to tell you which data center applies to your integration so that you can set your firewall rules accordingly.

Please note that these IP addresses are only used when messages are sent from Cronofy to your servers (inbound to your firewall).

Messages sent from your systems (outbound from your firewall) to Cronofy will still need to be sent to the relevant API URI.

What data does Cronofy store?

In order to provide the sync and scheduling infrastructure to our software clients, we maintain a cache of the calendar data for users who have authorized access. This cached data is protect through encryption in transit and at rest. Our primary infrastructure provider, Amazon Web Services, provide the controls and management tools to secure this.

This main reasons we do this are:

What is Cronofy doing about the upcoming changes to Exchange Web Services (EWS) API for Office 365?

Microsoft have announced that they are removing Basic authentication access support for EWS on October 13, 2020: Upcoming Changes to Exchange Web Services EWS API for Office 365

Similarly to how we dealt with Apple changing to required app-specific passwords in 2017, we will make this transition as seamless as possible.

What is Cronofy's OAuth2 Client ID for approving GSuite application installation?

Cronofy’s Google Web Application OAuth2 Client ID is 902414518019.

Why does Cronofy require full mailbox access?

The APIs utilised by Cronofy to access Exchange and Office 365 require full Mailbox Access so we can create and update events.