Federation
OX App Suite allows integrating API services from different instances. For example, subscribing to shared OX Drive resources at remote instances and using it through a single instance. This federation requires cross-instance API communication and authentication using credentials that are defined during the "sharing" process.
The subscribing instance will forward authentication information to the remote instance as defined by the user. Depending on the configuration of the remote instance and the data provided by the user, the connections security properties may vary (e.g. TLS configuration, password strength).
Federation connections are done using a dedicated HTTP API client implementation. Operators can use settings like com.openexchange.api.client.blacklistedHosts
and com.openexchange.api.client.allowedPorts
to restrict which network targets are accepted, regardless of the users input. OX strongly suggests rejecting any traffic to private networks and segments which are reachable by OX App Suite middleware but not through the public internet.