Free/Busy Exchange Integration - Technical

1. Feature Purpose (System-Level)

The Free/Busy Exchange Integration provides read-only access to attendee availability from Microsoft 365 (Exchange Online), allowing the system to surface scheduling conflicts and display only available time slots. The integration retrieves free/busy states (Free, Busy, Tentative, Out of Office) but does not read event titles, descriptions, or attendee details.

2. High-Level Flow (System Behavior)

The integration operates in two phases:
Setup Phase:
    Event Cadence provides a unique, account-specific URL that the customer uses to grant consent for accessing their Free/Busy status
    Microsoft 365 administrator or service account grants Cadence permission to access free/busy data
    Cadence securely stores encrypted tokens and uses refresh tokens to maintain long-term access
    Event Cadence verifies the connection and enables the Free/Busy integration in the customer's account
Scheduling Phase:
    Internal user creates appointment and adds attendees
    Cadence uses the stored access token to read free/busy ranges from Microsoft Graph when scheduling appointments
    Conflicting Outlook events appear as "Outlook Event" blocks
    The "Ask Customer" feature only displays available time slots

3. System Diagrams

System Architecture


flowchart LR
CadenceWebCore --> CadenceBackend
CadenceAdmin --> CadenceBackend
CadenceIOS --> CadenceBackend
CadenceAndroid --> CadenceBackend
CadenceBackend --> AppointmentDB[(Appointment Database)]
CadenceBackend --> CustomerDB[(Customer Database)]
CadenceBackend --> TokenStore[(Encrypted Token Storage)]
CadenceBackend --> ExchangeIntegrationService[Exchange Integration Service]
ExchangeIntegrationService --> MicrosoftGraph[Microsoft Graph API]
MicrosoftGraph --> ExchangeOnline[Exchange Online / Office 365]
CadenceBackend --> CalendarSync[Calendar Sync Service]
CalendarSync --> ExchangeFreeBusy[Exchange Free/Busy]

Dependency Map


flowchart TD
FreeBusyIntegration[Free/Busy Integration] --> CadenceBackend[Cadence Backend]
FreeBusyIntegration --> ExchangeIntegrationService[Exchange Integration Service]
ExchangeIntegrationService --> MicrosoftGraph[Microsoft Graph API]
MicrosoftGraph --> Office365[Office 365 / Exchange Online]
FreeBusyIntegration --> TokenManagement[Token Management]
TokenManagement --> EncryptedStorage[AES Encrypted Storage]
FreeBusyIntegration --> AuthenticationFlow[OAuth Consent Flow]
CadenceBackend --> AppointmentSystem[Appointment System]
AppointmentSystem --> AskCustomer[Ask Customer Feature]
AppointmentSystem --> RoomAvailability[Room Availability]
FreeBusyIntegration --> ConnectivityChecker[Connectivity Status Checker]

Processing Flow

sequenceDiagram
participant Admin
participant ConsentPage
participant ExchangeIntegrationService
participant MicrosoftOAuth
participant CadenceBackend
participant TokenStore
participant User
participant MicrosoftGraph
participant AppointmentUI

Note over Admin,MicrosoftOAuth: Setup Phase
Admin->>ConsentPage: Visit company-specific consent URL
ConsentPage->>MicrosoftOAuth: Redirect to Microsoft authentication
Admin->>MicrosoftOAuth: Approve permissions ( Calendars.Read , offline_access)
MicrosoftOAuth->>ExchangeIntegrationService: Return authorization code
ExchangeIntegrationService->>MicrosoftOAuth: Exchange for access/refresh tokens
ExchangeIntegrationService->>TokenStore: Store encrypted tokens
ExchangeIntegrationService->>CadenceBackend: Notify integration ready
CadenceBackend->>Admin: Confirm integration enabled

Note over User,AppointmentUI: Scheduling Phase
User->>AppointmentUI: Create appointment with attendees
AppointmentUI->>CadenceBackend: Request availability check
CadenceBackend->>TokenStore: Retrieve access token
CadenceBackend->>MicrosoftGraph: Query free/busy for attendees
MicrosoftGraph->>CadenceBackend: Return availability data
CadenceBackend->>AppointmentUI: Display conflicts as "Outlook Event"
User->>AppointmentUI: View available time slots

4. Key Components and Data Objects

Platform Components

  • Exchange Integration Service: Microservice hosted at  exchangeintegration.eventcadence.com  for OAuth flow and token management
  • CadenceWeb: Web interface for appointment management with availability viewing
  • CadenceAdmin: Administrative interface for appointment configuration and connectivity status checking
  • CadenceBackend: Central backend service handling appointment logic and free/busy queries
  • Mobile Applications: CadenceIOS and CadenceAndroid for mobile appointment access

Data Objects

  • Appointment Records: Core appointment data with attendees, times, and conflict status
  • Free/Busy Status: Retrieved states including Free, Busy, Tentative, Out of Office
  • Access Tokens: AES-encrypted tokens stored securely with refresh token support
  • Connectivity Status: Integration health monitoring data

Authentication Models

Two authentication options are supported:
    Delegated Administrator Authentication: A Microsoft 365 administrator with sufficient privileges authorizes Cadence to read users' free/busy information
    Service Account Authentication: A dedicated service account configured in your Microsoft 365 tenant with organization-level permission to read calendar free/busy data

Permissions Requested

When authenticating, the Microsoft consent screen displays the following permissions:
  • Maintain access to data you've given it access to → offline_access
  • Sign you in and read your profile → openid, profile
  • Read your calendars →  Calendars.Read  or Calendars.Read.Shared

5. Dependencies and Constraints

External Dependencies

  • Microsoft Graph API: Primary interface for retrieving free/busy data from Exchange Online
  • Office 365 / Exchange Online: Source system for calendar availability data
  • OAuth 2.0 Authentication: Microsoft identity platform for authorization flow

Operational Constraints

Conflict Detection Logic:
  • All-day Outlook events are ignored
  • Outlook Meetings that are 6+ hours in duration are ignored
  • Tentative times in Outlook integration do not display as a conflict
Required Attendees: When internal attendees marked as Required, the system will only present times when all required attendees have no conflicts

Security and Compliance

  • Tokens are AES-encrypted and stored securely
  • Only the minimum required permissions are requested
  • Access is read-only and limited to free/busy states
  • Compliant with Microsoft 365 data protection and Cadence ISO 27001 standards
  • Details of Outlook events are not visible for anyone, including the Calendar item name, attendees, locations, etc. This integration only provides a free or busy status

Ongoing Maintenance Requirements

The integration is designed to operate continuously once authorized, with no recurring maintenance tasks required from the customer on a daily, weekly, or quarterly basis.

Ongoing Operation

After the initial setup:
  • The system automatically uses stored access tokens to read free/busy ranges from Microsoft Graph
  • The integration maintains access through refresh tokens without requiring IT intervention