Hi Sebastian, sorry for the delay here.  We had deployed the xml file to each path, but hadn't deployed it to the root directory.  This has now been done, so you can now access the crossdomain.xml directly via the root (eg, http://ws.webtrends.com/crossdomain.xml).

Thanks for your patience, and let us know if there's anything else you need.

An easier resolution to this is for the client to put a proxy page and crossdomain.xml on their server.  In other words - just a simple relay page that will push the api call and get the response.  As well, this is a best security practice since you don't want to embed credentials within a flash or AIR file - which are easily hacked.

So - build a proxy page that holds your credentials and passes the data. Put up a crossdomain.xml file on your server. Then point your flash file to the proxy page on your own server.  A proxy page is simple to build, just grab the post and then send the API call and echo the response.  If you do want to save credentials in flash or AIR, use some kind of encrypted key that your proxy page will authenticate.

I would not advise Webtrends to put a crossdomain.xml file on their site since this would enable anyone to distribute a flash file with credentials in it.  It's a security risk waiting to happen.

Hi Sebastian,

It would depend what language you're programming in.  I'm often working in PHP, so I build a proxy.php file on the server where the Flash app is loading from.  I post the API request from the flash file to the proxy page without credentials.  The proxy page adds the user credentials and passes the request to the API.  The response is simply echo'd back by the proxy.php page.  If you're working in PHP, I've attached a PHP file that would work - you just need to pass the Webtrends API request URL to it.

Cheers!

Doug