Hi,
There are some instances where the Navigraph Charts web application has been integrated as a tab (technically an embedded webview/browser or iframe) inside third party desktop applications. Those past integrations were done in good faith, but from now on this type of integration will not be possible for the security and compatibility reasons outlined below.
Navigraph’s Charts web app should be run in a system default browser in order to isolate it from any potential malicious code (“man in the middle”) in the parent application, which is especially important for the sign-in flow where authentication data is handled. We have no indication whatsoever that any current integration has had any malicious code or that any user data has been compromised - we are taking this measure preemptively to further secure Navigraph accounts and apps moving forward by upgrading our authentication scheme to latest industry best practice. Furthermore we are about to implement third party authentication providers such as Google for sign-in, who are prohibiting embedded webviews for the same reasons, and therefore Navigraph Charts running as a tab inside other desktop applications will not be compatible with such improvements to the authentication flow.
We greatly value the partners who have previously chosen to integrate Charts in this way in the past, and will continue to work with them on other ways to integrate.
Existing virtual cockpit integrations such as virtual EFBs using the Charts API are not affected, since these are using the system default browser for authenticating users. The Charts API cannot be used by third party desktop applications as per our developer terms, but the SimBrief and navigation data APIs are unaffected and will still be supported in desktop applications provided that Navigraph user authentication is performed using the system default browser.
Kind regards,
Navigraph Development Team