Cloud CMA and your MLS System
We understand that your MLS data is valuable and only available to real estate professionals with active MLS credentials. To accommodate a variety of MLS systems and to be able to integrate Cloud CMA effectively, we offer multiple methods of integration. Data security is a priority for us so we take specific precautions to ensure that data is only shared when all protocol and due-diligence is carried out properly.
Cloud CMA and MLS Security
Cloud CMA allows real estate agents to easily create custom CMAs, Buyer Tours, Property Reports and Flyers. It utilizes the best Internet sources of property, school, neighborhood, and other information to generate these report sets. Since the best source of listing data comes from the MLS, Cloud CMA integrates directly with the MLS RETS server to acquire listing data. This includes sold, pending, expired, and active property information.
Cloud CMA does not aggregate listing data ahead of time. Nor does it keep duplicate copies of MLS data on our servers. The MLSs RETS server is only queried at the time the user requests a report to be created. Users are typically only requesting 10-30 listings per CMA or Buyer Tour, and only one listing per Property Report or Flyer, so these queries are very small and efficient.
Since MLS listing data can only be accessed by licensed members of the MLS, Cloud CMA utilizes one of the following three security methods to ensure that only valid, active members have access.
When a new user sets up their profile in Cloud CMA, they are asked to choose their MLS, and are then prompted for their MLS credentials. The MLS password is stored in our system using RSA public key encryption. Anytime this password is transmitted, it’s in encrypted form. Whenever the user performs a query for property data, Cloud CMA uses their MLS credentials to log into the RETS server. If the user’s MLS credentials are invalid, the login to the RETS server will fail, and a corresponding error message will be relayed to the user. The user can then check their credentials and try again. Essentially, they will never successfully get listing data from the RETS server without proper credentials.
Pros: The MLS has complete control over users being able to utilize their data in Cloud CMA. The user can be cut off at any time by using the normal deactivation process built into the MLS workflow.
Cons: The MLS may not have RETS credentials set up for each and every member. Many MLSs manually set up RETS credentials on an as needed basis.
The MLS provides W+R Studios with specific RETS credentials and specifies how those credentials will be used every time the RETS server is queried on behalf of a user. When a new user sets up their profile in Cloud CMA, they are still asked to choose their MLS and enter their MLS credentials. The MLS password is stored in our system using RSA public key encryption, and any time it's transmitted, it is done so in an encrypted form. Whenever the user performs a query for property data, we use our MLS credentials to log into the RETS server. Upon successful login, we query the Agent or User table of the RETS server with the agents ID and password, then look at the resulting data to ensure that this user does in fact exist and is an active member. If our query returns no results or an indication that the member is no longer active, a corresponding error message will be relayed to the user. The user can then check their credentials and try again, but they will never successfully get listing data from the RETS server without the proper credentials.
Pros: The MLS has complete control over this user being able to utilize their data in Cloud CMA. The user can be cut off at any time by using the normal deactivation process built into the MLS workflow.
Cons: The MLS may not allow querying on the password field in the Agent table, or may not return that field in the dataset for use in a post query comparison. As a less secure alternative, it's possible to query the Agent table for the ID and an indication that this user is an active member, which essentially ignores the password.
We offer two 'Single Sign On' (SSO) methods, which are good for MLSs that have a site license contract (every member of the MLS has free access to Cloud CMA). In this scenario, users cannot log in directly at cloudcma.com, but instead must first log into their MLS system and click on a button or link to access Cloud CMA.
- We have our own 'homebrew' form of SSO where parameters are passed in the URL, the MLS code, the user’s ID, a secure hash, and a timestamp. Details of this algorithm can be provided upon request. We have several MLS systems using this method - it works well and is simple to implement.
- We also support the SAML standard for SSO and are currently SAML certified with one of the major MLS vendors. We are set up to easily add other SAML providers.
SSO works especially well when the MLS implements the API for passing listing numbers to automatically create reports for listings the user has currently selected. This allows for a deep integration between MLS system and Cloud CMA, requiring no additional login by the user and making it feel like one seamless system.
Pros: The MLS has complete control over this user not only being able to utilize MLS data in Cloud CMA, or even having rights to access Cloud CMA at all. The user can be cut off at any time using the normal deactivation process built into the MLS workflow - if they can't access the MLS system, they can't access Cloud CMA.
Cons: The MLS needs to set up a link to Cloud CMA within the MLS system.
Currently we have 5 major MLS Vendors providing custom Cloud CMA integration. These include:
- Matrix MLS (6.3)
- flexMLS by FBS
- Paragon MLS by LPS
- Paragon XL MLS by LPS
- Rapattoni MLS
- IRES MLS
MLS App Stores
Cloud CMA is also available in the FBS Spark and Clareity MLS App Store solutions.
Cloud CMA API
Cloud CMA allows real estate agents to easily create custom CMA, Buyer Tour, and Property Reports. In order to enable this functionality to be embedded in other web sites, specifically MLS sites, we have made an API publicly available. For more information on this please click here.
If you have any technical questions about these options please contact Dan Woolley at firstname.lastname@example.org or by phone at 855-977-8834 ext 702.