Subscribe to this blog to receive periodic product release announcements for developers and tips and tricks for using API.

Developer Next Steps

Welcome to SKY API. This article provides guidance for those of you who are new to the API. It assumes that you recently requested or were approved for a subscription. If not, be sure to complete our Getting Started guide. After you are approved, your developer account is added as a user in the sandbox database/tenant and your subscription key is associated with your profile. After that, you are ready to dive deeper into our developer ecosystem:
  • Introduce Yourself to OAuth with the API Console
  • Dive Deeper into Security
  • Don’t Overlook the Basics Guide
  • Stay in Touch

Introduce yourself to OAuth using the API Console

The goal of the Getting Started guide is to make API calls with our API Console. The API Console is an interactive technical reference playground that allows you to call our endpoints and play with sample data in the sandbox database. Before you call an endpoint, you must provide any necessary request parameters, enter your subscription key, and negotiate authorization to get an OAuth access token. Authorization involves allowing the API Console to access your data in the sandbox. After authorization, an OAuth access token is placed in the HTTP request header. You can review and submit the HTTP request and inspect the returned JSON data in the response. It’s a great introduction to security and a fun, fast way to learn the endpoints.

When you use the API Console, keep these two goals in mind:

  • Familiarize yourself with the workflow around authorization (OAuth).
  • Note how API requests are signed with access tokens. 

Authorization Workflow

OAuth is an authentication protocol that allows you to authorize one application to interact with another application on your behalf without giving away your password. The API Console is an application that interacts with the API. As an API Console user, you must authorize it to access your data through the API without providing your password. Similarly, any apps that you write must obtain authorization from your users. Another way to think about this is that before an app can take the API for a spin, it must obtain a valet key in the form of an access token. Here's the workflow to obtain an access token:
In the API Console, select Authorization code in the Blackbaud OAuth 2.0 Server field.  

Behind the scenes, the API Console calls the \authorization endpoint.  The approval screen appears and prompts you to authorize the API Console to access your data in the sandbox. 


After you provide authorization, SKY API sends an authorization code to the API Console. The API Console immediately calls the \token endpoint behind the scenes to exchange the authorization code for an access token. The token is placed in the HTTP request header, and the API Console can use the access token as a valet key to access your data through the API.


After the request is signed with an access token and the other parameters are entered, you are ready to make the request. Have fun making API calls against our sandbox database. As you learn the endpoints, you can think of exciting ways to integrate and build the next great app.

Dive deeper into security

After you make a few calls with the API Console, you’ll want to dive deeper into security and OAuth. We take a layered approach to our materials for different types of learners. For those who like to read before diving into the code, we provide the Authorization and Auth Code Flow guides. For those who prefer a guided approach, we provide an Auth Code Flow Tutorial that takes you step by step through authorization, requesting a constituent, and displaying the data. At the end of the tutorial, you have a working application. And for those who prefer to jump right in and view the code, we provide code samples.
We also recommend that you read our common authorization issues. Reading through these can help troubleshoot any errors you encounter when you call the \authorization  and \token endpoints. In addition, our FAQ includes authorization and security tips.

Don’t overlook the Basics guide

Do you know how to paginate through lists? Do you know our base URLs for OAuth and the endpoints? Want to know our common response status codes? Did you know there’s a quota on how many calls you can make to the API in a day? Did you know that fuzzy dates are different than normal dates? The Basics guide provides information about topics that span all our APIs. Read it!

Stay in touch

Stay connected with the SKY API Team. We announce additions and changes to the API in our blog, so be sure to subscribe. Having issues? You can always join the discussion. But before you do, here are some resources to help you out:

  • Authorization errors? Read the common authorization issues and our FAQ.
  • Getting 500 errors? Think our services are down or that there’s a problem on our end? Check our Issues area. We may have already noticed the problem. We announce problems and resolutions in the Issues area and the blog.

Do you have a good idea? Add, vote, and comment on Ideas to improve the developer experience.

Posted by Trip Ottinger on May 12, 2016 10:48 AM America/New_York