Breaking Changes Planned for OAuth /token Response

Lindsey Rix
Lindsey Rix Blackbaud Employee
Tenth Anniversary Kudos 3 Name Dropper Participant
in SKY Developer Announcements
A breaking change is planned for the OAuth /token Response. We will be removing the tenant_id and tenant_name properties from the SKY API OAuth service /token endpoint response at the end of July 2019.  See our Changelog for more information.

Comments

  • Steven Cinquegrana
    Steven Cinquegrana
    Ninth Anniversary Kudos 2 Name Dropper Participant
    I read this with HORROR. In short, you have got to be kidding.


    Not only is this a breaking change, it's an app killer.


    Also, from Ben Lambert‍ only a few months ago in quite involved post:

    "So if you have the option, we'd recommend getting in the habit of using the environment_id and user_id combination as your correlating values, but the older model of tenant_id + user_id will continue to work for quite a while (and we'll manage the internal interpretation/implementation of access tokens on our end)." (My bold.)


    I would suggest reconsidering this move. And when is Blackbaud going to start versioning, rather than breaking, the SKY API?? You're the only organization I know that regularly releases breaking changes. Virtually everyone else versions to maintain workability.


    This really does make me question Blackbaud's comprehension of API best-practice.

    Steve Cinquegrana | CEO and Principal Developer | Protégé Solutions

     
  • Jackson Perry
    Jackson Perry
    Seventh Anniversary Participant Facilitator 1
    Seriously, why.


    What's next the environment_id as well? There's already barely enough information developers can use to make apps with multi-tenant capability to uniquely identify sessions across users. Do these kind of breaking changes on api/v2 not v1.  As Steven said, you don't make breaking changes to an API that only has 1 version. 


    I may as well stop development on my application if this change is made.


    -Jackson
  • Ben Wong
    Ben Wong Blackbaud Employee
    Tenth Anniversary Kudos 3 Name Dropper Participant
    Thanks for your feedback. I know there can be frustration with any breaking changes to SKY API. I understand the need for more consideration when making changes that have a broad impact on developers. We make these announcements and try to give enough time for developers to make necessary changes. We believe that this particular change affects a small segment of developers, and therefore doesn't warrant a new version of our OAuth service that would impact every SKY API developer.


    However, I'd like to understand your specific scenarios and how you are using these values. I'll reach out directly to learn more.
  • Product Development
    Product Development
    Sixth Anniversary Participant Facilitator 1
    Will the client be able to get the environment ID like they are able to get the tenant_id?


    The use case for us is that we tie their subscription info to the tenant ID currently.  This is set up before they authenticate.  To do the same going forward, the client would need access to their environment ID.
  • Ben Wong
    Ben Wong Blackbaud Employee
    Tenth Anniversary Kudos 3 Name Dropper Participant
    Yes, the environment_id is in the same OAuth /token response as the tenant_id so the client application should be able to obtain it in the same way. Here is a tutorial that shows what is contained in the response: https://developer.blackbaud.com/skyapi/docs/authorization/auth-code-flow/tutorial#tokens-returned

Categories