OneRoster REST API requests rejected with "Invalid signature"
Our OneRoster OAuth 1.0a implementation works well with other solutions, including ClassLink & Infinite Campus, but it does not work with Blackbaud, giving us an error "Invalid signature"
Has anyone successfully use BlackBaud's OneRoster API? Did you run into a similar issue and find a way to work around it?
Here's an example request we would send, with specifics removed:
We did try contacting Blackbaud support but they directed us here.
Any help would be appreciated.
Thank you in advance,
Dobes
Has anyone successfully use BlackBaud's OneRoster API? Did you run into a similar issue and find a way to work around it?
Here's an example request we would send, with specifics removed:
And the error reply:
GET /ims/oneroster/v1p1/users?offset=0&limit=100&filter=status%3D'active' HTTP/1.1
Accept: application/json, text/plain, */*
authorization: OAuth oauth_consumer_key="K6....qg%3D%3D",oauth_nonce="jBDtXpISscIwPP95",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1593211800",oauth_version="1.0",oauth_signature="nSJ...PII%3D"
User-Agent: axios/0.19.2
Host: xxxschool.myschoolapp.com
Connection: close
I am wondering what would be the difference in signature calculation with Blackbaud versus the other OneRoster providers we have previously integrated with.
401 Unauthorized
date: Fri, 26 Jun 2020 22:50:00 GMT
content-type: application/json; charset=utf-8
content-length: 83
connection: close
server: nginx
cache-control: no-cache
pragma: no-cache
expires: -1
x-server-upstream: kpe1-webotr-d01
{"Message":"Unauthorized - the Request requires authorization. [Invalid signature"}
We did try contacting Blackbaud support but they directed us here.
Any help would be appreciated.
Thank you in advance,
Dobes
Tagged:
0
Comments
-
Hi,
After some experimentation, I tried using HMAC-SHA256 to sign the OneRoster requests and it worked!
The documentation at https://webfiles.blackbaud.com/files/support/helpfiles/education/k12/full-help/content/bb-core-oauth.html says to use HMAC-SHA1 but that seems to be inaccurate.
Hopefully they can correct their documentation, as this really had me scratching my head for a long time.
Regards,
Dobes
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 213 bbcon®
- 1.4K Blackbaud Altru®
- 402 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 360 Blackbaud eTapestry®
- 2.6K Blackbaud Financial Edge NXT®
- 655 Blackbaud Grantmaking™
- 576 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 939 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.6K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 248 ResearchPoint™
- 119 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 241 Member Lounge (Just for Fun)
- 34 Blackbaud Community Challenges
- 34 PowerUp Challenges
- 3 (Open) PowerUp Challenge: Chat for Blackbaud AI
- 3 (Closed) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 792 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)