Delete authorization??
I'm trying to delete obsolete ratings records and getting Unauthorized responses. I had permissions added to my account(?), so I'm able to delete a rating from the endpoint reference test page, but now I'm getting the error just when I try to issue the Delete Rating request from a C# application. How can I verify which user is implied by the authorization code I'm using? Is the user implied by the account that created the Application ID?
0
Comments
-
Hi Jon,
During the authorization code flow, after your application is authorized for an environment by a user, your application will be granted a one time use authorization code. That authorization code will then be used to get an access token. The access token will be used to determine user access while making SKY API requests and is valid for 60 minutes. A refresh token will be given at the same time as the access token. The refresh token is used to get another access token, without needing to get another authorization code, and is valid for 1 year. Authorization codes, access tokens, and refresh tokens are all sensitive values that allow access to data and should be handled carefully to avoid compromise.
The access token used in requests being made to SKY API would have the same access as the user that creates the authorization code and consented to the application accessing the data in that environment. One way to see the id of the user that consented is in the response of the access token request.
https://developer.blackbaud.com/skyapi/docs/authorization/auth-code-flow/tutorial#tokens-returned
1 -
Thanks, but this doesn't answer my question. I have successfully retrieved authorization codes and access and refesh tokens and used GET Ratings and Consitituents, etc., and POST Ratings, but when I tried DELETE Rating I got a response saying "Unauthorized" and something to the effect of "This user does not have permission for this request." An NXT administrator gave my account Delete permission, and then I was able to issue successful DELETE Rating requests from the Endpoint Reference Test page, but when I use an access token that I have authorized to DELETE Rating from a C# application, I'm still getting the 401 "Unauthorized" response. How can I determine the specific problem and solution?0
-
I figured it out. I was adding "bb-api-subscription-key" and "Authorization" headers before each DELETE request, so on the second and subsequent requests the redundant headers triggered an "Unauthorized" response.0
Categories
- All Categories
- 6 Blackbaud Community Help
- 209 bbcon®
- 1.4K Blackbaud Altru®
- 395 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 359 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 646 Blackbaud Grantmaking™
- 564 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 934 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.4K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 243 ResearchPoint™
- 118 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 238 The Tap (Just for Fun)
- 33 Blackbaud Community Challenges
- 28 PowerUp Challenges
- 3 (Open) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 779 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)