Use Legacy ON API endpoints with SKY API Credentials
I am a developer for a school application that uses ON API endpoints. The school switched to using Blackbaud ID for sign in of their school application. How would I go about getting a token for the legacy endpoints? I am able to get an OAuth2 token from SKY sucessfully, but I cannot use the token for the legacy endpoints.
Comments
-
Hi Mike,
Those are 2 independent authentications, so your SKY API OAuth2 token will not work for On API. On API authentication now requires a POST call with school-generated key/secret, and it doesn't matter if they're using Blackbaud ID. You may find this helpful:
Additionally, I would advise migrating to our School API. Good luck!
-Evan
1 -
Evan,
MySchoolApp.com uses the legacy ON API, but uses BBID OAuth2 log in. Using the web inspector I can see that the OAuth2 Token is exchanged for a ON API Login Token, which is returned as a Cookie HTTP Header. I believe conversion is possible, because MySchoolApp does exactly what I am trying to do.
0 -
Mike,
Please describe your API use case further. It almost sounds as if you are attempting a SSO. If that's the case I would encourage you to check this out:
This works for any authenticated user, regardless of myschoolapp.com authentication method (BBID, legacy username/password, etc). If you are instead interested in making specific API calls, please clarify.
Thanks,
Evan
1 -
The application, prior to June 30, allowed students to sign in with their username and password and view their schedules and pending assignments (using API calls from the ON API). I understand the switch to a Key/Secret authentication for the ON API, but now students are required to log in with BBID through Google SSO. The issue is, I cannot use any of the API calls because of missing authentication. If the students can log into MySchoolApp with BBID (and use the same API calls that I am using in my application), then there should be a way for me to authenticate the students using the SKY OAuth2 protocol. Using a web inspector, I can see that MySchoolApp converts a BBID OAuth2 Token to an ON API login token, which is the same type of token that was previously used when students would log in with their legacy usernames and passwords. If MySchoolApp can create this type of token, there has to be an API call that allows user authentication using a BBID OAuth2 token that connects to the ON API. Many students rely on this application and with the school year approaching, the app is essentially rendered useless.
0 -
I would strongly discourage using a Web inspector to inform any development/integration. We offer formalized API documentation for supported external use cases. You will likely be interested in Implicit Flow authorization with SKY API to make those calls on behalf of users:
1 -
I have used the documentation to setup BBID sign in with my application, which is linked to the school's environment. I can successfully get the login token. What I need is to exchange an OAuth2 token for an ON API token. MySchoolApp does this, so it is possible. I only used the web inspector to see how MySchoolApp handles the OAuth2 token.
0 -
Mike Schleider:
I have used the documentation to setup BBID sign in with my application, which is linked to the school's environment. I can successfully get the login token. What I need is to exchange an OAuth2 token for an ON API token. MySchoolApp does this, so it is possible. I only used the web inspector to see how MySchoolApp handles the OAuth2 token.
ON API tokens (Key and Secret) are created in Core:
However, we encourage all new development to use the SKY “School” API, not the ON API.
0 -
My actual question is being ignored. I need to use a BBID OAuth2 token to authenticate with the ON API. MySchoolApp does it, so it must be possible. How would I go about doing this through the ON or SKY APIs?
0 -
Mike,
If your objective is to allow school constituents to leverage a single sign-on experience with Blackbaud and to facilitate API calls, we have shared the appropriate paths for doing so. If your objective is to bypass our approved API authentication methods by reverse engineering security protocols within our product, we are unable to support you and would advise against it.
-Evan
1 -
I am not trying to bypass any authentication protocols, I am trying to understand the protocols to use an OAuth2 token with the ON API, the same way that MySchoolApp does.
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 209 bbcon®
- 1.4K Blackbaud Altru®
- 394 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 359 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 646 Blackbaud Grantmaking™
- 563 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 934 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.4K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 242 ResearchPoint™
- 118 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 238 The Tap (Just for Fun)
- 33 Blackbaud Community Challenges
- 28 PowerUp Challenges
- 3 (Open) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 779 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)