Big Increase in Blocked Requests
Starting around 9/17, we saw a huge uptick in blocked calls, which seemed to manifest in a lot more authentication errors on our end with our various client integrations. Over the last few days, it looks like ~75% of our calls to the Constituent API are being blocked (when I look in the developer portal > analytics). As far as I can tell we are nowhere near our rate limits, and I can't find any definition of why calls would be blocked.
- Is there any way I can get more details on why calls would be blocked?
- Are there any known issues on the Blackbaud side dealing with authentication? I've also noticed some flaky login behavior on the developer portal, which maybe is just coincidence or maybe not.
- Is anyone else experiencing any degraded API performance?
I'd send in a support request about this, and please advise me if that is prudent (@Ray Bergman ) but I figured I would start here first in case I am missing some obvious documentation on what “blocked” calls can be caused by.
Thanks!
Comments
-
These errors seem to have ceased, at least temporarily. We last saw an error at ~7:15 am EST.
1 -
…..well, maybe I spoke too soon. They seemed to start again over the night. I will reach out to support about this.
0 -
Good morning Dan,
I am sorry you are having issues with SKY API. The developer portal is the best way for you to see if calls are being blocked and support will generally be your most consistent option for this type of issue. We are not aware of any existing authentication issues on the Blackbaud side and I am not currently aware of anyone else having this issue.
Generally, an HTTP status code of 401 would indicate a token related authentication issue. In this case, the tokens that are failing appear to be expired. Please verify that your token refresh policy is correct and the tokens being used are not expired.
We are not currently aware of any issues with the developer portal login process. Any details you would be able to provide around the problems you are experiencing there would be greatly appreciated.
0 -
Thanks Daniel,
I have reached out to support as well, per Ray's advice.
We are indeed seeing 401s at a regular clip. Would those be presented as “Blocked” or “Failed” calls in the analytics in our developer account?
Comparing week over week, last Monday and Tuesday we saw 350 blocked calls while today and yesterday we already have over 6k. It could certainly be something on our end, but we've made no changes since well before this started occurring.
Appreciate the help,
Dan
0 -
Requests with invalid or missing tokens will show up in the "Blocked calls" column of the Analytics reports in the developer portal
0 -
Hi Dan,
Is there a chance that your token set is being used by more than one application or instance at a time?
In this case, one instance can request a new Access Token (and associated Refresh Token) then, before it's used, another instance does the same, thus invalidating the previous tokens which causes an error when the first instance uses the replaced token.
Just a thought. You would likely need to use the preserve_refresh_token option in cases such as this and then schedule a Refresh Token refresh every so often in isolation before it expires (ie, before the 365 days validity is up).
Cheers,
Steve Cinquegrana | CEO and Principal Developer | Protégé Solutions
0 -
Thanks Steve and Daniel,
We shouldn't be using more than one token per environment concurrently…that being said, we did see an issue with our queuing mechanism that may have caused at least some situations where that was untrue (our developers are investigating that right now).
I mostly reached out to see if others may have been experiencing this because it was so “all of a sudden” without us having done anything (seemingly) to cause it (no updates, no huge uptick in usage of the integration, etc.).
I also opened a support ticket to see if perhaps the logs exposed anything or at least to provide a more documented definition of failed vs. blocked calls. Thank you for your clarification there, Daniel.
Hopefully we find the bug on our end and we can call it a day!
0 -
After finding some obscure behaviors in one of our libraries, we were able to identify this issue and a fix is forthcoming.
Thanks for the help all,
Dan
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 206 bbcon®
- 1.4K Blackbaud Altru®
- 394 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 357 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 646 Blackbaud Grantmaking™
- 561 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 934 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.4K Blackbaud Raiser's Edge NXT®
- 3.6K SKY Developer
- 242 ResearchPoint™
- 118 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 238 The Tap (Just for Fun)
- 33 Blackbaud Community Challenges
- 28 PowerUp Challenges
- 3 (Open) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 778 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)