OAuth2 Issue

Timothy Meyn

I am currently trying to integrate Blackbaud's Payments API into a pre-existing platform to allow our customers to process transactions against the Payments API gateway. However, this integration will take the form of a server to server application where the “user,” would not have to interact with it at all. This means that the user would not be able to interact with the OAuth2 popup asking them to authorize the application. Is there any way that I could have the entire authorization flow happen in the backend?

Amanda Glosson

Hi Timothy

I've seen this type of integration referred to before as a “headless” application. This post response by Ben L is a really great explanation about how you could go about handling OAuth in a headless application. There may be more topics of conversation if you search the community using that term.

Hope this helps.

Amanda

Steven Cinquegrana

I agree with Amanda; there're plenty of posts on this if you search for “unattended”, “headless”, etc.

Essentially, you get a Refresh Token manually - using an auxiliary app or whatever - then get your headless app to use it from there to retrieve Access Tokens and make calls.

The only issue is that if there is an outage of any kind, the app won't be able to manually recover so it'll have to alert someone. Using the Refresh Token preserve_refresh_token option can help, meaning that if a token refresh fails for whatever reason, the headless app can reuse it to try again.