How do I ensure my app has proper permissions to add constituents via the API?

Greg Miller

Just to clarify, something suddenly stopped working on an app developed a couple years ago.

The refresh token expires if it is not used in a year. So when I regenerated one, the requests were no longer complaining about an expired token. Instead, I now get this:
"error_name":"RequestNotFulfilled","error_code":403,"raw_message":"The user does not have permission to perform this operation","error_args":[]}]

Nothing in the previously functional code has changed. So it is possible someone in the company actually changed my permissions, but I am not aware of this, nor am I aware of now to find out if this is the case.

Does anyone know how I might determine why I am getting this error when trying to add constituents via the API? Or how I can instruct the admins on where to look? I am an independent developer and I have no access to the parent account. I can log in to view the constituents, but I cannot add, edit, or delete from the web interface. Perhaps this is an indication that my user, and any apps registered to my user, indeed do not have proper permissions set. The admins claim they gave me full access but I have no idea how to verify that.

Thanks

— subtle side note days later. I warned support that sending people to the community boards for assistance was an awful excuse to provide no support for your own product. This is preposterous! I am contracted to provide service to a client and I cannot fulfill my duties because you don't offer support for your own product and refuse to even acknowledge how awful this experience is. Eventually I will lose the contract. But on my way out, the only thing I can report to the client is a very strong suggestion to cease all usage of blackbaud products and migrate their CRM needs to another service. A position, it appears, I will have no choice but to relay to every other client I ever come in contact with. This is an unsustainable model in a field far too competitive to allow something this basic to prevent progress for so long.

Any actual support agent, you can see the chat history. Go ahead and review it. I was told to come here numerous times because the chat support is limited. They did not send me anywhere else. I flipped out, sure, but maybe you can see why now. Thanks. I'll let you know what bridge I live under when I lose the contract and can't pay the bills.

Greg Miller

@Greg Miller
Nothing I respect more than having to answer my own support questions…

Someone in BB support got back to us in a means outside these discussion boards. The magic ticket was making sure the account associated with the app had “Supervisor users” role applied. Once that was set, the integration was back to working as expected.

I'll leave this up for anyone else suffering from this nightmare, but for the love of man, blackbaud, use this as a case for why you should NOT have your chat team direct API needs to the community. This was unequivocally the wrong place to send anyone needing this kind of attention. This is not a joke to some of us. We depend on the services we are bound to for answering all questions about their products. If services are not willing to provide that, they shouldn't offer the service. At the very least, instruct your chat team to direct API requests to a ticket system or some other means of advanced support and never again send them here. You never know how big the bridge you're about to burn is.

Ben Wong

@Greg Miller

Sorry for your experience with the Blackbaud Support team. While our support analysts strive to provide assistance with SKY API issues, we know there are some gaps where we need to do better. We'll be working with the Support team to see how we can improve the experience.

It appears that your error was due to a change in your user permissions which prevented you from performing action in the product via the UI or API. SKY API calls are made in the context of the consenting user's permissions, so that's why setting the user to a "Supervisor user" fixed the issue for you. From reviewing the transcript, it appears the Support analyst was looking at API specific errors, rather than looking at your user permissions.

I hope you're able to continue with your project.
Thanks!