Payment API access

Sumathi Babu

Hi all,

I am currently working on integrating my payment API from Bambora with Blackbaud for my public donation portal. Accessing the payment API requires an authorization process, but not every user of my application may wish to undergo this process. How should I address this situation? Is there an alternative method for accessing the API, such as using a username and password or other credentials? I apologize if my questions seem trivial.

Nick Johannsen

@Sumathi Babu Are you using any middle man software / code on a private server to connect the 2?

If yes: You don't need the user to authorize the payment API. Instead set up an admin authorization system that will create your Refresh and Authorization token that every one will use to pass information through the payment API.

• In the middle man have a create BB Payment API Token endpoint
• Have system make oauth request for the admin logging in
  • https://developer.blackbaud.com/skyapi/docs/authorization/auth-code-flow
  • For this system you would need to be using a Confidential application (secure web server)
  • https://developer.blackbaud.com/skyapi/docs/authorization/auth-code-flow/confidential-application
• Collect the Refresh token and store it securely
• When needed to make payment API call, use the refresh token to collect and authorization token
• Use new authorization token to make API call.
  • You can store you authorization token securely to so you can make fewer calls to get security tokens or you can just get a new token every time you want to make a call. If you store you authorization token you will want to check expiration before making calls or be prepared to handle unauthorized responses.
• You refresh token will have an expiration date as well but it will be 3 month or a year out. You can get a new refresh token with your current refresh token assuming you refresh token has not expired. You can do this every time you get a authorization token or have your system check for expiration date and get a new one before it expires.
  

Sumathi Babu

@Nick Johannsen Thank you for your response.

I've implemented the steps you recommended. In our application, we're focused on saving credit card details and recurring donation information exclusively in Payment Gateway. For this purpose, I'm utilizing the Blackbaud API "https://api.sky.blackbaud.com/payments/v1/transactions" to store our transactions. Since we're using our custom donation forms and not relying on Blackbaud checkout, I'm only integrating the API necessary for retrieving the card token and payment configuration ID. Can you assist me in understanding how to save and trigger recurring transactions?

Additionally, the transactions stored using the sample JSON values are not appearing in the Blackbaud Payment Portal Transaction list. Will it only display the original transactions, or am I overlooking something?

Nick Johannsen

@Sumathi Babu
Sorry for the delay. Not an expert on this as I just set up our recurring membership payment last year and there were lots of brick walls and quite a few things we are not quite happy with but I will do my best to help as much as possible.

Question: Do you plan on using the recurring gift in RE to do the scheduling and charging of the card or do you plan to have you own system that keeps track of scheduling and then calling the post transaction and capture transaction endpoints?

When you say the “ the transactions stored using the sample JSON values are not appearing in the Blackbaud Payment Portal Transaction list” do you mean you have created a transaction via the Post Transaction Endpoint and then used the Post transaction capture endpoint to “Run / Capture” that transaction and that information is not showing up as a transaction in Blackbaud payment portal? If not can you explain what you did and what you were expecting?