"This scenario begins with an end-user logged into your application, using your application's credentials."
I am having a hard time understanding the documentation on this site, particularly for authorization.
I have successfully had my client connect my application to their environment, but believe that I still need them to authorize me to access their data using the steps here:
https://developer.blackbaud.com/skyapi/docs/authorization
My understanding of these instructions are that I need:
1. The client's admin to log into my application using my application's credentials
2. They will be automatically redirected to something asking them to authorize the app
3. Either they or I will get the access token somehow maybe
What I don't understand is what this means: "This scenario begins with an end-user logged into your application, using your application's credentials."
How does the client log into my application using my application's credentials without just having them log in as me?
Am I misunderstanding these instructions?
I have successfully had my client connect my application to their environment, but believe that I still need them to authorize me to access their data using the steps here:
https://developer.blackbaud.com/skyapi/docs/authorization
My understanding of these instructions are that I need:
1. The client's admin to log into my application using my application's credentials
2. They will be automatically redirected to something asking them to authorize the app
3. Either they or I will get the access token somehow maybe
What I don't understand is what this means: "This scenario begins with an end-user logged into your application, using your application's credentials."
How does the client log into my application using my application's credentials without just having them log in as me?
Am I misunderstanding these instructions?
0
Comments
-
Hey Mark,
Yeah, perhaps we can clarify that line. This documentation is trying to convey that you will have user using your app (in this case, your client admin), and you'll need to prompt them to authorize your application for their Blackbaud environment. By "...logged into your application, using your application's credentials," the docs are making an assumption that you'll have your own concept of what a user is to your application, and they'll be logged into your app with whatever authentication mechanism your app provides. "Your application's credentials" may have been a poor choice of words there; in this case, we mean your user's credentials to your application, not your Blackbaud SKY Application credentials (client id and secret).
The remainder of that documentation page is intended to be a high-level overview of the user flow from your application -> to our OAuth authorization form** -> back to your application. The real details of how to do that from a technical perspective are in the tutorial a few side-navigation links below that one.
** This goes to your point #2. Your application needs to prompt the user to give your application consent by directing them to our OAuth authorization page. This will not automatically happen (unless you're using a library in your code that handles that all for you)
As for point #3 - Once this user has authorized your application (clicks the "Authorize" button), your application will receive everything it needs to obtain an access token without your user providing anything else.
Let me know if you need anymore clarification. We'll definitely clean up this line in our docs and look at other ways to clarify. Thanks0 -
Sorry, I'm afraid I'm still confused.
I think what's confusing me here is that, from my perspective, the "application" is a figment of our collective imaginations. I'm not actually building an "application" -- I'm just trying to connect Blackbaud to a business intelligence dashboard.
My app doesn't have an authentication mechanism because, outside of a form I filled out on this website, it doesn't exist.
All I want to do is get data from an API endpoint. How do I get authorized to do that?0 -
Wait -- I think this just clicked in.
Does this just mean that the client needs to visit https://oauth2.sky.blackbaud.com/authorization?client_id=insert_clientid_here&redirect_uri=https://www.myredirecturi/&response_type=code in their browser?0 -
Mark Oliver:
Wait -- I think this just clicked in.
Does this just mean that the client needs to visit https://oauth2.sky.blackbaud.com/authorization?client_id=insert_clientid_here&redirect_uri=https://www.myredirecturi/ ?Yes, your application (or your business intelligence dashboard) will have to send the client to that URL (filled in with your app's id and redirect URI, of course).
In response to your previous message, about not actually building an application,
That's fair. I'm not familiar with your particular use case. Does this business intelligence dashboard have built-in support for integrating with OAuth 2.0 and making web requests to a REST API? If it does, that dashboard provide a place for you to supply them with your "application's" OAuth credentials (the client Id and Secret); the dashboard would likely provide you with a OAuth redirect URI to configure with your SKY Application. Essentially, this dashboard would be acting as the "application." Without knowing more about the specifics of this tool, I'm guessing that the tool won't be able to make API requests to arbitrary SKY API (REST) endpoints. There are many tools that provide some level of OAuth 2.0 support out of the box, but most of those require some custom code to be written to integrate/translate the information from an API (like ours) so that the tool (in this case, your dashboard) can make sense of it.
I may be able to provide some additional feedback for your solution if it's obvious based on their documentation, but this may require additional consulting outside of that.
As far as getting data from an API endpoint, we have a few ways for you to test things out.
Making API calls with the SKY API Console
Microsoft Power Platform - Allows for some integrations without writing code
There are other tools, like Postman, that allow you to import the API definitions (OpenAPI) and use your application's credentials to make API calls. The OpenAPI definition can be found at top of every Endpoint reference page under the "API Definition" button (example).
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 213 bbcon®
- 1.4K Blackbaud Altru®
- 403 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.2K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 360 Blackbaud eTapestry®
- 2.6K Blackbaud Financial Edge NXT®
- 656 Blackbaud Grantmaking™
- 577 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 940 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.7K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 249 ResearchPoint™
- 119 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 241 Member Lounge (Just for Fun)
- 34 Blackbaud Community Challenges
- 37 PowerUp Challenges
- 3 (Open) PowerUp Challenge: Grid View Batch
- 3 (Closed) PowerUp Challenge: Chat for Blackbaud AI
- 3 (Closed) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 796 Community News
- 3K Jobs Board
- 54 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)