Production API Keys?

@james kresge Would you be able to provide more context on what you are looking for? You may be able to find what you are looking for around subscriptions and keys in the documentation.

@james kresge:

@Daniel Leonard thanks Daniel. We have 2 RE NXT environments associated with our organization: 1) “Sandbox/User Acceptance Testing” and 2) "Production". We have not yet gone live in production but have been using the SKY APIs (and associated API Keys) to access our RE NXT “Sandbox” environment for several months. We are getting ready to go live in production and want to do a smoke test of our application using SKY APIs hitting our RE NXT “Production” environment. I can't figure out how to create a new set of API keys that can be used to access our RE NXT “Production” environment through the SKY APIs, and would like to learn how to do that.

Hey James, the SKY API keys aren't tied to an environment, rather the SKY API subscriber. Once your production instance is live and you've been added to that environment, then the authorization will give you the chance to select to which environment you wish to connect.

##Correction## I was thinking of the supplying of “envid=" purely in web requests, not API requests.

@james kresge
Just to underscore what Glen and Daniel said...your API keys aren't tied to any Blackbaud environment, they are tied to your developer account. When you make API calls, you'll provide your API key in the Bb-Api-Subscription-Key header as per the docs, and that identifies "you" as the developer calling the API (and allows the backend to enforce any call limits). But you'll also need to provide an OAuth token in the standard Authorization header, and the token is what is tied to a specific Blackbaud environment.

In order to get an OAuth token in an environment, your SKY application needs to be "connected" in that environment (and this is done by an admin in the environment). When the OAuth consent page is shown, if the user has access to multiple environments in which your app has been connected, a dropdown will allow the user to select the environment to which API calls will be made.

So the same API keys are used when making API calls, regardless of the Blackbaud customer environment being accessed by the calls.

Hope that helps clarify things.

@james kresge

"Connnect" can be thought of as "Install" - and you can interpret that semantic operation as an admin-level action that essentially "blesses" an app to operate in the context of an environment. The intent here is that the customer admin should have control over what apps are used in their environment, and at any point the admin could "Disconnect" (aka "remove", "deactivate", "uninstall", all roughly synonymous in this context) the app from the environment.

Since API calls need to happen in the context of a user (so the backend can enforce that user's security permissions as defined by the admin), the protocol used is OAuth (i.e., if you want your app to respect the current user's permission, you'll be initiating OAuth for each user). That is separate from the connect step needed by the admin. So, that's the rationale behind the somewhat uncommon "connect" step, which isn't part of the actual OAuth protocol.