Sky API headless oAutho2
We are trying to create a headless app to call payment sky API, to process payments. We came across the issue, that to get the authorization token we always need to go by oAutho2 pop up. But we can not allow the end user. End users will not have that information.
As an alternative, suggested in developer forum, we are first getting the refresh token using postman and then using this refresh token, to get authorization token. But the question is how long this refresh token will be alive, if we use preserve refresh token parameter? Is that the initial refresh token, that we obtained from postman, can be made alive for lifetime, and no manual intervention is needed to obtain a refresh token, further, when we put the code in production?
Please let us know, if there is any other way to achieve that?
Our strong requirement is this refresh token must never expire (Now it is expiring after one hour).
As an alternative, suggested in developer forum, we are first getting the refresh token using postman and then using this refresh token, to get authorization token. But the question is how long this refresh token will be alive, if we use preserve refresh token parameter? Is that the initial refresh token, that we obtained from postman, can be made alive for lifetime, and no manual intervention is needed to obtain a refresh token, further, when we put the code in production?
Please let us know, if there is any other way to achieve that?
Our strong requirement is this refresh token must never expire (Now it is expiring after one hour).
1
Comments
-
Hi @Amit Mandal.
The other posts you would have hopefully read should cover your questions, but in brief:
- The Refresh Token currently has a life of 365 days; it's the Access Token that expires after an hour.
- The default behaviour is for the Refresh Token to be renewed when a new Access Token is requested, but it can be set to persist using the preserve_refresh_token option.
- No matter what, you will eventually have to refresh the Refresh Token, but this can be managed in your code.
- Unfortunately, the gotcha with oAuth2 is that if anything goes wrong in the token exchange - a network or server outage, etc - you face the prospect of having to manually re-establish your token set. You would need to set up some kind of alert or monitoring system to handle this. It's one of the biggest annoyances of oAuth over more manageable authorisation methods - especially for headless/unattended applications - such as HTTP Basic Auth. You can hunt around the web and the Community for commentary on this subject.
I hope that helps.Cheers,
Steve Cinquegrana | CEO and Principal Developer | Protégé Solutions
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 206 bbcon®
- 1.4K Blackbaud Altru®
- 394 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 357 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 646 Blackbaud Grantmaking™
- 561 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 934 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.4K Blackbaud Raiser's Edge NXT®
- 3.6K SKY Developer
- 242 ResearchPoint™
- 118 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 238 The Tap (Just for Fun)
- 33 Blackbaud Community Challenges
- 28 PowerUp Challenges
- 3 (Open) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 778 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)