Go to your school's instance of the ON products [school].myschoolapp.com and sign in using your account. If you are not a Platform Manager for the school, you will need to get someone who is to sign in and perform the next step.

A platform manager should:

1. Sign in to Blackbaud Education Management.

2. Go to Core.

3. Select Security

4. Select Roles

5. Select Web Services API Manager.

   To see the “Web Services API Manager” Role, your school must have the SDK installed.

6. Select Members and add the user who will access the API.

   If a staff member at the school develops an application, we recommend creating a separate user account for that purpose. We discourage using the same user account for both app development and logging in to the school site (Blackbaud Education Management). We recommend creating a user specifically for the Web Services API Manager role rather than adding the role to an existing user. You will be using this user's login information in Step 5.

Partners: Existing partners are required to add an additional role to the user. The role name corresponds with their organization name. Note that this step will no longer be relevant once ON API fully transitions into SKY API.

Take a look at our API Reference to see what information the API allows you to access.

Read the Basics for more information on how to authenticate via the REST API, how specific errors are returned, and what the supported response formats are.

Users with the ON API Access Manager role should:

1. Sign in to Blackbaud Education Management.

2. Go to Core.

3. Select Security.

4. Select Authentication settings.

5. Select ON API Acess.

6. View and manage users' accounts who are currently (or were previously) able use "legacy" ON API endpoints to access the school's data.

   If a staff member at the school develops an application, we recommend creating a separate user account for that purpose. We discourage using the same user account for both app development and logging in to the school site (Blackbaud Education Management).

7. Generate an authentication token for each user account on the list that should maintain access. The token includes both a Key and Secret . Copy this information and provide it to the application or partner.

8. Contact each Active developer and provide them with their Key and Secret for their authentication token.

9. Update the user accounts' roles to ensure they have the relevant security roles that grant them access to the necessary endpoints.

10. If a user account doesn't login with a new token for 90 days, the key and secret will expire. The ON API Access Manager will need to generate a new key to replace the expired one. Share the new token with the application.

    If a user account is active for ON API within the first 90 days, the token's expiration date automatically extends for another 90 days, up to 365 days. Generate a new key each year to replace the expired one. Share the new token with the application.

Application and integration developers recieve their authentication token from the ON API Access Manager at the school. The token includes both a Key and Secret.

You can use Postman to make a POST request to the authentication route as a means to get your authentication token.

Developers should perform a POST call to the following route: https://{school}.myschoolapp.com/api/authentication/login.

The POST request must contain two body key-value pairs: username and password.

The following JSON stucture can be used for the body of the POST:

{
  "username": "apikey",
  "password": "secret"
}

A successful response will yield 200OK and provides the authentication token.

Read the Basics and then use the API Reference to explore more of the capabilities of the ON API.