ON API Authentication Tokens (Access)

Users with the ON API Access Manager should use this to view a list of users' accounts who are currently (or were previously) able use "legacy” ON API endpoints to access your data or who manage integrations.

We recommend using separate user accounts for website login access from the API integration. Consider enabling developers to login to the Education Management user interface with a different user account via Blackbaud ID.

  • If a staff member develops an application, create a separate user account for that purpose instead of using their main account for both app development and logging in to your school site. If the staff member leaves your employment, you can then disable the user account they used to login, while maintaining the developer account to keep the application running.

  • Additionally, using separate accounts makes it easier to troubleshoot defects in applications, since you can use the Login History to review exactly when the app ran. If the staff logged in every day with combined account, instead of separate accounts, you’d be unable to review which logins were for the application compared to the website.

Schools who:

  • have someone develop their own applications,

  • run integrations that use ON API,

  • have user accounts appear in the list for ON API access,

  • use applications by one of the third party partners mention in this Blackbaud Support KnowledgeBase article,

  • use different third-party partner or vendor who has direct access via the SDK,

  • or use a "sandbox" for for your “legacy” ON API applications and integrations,

must use authentication tokens (Keys and Secrets) for ON API. Configure “sandbox” environment first, and then repeat the actions for your live instance of Blackbaud Education Management.

Tokens are for developers and integration managers who create or maintain the integrations and applications. You don't need tokens for every student, teacher, etc.