Client Create API - Help needed
I'm trying to create a sign-on box for a microsite, just an email input. I set up the code as the example client create API page provides, but get no results. Convio Support redirected me here (as an aside to Convio staff, can you explain why you offer an API for use by clients, but don't offer support for the API through your support system?)
In Firefox I get "Error: uncaught exception: Permission denied to call method XMLHttpRequest.open"
In IE7 I get an access is denied error, at the line in the API code "req.open('POST', url, true);"
I'd appreciate any clarification on where I'm going wrong, via this forum or direct by email.
I'm using the following code:
<!-- begin convio form -->
<script type='text/javascript'>
var siteID='nwlc'; //This is a unique ID for the Convio site being accessed.
var url='https://secure2.convio.net/' + siteID + '/site/CRConsAPI';
var req=null;
var console=null;
//This is the primary method referenced by the form
function createUser() {
//Establish appropriate XMLHttpRequest
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
} else if (window.ActiveXObject) {
req = new ActiveXObject("Microsoft.XMLHTTP");
}
if (req) {
params = buildParams(); //Parse the form parameters
req.onreadystatechange = verifyCreate; //Handles asynchronous polling and final method disposition
req.open('POST', url, true); //Convio Constituent Management API only supports POST method
req.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
req.send(params); //Send request
}
}
//This function builds a urlencoded set of query arguments
//Assumes all arguments are either in text or hidden elements in form
function buildParams() {
var form=document.getElementById('createUserForm');
var params='';
var name;
var value;
for (i=0; i<form.childNodes.length; i++) {
name=form.childNodes+.name;
value=form.childNodes+.value;
if ((value!=null && value!='') && (form.childNodes+.type=='text' || form.childNodes+.type=='hidden')) {
if (params!='') {params+='&';}
params+=encodeURIComponent(name)
params+='=';
params+=encodeURIComponent(value);
}
}
return params;
}
//Monitors the state of the request and executes
//final business logic when request completes
function verifyCreate(){
if (console!=null && req.readyState==4){
//Success
if (req.status==200) {
var response = eval( '(' + req.responseText + ')'); //Instantiate an object from JSON response
alert('Created new user: ' + response.createConsResponse.cons_id); //Echo new constituent ID
addNode(req.responseText); //Update page with full response information
}
//Failure
else {
var response = eval( '(' + req.responseText + ')'); //Instantiate an object from JSON response
alert('Problems: ' + response.errorResponse.message); //Echo error message
addNode(req.responseText); //Update page with full response information
}
}
}
//Adds a new div element with full response text
function addNode(data) {
var newline=document.createElement("div");
console.appendChild(newline);
var txt = document.createTextNode(data);
newline.appendChild(txt);
}
window.onload=function(){
console=document.getElementById('console');
}
</script>
<div id='createUserForm'>
<input type="hidden" id="method" name="method" value="create"/>
<input type="hidden" id="response_format" name="response_format" value="json"/>
<input type="hidden" id="api_key" name="api_key" value="xxxxxxxxxxx"/>
<strong>Email</strong>
<input type="text" id="primary_email" name="primary_email" value=""/></br></br>
<input type="hidden" id="add_interest_ids" name="add_interest_ids" value="1030"/>
<input type="hidden" id="add_group_ids" name="add_group_ids" value="5261"/>
<input type="hidden" id="no_welcome" name="no_welcome" value="f"/>
<input type="hidden" id="redirect" name="redirect" value="/>
<input type="hidden" id="v" name="v" value="1.0"/>
<button onclick="createUser()">Sign Up</button>
</div>
<!-- end convio form -->
Comments
-
I'd like to address the support question.
As you can appreciate, supporting an API is an altogether different challenge to supporting a software application. Given that any use of the APIs will involve custom code, it's not feasible to debug custom code for clients, which is why we've enabled this forum and are encouraging clients, partners, as well as, our engineering and support staff to chime in and help each other out. In time we hope this community will grow to become a vibrant, active and valuable resource for API support and best practices, much like the Flickr, Google and Salesforce.com API support forums have become.
Cheers to you for blazing the trail! We have a handful of other clients also working to build custom applications using the API and I would like to encourage them to weigh in and "lend a hand".
0 -
Now I'd like to address the technical question.
It looks like you have used the sample code provided on the create method page, however, it appears you've not modified the post url
var url='https://secure2.convio.net/' + siteID + '/site/CRConsAPI';
The script does not know your siteID.
Find and replace this with your siteID and then give it a try.
0 -
tommy Spann:
Now I'd like to address the technical question.
It looks like you have used the sample code provided on the create method page, however, it appears you've not modified the post url
var url='https://secure2.convio.net/' + siteID + '/site/CRConsAPI';
The script does not know your siteID.
Find and replace this with your siteID and then give it a try.
actually he sets the siteID variable in the line above. But perhaps it's not the right ID.
0 -
The error messages indicate that the browsers are not permitting the AJAX call to be made to the Convio server. A security feature of browsers is to only allow these types of XML HTTP requests to be sent to the same server that sent the current page. To use this style of AJAX programming to send the API call the code must be in a page served by the Convio system, for example, within a secure PageBuilder page. Other alternatives are to have the AJAX code send the request to the same server that sent the page and then have that server use the server-to-server Convio API, or to change the code to call the Convio API using a form post instead of JavaScript and XML HTTP objects.
0 -
JeffMills :
The error messages indicate that the browsers are not permitting the AJAX call to be made to the Convio server. A security feature of browsers is to only allow these types of XML HTTP requests to be sent to the same server that sent the current page. To use this style of AJAX programming to send the API call the code must be in a page served by the Convio system, for example, within a secure PageBuilder page. Other alternatives are to have the AJAX code send the request to the same server that sent the page and then have that server use the server-to-server Convio API, or to change the code to call the Convio API using a form post instead of JavaScript and XML HTTP objects.
I'm sorry but can you clerify that please... I don't think i'm understanding what you just explained.
0 -
Matthew Andrade:
I'm sorry but can you clerify that please... I don't think i'm understanding what you just explained.
The XMLHttpRequest or ActiveXObject("Microsoft.XMLHTTP") object that you create has security restrictions that are built in to the browsers and that have nothing to do with the Convio API. They are in effect for any URL that you try to access with them. This is often called the "same origin policy". The restriction is that the browser will only let you access URLs on the same site that the page came from (your server). Some alternative solutions are:
1. Use AJAX to call a URL on your own server which runs server-side code to call the Convio server-side API. Your server-side code then relays the response back to the browser as the response to your AJAX call.
2. Build your page within Convio on a secure (SSL) PageBuilder page. This way, the AJAX code will be calling back to the same domain ("origin") to access the API and it will be allowed.
3. Instead of AJAX, submit a form using the Convio API URL as the "action" attribute of the form.
0 -
JeffMills :
The XMLHttpRequest or ActiveXObject("Microsoft.XMLHTTP") object that you create has security restrictions that are built in to the browsers and that have nothing to do with the Convio API. They are in effect for any URL that you try to access with them. This is often called the "same origin policy". The restriction is that the browser will only let you access URLs on the same site that the page came from (your server). Some alternative solutions are:
1. Use AJAX to call a URL on your own server which runs server-side code to call the Convio server-side API. Your server-side code then relays the response back to the browser as the response to your AJAX call.
2. Build your page within Convio on a secure (SSL) PageBuilder page. This way, the AJAX code will be calling back to the same domain ("origin") to access the API and it will be allowed.
3. Instead of AJAX, submit a form using the Convio API URL as the "action" attribute of the form.
Matt, also, this is and aside and totally a personal preference... but if you're trying to write AJAX applications, I would suggest you look into some of the JS libraries out there like JQuery or Prototype. I used reinvent the wheel all the time, intentionally, because I really wanted to learn how to do things. Over the years (and i've been doing web developement for more than 10 now), I realized how silly that is. The code you provided to form, send and handle the return of your xmlHTTP request could be written in like 6 or so lines of code total with either JQuery or Prototype. There are still lots of things you have to do yourself, but all the little tricky things like cross-browser support code are handled inside the library and you never need to touch it. I am partial to Prototype, but have done lots of applications under JQuery too. They are basically the same, don't let any biased bloggers say otherwise. The trick is picking one, learning the API syntax and sticking to it....
0 -
Michael :
Matt, also, this is and aside and totally a personal preference... but if you're trying to write AJAX applications, I would suggest you look into some of the JS libraries out there like JQuery or Prototype. I used reinvent the wheel all the time, intentionally, because I really wanted to learn how to do things. Over the years (and i've been doing web developement for more than 10 now), I realized how silly that is. The code you provided to form, send and handle the return of your xmlHTTP request could be written in like 6 or so lines of code total with either JQuery or Prototype. There are still lots of things you have to do yourself, but all the little tricky things like cross-browser support code are handled inside the library and you never need to touch it. I am partial to Prototype, but have done lots of applications under JQuery too. They are basically the same, don't let any biased bloggers say otherwise. The trick is picking one, learning the API syntax and sticking to it....
Michael,
Thank you... I will take a look into taking that route. I do like learning how things are working but I see what your saying.
0 -
Matthew Andrade:
Michael,
Thank you... I will take a look into taking that route. I do like learning how things are working but I see what your saying.
One other thing I happened to notice in your HTML:
<input type="hidden" id="redirect" name="redirect" value="http://www.nwlc.org/fairpay/index.html%22//>
That URL isn't correct. Maybe an artifact of copy/pasting, but the %22// part is an error.
0
Categories
- All Categories
- Shannon parent
- shannon 2
- shannon 1
- 21 Advocacy DC Users Group
- 14 BBCRM PAG Discussions
- 89 High Education Program Advisory Group (HE PAG)
- 28 Luminate CRM DC Users Group
- 8 DC Luminate CRM Users Group
- Luminate PAG
- 5.9K Blackbaud Altru®
- 58 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 409 bbcon®
- 2.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- donorCentrics®
- 1.1K Blackbaud eTapestry®
- 2.8K Blackbaud Financial Edge NXT®
- 1.1K Blackbaud Grantmaking™
- 527 Education Management Solutions for Higher Education
- 1 JustGiving® from Blackbaud®
- 4.6K Education Management Solutions for K-12 Schools
- Blackbaud Luminate Online & Blackbaud TeamRaiser
- 16.4K Blackbaud Raiser's Edge NXT®
- 4.1K SKY Developer
- 547 ResearchPoint™
- 151 Blackbaud Tuition Management™
- 1 YourCause® from Blackbaud®
- 61 everydayhero
- 3 Campaign Ideas
- 58 General Discussion
- 115 Blackbaud ID
- 87 K-12 Blackbaud ID
- 6 Admin Console
- 949 Organizational Best Practices
- 353 The Tap (Just for Fun)
- 235 Blackbaud Community Feedback Forum
- 55 Admissions Event Management EAP
- 18 MobilePay Terminal + BBID Canada EAP
- 36 EAP for New Email Campaigns Experience in Blackbaud Luminate Online®
- 109 EAP for 360 Student Profile in Blackbaud Student Information System
- 41 EAP for Assessment Builder in Blackbaud Learning Management System™
- 9 Technical Preview for SKY API for Blackbaud CRM™ and Blackbaud Altru®
- 55 Community Advisory Group
- 46 Blackbaud Community Ideas
- 26 Blackbaud Community Challenges
- 7 Security Testing Forum
- 1.1K ARCHIVED FORUMS | Inactive and/or Completed EAPs
- 3 Blackbaud Staff Discussions
- 7.7K ARCHIVED FORUM CATEGORY [ID 304]
- 1 Blackbaud Partners Discussions
- 1 Blackbaud Giving Search™
- 35 EAP Student Assignment Details and Assignment Center
- 39 EAP Core - Roles and Tasks
- 59 Blackbaud Community All-Stars Discussions
- 20 Blackbaud Raiser's Edge NXT® Online Giving EAP
- Diocesan Blackbaud Raiser’s Edge NXT® User’s Group
- 2 Blackbaud Consultant’s Community
- 43 End of Term Grade Entry EAP
- 92 EAP for Query in Blackbaud Raiser's Edge NXT®
- 38 Standard Reports for Blackbaud Raiser's Edge NXT® EAP
- 12 Payments Assistant for Blackbaud Financial Edge NXT® EAP
- 6 Ask an All Star (Austen Brown)
- 8 Ask an All-Star Alex Wong (Blackbaud Raiser's Edge NXT®)
- 1 Ask an All-Star Alex Wong (Blackbaud Financial Edge NXT®)
- 6 Ask an All-Star (Christine Robertson)
- 21 Ask an Expert (Anthony Gallo)
- Blackbaud Francophone Group
- 22 Ask an Expert (David Springer)
- 4 Raiser's Edge NXT PowerUp Challenge #1 (Query)
- 6 Ask an All-Star Sunshine Reinken Watson and Carlene Johnson
- 4 Raiser's Edge NXT PowerUp Challenge: Events
- 14 Ask an All-Star (Elizabeth Johnson)
- 7 Ask an Expert (Stephen Churchill)
- 2025 ARCHIVED FORUM POSTS
- 322 ARCHIVED | Financial Edge® Tips and Tricks
- 164 ARCHIVED | Raiser's Edge® Blog
- 300 ARCHIVED | Raiser's Edge® Blog
- 441 ARCHIVED | Blackbaud Altru® Tips and Tricks
- 66 ARCHIVED | Blackbaud NetCommunity™ Blog
- 211 ARCHIVED | Blackbaud Target Analytics® Tips and Tricks
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- Luminate CRM DC Users Group
- 225 ARCHIVED | Blackbaud eTapestry® Tips and Tricks
- 1 Blackbaud eTapestry® Know How Blog
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)
- 1 Blackbaud K-12 Education Solutions™ Blog
- 280 ARCHIVED | Mixed Community Announcements
- 3 ARCHIVED | Blackbaud Corporations™ & Blackbaud Foundations™ Hosting Status
- 1 npEngage
- 24 ARCHIVED | K-12 Announcements
- 15 ARCHIVED | FIMS Host*Net Hosting Status
- 23 ARCHIVED | Blackbaud Outcomes & Online Applications (IGAM) Hosting Status
- 22 ARCHIVED | Blackbaud DonorCentral Hosting Status
- 14 ARCHIVED | Blackbaud Grantmaking™ UK Hosting Status
- 117 ARCHIVED | Blackbaud CRM™ and Blackbaud Internet Solutions™ Announcements
- 50 Blackbaud NetCommunity™ Blog
- 169 ARCHIVED | Blackbaud Grantmaking™ Tips and Tricks
- Advocacy DC Users Group
- 718 Community News
- Blackbaud Altru® Hosting Status
- 104 ARCHIVED | Member Spotlight
- 145 ARCHIVED | Hosting Blog
- 149 JustGiving® from Blackbaud® Blog
- 97 ARCHIVED | bbcon® Blogs
- 19 ARCHIVED | Blackbaud Luminate CRM™ Announcements
- 161 Luminate Advocacy News
- 187 Organizational Best Practices Blog
- 67 everydayhero Blog
- 52 Blackbaud SKY® Reporting Announcements
- 17 ARCHIVED | Blackbaud SKY® Reporting for K-12 Announcements
- 3 Luminate Online Product Advisory Group (LO PAG)
- 81 ARCHIVED | JustGiving® from Blackbaud® Tips and Tricks
- 1 ARCHIVED | K-12 Conference Blog
- Blackbaud Church Management™ Announcements
- ARCHIVED | Blackbaud Award Management™ and Blackbaud Stewardship Management™ Announcements
- 1 Blackbaud Peer-to-Peer Fundraising™, Powered by JustGiving® Blogs
- 39 Tips, Tricks, and Timesavers!
- 56 Blackbaud Church Management™ Resources
- 154 Blackbaud Church Management™ Announcements
- 1 ARCHIVED | Blackbaud Church Management™ Tips and Tricks
- 11 ARCHIVED | Blackbaud Higher Education Solutions™ Announcements
- 7 ARCHIVED | Blackbaud Guided Fundraising™ Blog
- 2 Blackbaud Fundraiser Performance Management™ Blog
- 9 Foundations Events and Content
- 14 ARCHIVED | Blog Posts
- 2 ARCHIVED | Blackbaud FIMS™ Announcement and Tips
- 59 Blackbaud Partner Announcements
- 10 ARCHIVED | Blackbaud Impact Edge™ EAP Blogs
- 1 Community Help Blogs
- Diocesan Blackbaud Raiser’s Edge NXT® Users' Group
- Blackbaud Consultant’s Community
- Blackbaud Francophone Group
- 1 BLOG ARCHIVE CATEGORY
- Blackbaud Community™ Discussions
- 8.3K Blackbaud Luminate Online® & Blackbaud TeamRaiser® Discussions
- 5.7K Jobs Board