Intermittent Authorization Issue
Incident Report for Blackthorn
Postmortem

Recently, we enhanced our security protocols, specifically through the rotation of the signing key for our Salesforce connected app, which is a critical component our products use to securely link your Salesforce organization to our web applications (Events, PayLink, DocmentLink, Storefront). This need for reauthentication was a direct result of us updating our security protocol. While we understand this caused a temporary disruption, please allow me to explain why this step was both necessary and ultimately beneficial:

Enhanced Security: Regularly updating signing keys is a critical practice in maintaining high security standards. This process helps in safeguarding against potential vulnerabilities and ensuring that the integrity of your data remains uncompromised.

Proactive Risk Management: The longer a signing key remains unchanged, the higher the risk of it being compromised. Rotating these keys minimizes this risk, thereby protecting both your data and our system from unauthorized access.

Adherence to Best Practices: This update aligns with industry best practices and regulatory requirements for digital security. It's part of our commitment to adhering to the highest standards and ensuring that we are always focused on data protection.

Our Apology and Commitment to You

We realize that the need for reauthentication might have caused unexpected disruptions in use of our applications. We deeply regret any inconvenience this has caused, and are taking steps to ensure that future updates are smoother, timely, and more transparent.

Support and Assistance

To assist with any lingering issues or concerns, our dedicated support team is on standby. Additionally, we have prepared resources and guides to help you navigate these changes: 

DocumentLink:

To resolve this issue, we recommend reauthorizing the DocumentLink. Please note, for the authorization to work properly, you can only be logged into one Salesforce org.

Here are the instructions for reauthorizing: https://docs.blackthorn.io/docs/authorize-documentlink

Paylink:

To resolve this issue please reauthorize the PayLink by navigating to the “Blackthorn | PayLink” app, clicking "Authorize" blue checkmark, then clicking the "Grant Access" button.

Events:

The Blackthorn Events application can be successfully reauthorized with the following steps from our User Guide: https://docs.blackthorn.io/docs/configuration#authorize-the-app

If you need additional help re-authorizing your applications or run into any issues, please create a system-impaired case using this link: https://community.blackthorn.io/s/support-request. Support is also available for live zoom support (please request when submitting case) if your team needs additional help with re-authorization.

Looking Ahead

Rest assured, we are fully committed to continuously improving our services and the experience they provide. Prior to the next scheduled key rotation we’ll be implementing a more robust update plan and communications.

Thank you for your being part of the Blackthorn community, please contact us directly with any questions.

Stuart Croft, COO. Stuart@blackthorn.io

Andrea Adcock, Chief Product Officer, Andrea@blackthorn.io

Posted Jan 04, 2024 - 22:16 UTC
Resolved
This incident has been resolved.
Posted Jan 04, 2024 - 21:54 UTC
Update
The Blackthorn Engineering team recently updated security settings related to the connected application signing keys for our webapps.

If you are continuing to experience any issues with Blackthorn Paylink, DocumentLink, or Event Page URLs, we recommend re-authorizing the application to resolve the issue.

If you need additional help re-authorizing your applications or run into any issues, please create a system-impaired case using this link: https://community.blackthorn.io/s/support-request. Support is also available for live zoom support if your team needs additional help with re-authorization. Please request live support when submitting your support case if additional help is required.

DocumentLink:
To resolve this issue, we recommend reauthorizing the DocumentLink. Please note, for the authorization to work properly, you can only be logged into one Salesforce org.
Here are the instructions for reauthorizing: https://docs.blackthorn.io/docs/authorize-documentlink

Paylink:
To resolve this issue please reauthorize the PayLink by navigating to the “Blackthorn | PayLink” app, clicking "Authorize" blue checkmark, then clicking the "Grant Access" button.

Events:
The Blackthorn Events application can be successfully reauthorized with the following steps from our User Guide: https://docs.blackthorn.io/docs/configuration#authorize-the-app

Please let our Support Team know if you have any questions or concerns.
Posted Jan 02, 2024 - 23:31 UTC
Monitoring
The Blackthorn Engineering team recently updated security settings related to the connected application signing keys for our webapps. If you are continuing to experience any issues with Blackthorn Paylink, DocumentLink, or Event Page URLs, we recommend re-authorizing the application to resolve the issue.

DocumentLink:
To resolve this issue, we recommend reauthorizing the DocumentLink. Please note, for the authorization to work properly, you can only be logged into one Salesforce org.
Here are the instructions for reauthorizing: https://docs.blackthorn.io/docs/authorize-documentlink

Paylink:
To resolve this issue please reauthorize the PayLink by navigating to the "Blackthorn | PayLink" app.

Events:
The Blackthorn Events application can be successfully reauthorized with the following steps from our User Guide: https://docs.blackthorn.io/docs/configuration#authorize-the-app

Please let our Support Team know if you have any questions or concerns.
Posted Jan 02, 2024 - 19:08 UTC
This incident affected: Blackthorn Events, Blackthorn Payments, Blackthorn PayLink, Blackthorn DocumentLink, Blackthorn Donations, and Blackthorn Compliance.
Current Status Powered by Atlassian Statuspage