Skip to main content

BluB0X and BluSKY API Integration Testing and Certification Process


The purpose of this document is to outline the comprehensive process for testing and certifying integrations with the BluSKY Restful API, provided by BluB0X. This certification ensures that integrations meet the highest standards of functionality, security, and compatibility, adhering to both BluB0X's requirements and industry-wide best practices.

The scope of this process includes all third-party applications and services seeking to integrate with BluSKY. It applies to new integrations and significant updates to existing integrations. The process is designed to ensure that these integrations work seamlessly with BluSKY, providing a secure, reliable, and efficient user experience. 

This document will guide developers and companies through the necessary steps to achieve certification, covering aspects such as compliance with API specifications, security standards, testing procedures, and ongoing maintenance requirements.

Pre-Certification Requirements

Before initiating the testing and certification process, the following pre-certification requirements must be met:

  • API Compliance: Integrations must adhere strictly to the BluSKY API documentation. This includes using the correct API endpoints, following the specified request and response formats, and adhering to rate limits.
  • Security and Privacy Compliance: Integrations must comply with relevant security standards (such as SSL/TLS encryption for data transmission) and privacy regulations (like GDPR, HIPAA, etc.). This includes implementing robust data protection and user privacy measures.
  • Documentation: Provide comprehensive documentation of the integration, including architecture diagrams, data flow diagrams, and detailed descriptions of how the integration interacts with the BluSKY API.
  • Pre-Testing: Conduct initial testing to ensure basic functionality and compatibility. This should include unit tests and integration tests that cover all aspects of the interaction with the BluSKY API.
  • Environment Setup: Set up a suitable testing environment that mirrors the BluSKY production environment as closely as possible, ensuring that tests are valid and reliable.

Meeting these requirements is crucial for proceeding to the actual testing and certification stages.

Testing Process

The testing process is a critical phase in ensuring that the integration meets BluB0X and BluSKY standards. It consists of the following steps:

  • Functional Testing: This involves verifying that all functionalities of the integration work as expected with the BluSKY API. It includes testing all API calls, data retrieval, and update mechanisms.
  • Performance Testing: Assess the integration's performance under different conditions, including load testing to evaluate how it handles high volumes of requests and data.
  • Security Testing: Conduct security assessments, including vulnerability scans and penetration tests, to ensure that the integration is secure against potential threats.
  • Compatibility Testing: Verify that the integration is compatible with various environments and platforms that BluSKY supports. This ensures that the integration works seamlessly across different user scenarios.
  • User Acceptance Testing (UAT): Conduct tests to ensure the integration meets the end users' needs and expectations, simulating real-world usage scenarios.

Upon successful completion of these tests, the integration can be submitted for certification review. Documentation of all test cases, results, and any issues identified and resolved during testing should be included in the submission.

Certification Submission

After completing the testing process, the next step is to submit the integration for certification. This submission should include:

  • Technical Documentation: Provide detailed documentation of the integration, including its architecture, data flows, and interaction with the BluSKY API.
  • Test Results: Submit comprehensive test reports from the testing phase, including functional, performance, security, and compatibility tests.
  • Security Compliance Certificates: If applicable, include certificates or proof of compliance with relevant security standards and regulations.
  • Certification Application: Complete and submit the certification application form provided by BluB0X, which includes details about the integration and the developing entity.

BluB0X will review the submission to ensure compliance with BluSKY API standards and industry best practices. The review process, including expected timelines and criteria for evaluation, should be clearly communicated to the applicants.

Certification Approval

The certification approval phase involves the following key elements:

  • Criteria for Approval: The integration must meet specific standards for functionality, performance, security, and compatibility with the BluSKY API. The criteria will be based on the comprehensive test results and documentation provided.
  • Review and Decision: BluB0X's review team will assess the submission against the established criteria. This process includes verifying test results, examining security measures, and ensuring compliance with API specifications.
  • Notification Process: Applicants will be notified of the decision via email or a designated communication channel. Successful applicants will receive a certification document, while unsuccessful applicants will get detailed feedback for improvement.
  • Publication: Upon approval, the integration may be listed in BluB0X’s directory of certified integrations, if applicable, enhancing visibility and credibility in the user community.


Once certification is granted, the following steps ensure the ongoing effectiveness and compliance of the integration:

  • Maintenance and Updates: Regularly update the integration to align with the latest BluSKY API changes, security patches, and industry standards. Provide a schedule for routine maintenance and updates.
  • Monitoring and Compliance Checks: Implement continuous monitoring to ensure the integration functions as expected. BluB0X may conduct periodic compliance checks to ensure ongoing adherence to standards.
  • Reporting and Communication: Establish a protocol for reporting any issues, changes, or updates related to the integration. Maintain open communication channels with BluB0X for any support or guidance needed.

Revocation and Re-Certification

  • Criteria for Revocation: BluB0X reserves the right to revoke certification if the integration fails to maintain compliance with BluSKY API standards, security requirements, or performance benchmarks. Additionally, significant changes to the integration or violations of user privacy and data protection policies may trigger revocation.
  • Re-Certification Process: In case of revocation or significant updates to the integration, the entity must undergo the re-certification process. This involves re-submitting updated documentation, demonstrating compliance with current BluSKY API standards, and undergoing a fresh round of testing as per the updated guidelines.


  • Appendix A: BluSKY API Reference Guides: This section provides detailed information on the BluSKY API, API Guidance, Acceptable Use Policy and Terms of Use Policy including endpoints, data formats, authentication methods, and best practices.
  • Appendix B: Example Test Cases and Scenarios: A collection of sample test cases and scenarios that demonstrate how to effectively test the integration for functionality, security, and performance.
  • Appendix C: Compliance Checklists and Templates: Checklists and templates to assist in ensuring that the integration meets all necessary compliance standards and BluB0X’s certification requirements.
  • Appendix D: API Misuse and Abuse Criteria for Certification Denial

Appendix B: Example Test Cases and Scenarios

These test cases and scenarios provide a structured approach to validating the functionality and integration capabilities of the BluSKY API, ensuring a robust and reliable integration.

1. Access Level Group Retrieval

  • Test Case: Retrieve Access Level Groups
  • Scenario: Use the `GET api/v1/AccessLevelGroups` endpoint to retrieve a list of AccessLevelGroupViewModels.
  • Expected Result: The API token successfully fetches a list of AccessLevelGroupViewModels.

2. Access Level Verification

  • Test Case: Verify Access Levels Including Deleted Items
  •  Scenario: Utilize `GET api/v1/AccessLevels?IncludeDeleted={IncludeDeleted}` to return a list of AccessLevelViewModels, including those marked as deleted.
  • Expected Result: The API returns a comprehensive list including deleted AccessLevelViewModels.

3. Access Control Systems (ACS) Check

  • Test Case: Fetch List of Access Control Systems
  • Scenario: Implement a call to `GET api/v1/ACSystems` to acquire a list of SystemViewModels.
  • Expected Result: The system returns a list of all available SystemViewModels viewable by the API token.

4. Badge Template Lookup

  • Test Case: Retrieve Badge Template Information
  • Scenario: Execute `GET api/v1/Badges` to obtain a list of available Badge Templates.
  • Expected Result: The API token successfully retrieves a list of Badge Templates.

5. Contact Item Retrieval

  • Test Case: List Contact Item Types
  • Scenario: Use `GET api/v1/ContactItems` to fetch a list of ContactItemTypeViewModels.
  • Expected Result: A list of ContactItemTypeViewModels is successfully retrieved.

6. Facility Information Gathering

  • Test Case: Acquire Facility Details
  • Scenario: Invoke `GET api/v1/Facilities` to gather information on various facilities.
  • Expected Result: A detailed list of FacilityViewModels is provided.

7. Occupancy Data Fetching

  • Test Case: Obtain Occupancy Information
  • Scenario: Use `GET api/v1/Occupancies?IncludeDeleted={IncludeDeleted}` to access occupancy details.
  • Expected Result: The API returns a list of Occupancies, including any that are deleted.

8. User Check-In Process

  • Test Case: Assign Card to User on Check-In
  • Scenario: Implement `POST api/v1/Users/SP1CheckIn` to assign a card to a user during check-in.
  • Expected Result: The system assigns a card to the user or creates a new one if it doesn't exist.

9. User Addition and Role Assignment

  • Test Case: Add User and Assign Role
  • Scenario: First, add a user via `POST api/v1/Users`, then assign a role using `POST api/v1/Users/{id}/UserRoles`.
  • Expected Result: A user is added to the system, and a role is successfully assigned.

10. Card Assignment to User

  • Test Case: Assign Card to Existing User
  • Scenario: Execute `POST api/v1/Users/{id}/UserCards` to add a card to an existing user.
  • Expected Result: The card is successfully added to the user, and a primary key of UserCard entry is returned.

Appendix C: Compliance Checklists and Templates

Compliance Checklist for BluSKY API Integration

1. API Compliance

  • Adherence to BluSKY API specifications and endpoints.
  • Correct usage of request and response formats.
  • Compliance with rate limits.

2. Security and Privacy Compliance

  • Implementation of SSL/TLS for data transmission.
  • Compliance with data protection and privacy regulations (e.g., GDPR, HIPAA).
  •  Robust data encryption and protection measures.

3. Functional Testing

  • Verification of all features and functionalities.
  • Coverage of all BluSKY API interactions.

4. Performance Testing

  • Assessment under various load conditions.
  • Evaluation of response times and error rates.

5. Security Testing

  • Vulnerability scans and penetration tests.
  • Identification and mitigation of security risks

6. Compatibility Testing

  • Testing across different environments and platforms.
  • Verification of seamless operation in diverse user scenarios.

7. Documentation

  • Comprehensive technical documentation.
  • Detailed description of interaction with BluSKY API.
  • Test cases and results documentation.

8. Maintenance and Updates

  • Regular updates for compatibility with BluSKY API changes.
  • Implementation of security patches and standards updates.

Template for BluSKY API Integration Compliance Report

Integration Name: [Integration Name]

Developer/Company: [Developer/Company Name]

Date: [Date of Report]

1. API Compliance Report

  • [Details of API compliance]

2. Security and Privacy Report

  • [Details of security and privacy measures]

3. Testing Summary

  • Functional Testing: [Summary of functional testing results]
  • Performance Testing: [Summary of performance testing results]
  • Security Testing: [Summary of security testing results]
  • Compatibility Testing: [Summary of compatibility testing results]

4. Documentation

  • [Details about the provided documentation]

5. Maintenance and Update Plan

  • [Outline of maintenance and update schedule]

Certification Status Recommendation: [Recommended status based on compliance]

This checklist and template provide a structured framework for ensuring and documenting compliance with the BluSKY API integration requirements.

Appendix D: API Misuse and Abuse Criteria for Certification Denial

1. Excessive Data Exposure: Over-fetching or exposing more data than necessary.

2. Rate Limit Ignorance: Making too many API calls in a short period, overwhelming the system.

3. Insecure Direct Object References (IDOR): Allowing users to access data by altering the value of a parameter.

4. Lack of Resource & Rate Limiting: Not limiting the resources an API user can request.

5. Insufficient Logging & Monitoring: Failing to keep logs of API activity, hindering anomaly detection.

6. Inadequate Authentication: Weak or absent authentication mechanisms for API access.

7. Poor Endpoint Protection: Leaving API endpoints without proper security, making them vulnerable to attacks.

8. Improper Authorization: Allowing users to perform actions beyond their permissions.

9. Parameter Tampering: Allowing external input to modify data or SQL queries.

10. Injection Flaws: SQL, NoSQL, or command injection vulnerabilities.

11. Mismanagement of Sensitive Data: Inadequate protection of sensitive data like credentials and personal information.

12. Lack of Encryption: Not encrypting data in transit, making it susceptible to interception.

13. Hardcoding Sensitive Data: Embedding sensitive information like keys and tokens in the code.

14. Failing to Handle Errors Gracefully: Revealing too much information in error messages.

15. Versioning Neglect: Not properly versioning the API, leading to compatibility and security issues.

Adherence to these criteria is crucial for ensuring the security and integrity of integrations with BluSKY.

  • Was this article helpful?