4 Authentication end-points
Tuesday, June 23, 2020 at 11:16amThe documentation talks about ApiKeyAuth (being deprecated) and ApiTokenAuth (recommended replacement).
Apparently a "Client Id" + "Secret" is combined to create a "Token" but I don't know how this is done for API's below.
I am not clear on "single use" vs "multi-use".
I am not clear on "sender authentication" token vs "signer"
AUTHENTICATION TOKENs calls…
/api/authenticationTokens/user Creates a new authentication token. Single-use, expires after 30min's (configurable)
/api/authenticationTokens/sender Creates a new sender authentication token.
/api/authenticationTokens/signer/multiUse Creates a new multi-use signer authentication token.
/api/authenticationTokens/signer/singleUse Creates a new single use signer authentication token.
Reply to: 4 Authentication end-points
Tuesday, June 23, 2020 at 01:16pmHi Mike,
Welcome to OneSpan Sign and thanks for the post!
For API Token, it's a replacement of API Key, which is used at the integrated system side to authenticate the API calls. For an example usage, check this blog "API Token for Client Application"
On the other side, the authentication token carries the user session information, which is used to authenticate links. For example:
(1)/api/authenticationTokens/user
create a session token for the current API key/token holder. Building a link with this token could allow accessing current API key/token holder's sender portal, like below link:
https://sandbox.esignlive.com/auth?authenticationToken={userToken}&target=https://sandbox.esignlive.com/a/dashboard
(2) /api/authenticationTokens/sender
create a session token for a particular sender. Mostly works together with designer page link:
https://sandbox.esignlive.com/auth?senderAuthenticationToken={senderToken}&target=https://sandbox.esignlive.com/a/transaction/{packageId}/designer
With this token, you can build a designer link with limited access where the end user can't view any other transaction pages. (because the package designer is not necessary to be the API key/token holder)
(3) /api/authenticationTokens/signer/multiUse or /singleUse
create a session token for a signer of a package. This token allows you to build a signing link for signer to access the signing ceremony. You only leverage this token when you deliver the signing link yourself (versus delivering by the out-of-the-box activate email)
Multi/Single use means whether the link is still reusable after the first visit. For example, for a link containing single-use token, you can't use it to access the signing ceremony from a different device after the first device has used the link.
Duo