Sandbox API Key doesn't work with swagger page

Hi IlyaS,

Have you entered it completely like "Basic {your_api_key}" vs only input the API Key? 

Another underlying cause is the swagger page only connects to the US2 sandbox environment (https://sandbox.esignlive.com), so it won't work if your account is in other environments and you'd download the YAML file, edit it then load it in another swagger editor.

Duo

Hi Duo,

The environment is: https://sandbox.e-signlive.ca/ . I guess for Canadian sandbox it wouldn't work? The only way to test then is by calling direct via a REST client or from code?

Thanks,

Ilya

Hi Ilya,

Yeah, currently it only supports the US2 sandbox. And an API testing tool like Postman or SoapUI could come in handy before actually implementing with code.

Duo

Thanks Duo. Will try with Postman.

Regards,

Ilya

Hi Duo,

I tried getting the authentication token via Postman using the client ID and secret, but it doesn't seem to be working. Is there anything that I need to set differently (please see attached screenshot)?

Thanks in advance,

Ilya

Hi Ilya,

I'm afraid it won't work in this way, this is because the API OneSpan Sign exposed to generate access token doesn't restrictly fit the Client Credentials Flow, see below:

HTTP Request

POST /apitoken/clientApp/accessToken

HTTP Headers

Accept: application/json Content-Type: application/json

Request Payload

{ "clientId": "your_client_id", "secret": "your_client_secret", "type": "OWNER" }

The request body has to be JSON format, instead of the typical "application/x-www-form-urlencoded"

You can add a separate request hitting above endpoint. Then specify the bearer header as the authorization method for any subsequent API calls.

Duo

Thanks Duo, I was able to get the Authorization Token via the client/secret request.

When trying to use it, however, I get no session error:

{

    "code": 401,

    "messageKey": "error.unauthorised.noSession",

    "message": "Failed to retrieve Session",

    "name": "Unauthorized"

}

I don't think I need a body to retrieve packages, but then that would be a different error anyway.

Thanks again.

Ilya

Hi Ilya,

Should it be sandbox.e-signlive.ca vs apps.e-signlive.ca?

Duo

Hi Duo,

Tried it (https://sandbox.e-signlive.ca/api/packages/), but I get the same error.

{

    "messageKey": "error.unauthorised.noSession",

    "message": "Failed to retrieve Session",

    "code": 401,

    "name": "Unauthorized"

}

Regards,

Ilya

Do you mind having a quick try with my access token in CA sandbox? - 177f42f3ce102df3809cb1000f9900

Duo

Hmmm, yours works, and the only thing I changed was the token.

I just retrieved another token on my sandbox, and it started working too. I don't know why the first one did not work, I have not changed anything.

Thanks Duo regardless.

Ilya

Hello Duo,

Is there documentation on the path 'apitoken/clientApp/accessToken'? 

The only reference to 'apitoken/clientApp/accessToken' in the swagger file doesn't reference the required body. 

I would've expected to find it in one of the following links, but it wasn't present:

Integration | OneSpan Community Platform

OneSpan Sign Sandbox | OneSpan Community Platform

Thanks,

Kevin

Hi Kevin,

I described this API endpoint in one of my blogs:
OneSpan Sign Release 11.34: API Token for Client Application

HTTP Request

POST /apitoken/clientApp/accessToken

HTTP Headers

Accept: application/json Content-Type: application/json

Request Payload

{ "clientId": "your_client_id", "secret": "your_client_secret", "type": "OWNER" }

The available options for the field “type” are “OWNER” and “SENDER”. If the latter, “email” field is required:

{ "clientId": " your_client_id ", "secret": " your_client_secret ", "type": "SENDER", "email": "sender_email" }

Duo

That is exactly what I was after, thank you!