pearl4ever | Posts: 8

Unauthorised and NoSession

0 votes
Whenever I make request to the https://sandbox.esignlive.com/api, I am getting the following error message {"messageKey":"error.unauthorised.noSession","message":"Failed to retrieve Session","code":401,"name":"Unauthorized"}. I am using visual studio for development. I have break point at the request line. On the first request it always gives me Unauthorized error and when I drag the code execution to the same request again I am getting the results with status code (200) OK and data correctly. If it is a problem with my API key, then the request should always return Unauthorized message, but it happens only on the first call.

harishaidary | Posts: 1812

Reply to: Unauthorised and NoSession

0 votes
Hi there, Would you be able to share your code so I can run some tests? Also, please double check your api key and the environment URL. https://developer.esignlive.com/forums/search/Failed+to+retrieve+Session/

pearl4ever | Posts: 8

Reply to: Unauthorised and NoSession

0 votes
Below is the detail about the request URL and my API key. I took the API key from sandbox login as said in the sample or forum. https://sandbox.esignlive.com/api/packages?type=TEMPLATE //Request URL
HttpClient myClient = new HttpClient();
myClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", "api_key");//API key
myClient.DefaultRequestHeaders.Add("Accept", "application/json,application/zip,text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
HttpResponseMessage packageStatusResponse = myClient.GetAsync(new Uri(url)).Result;
I have written some samples for sending the package and the same issue happens there, like on first request it gives Unauthorised status, then drag the call again to the same request it works and sends the package also. I have attached the fiddler request snap for your consideration which also gives the Unauthorised status in the response.

pearl4ever | Posts: 8

Reply to: Unauthorised and NoSession

0 votes
Attached the fiddler request snapshot

Attachments
harishaidary | Posts: 1812

Reply to: Unauthorised and NoSession

0 votes
Your sample code works on the first try for me (see attached screenshot). I noticed that your Content-Type is set to "text/json". Can you try changing it to "application/json" and see if that resolves the issue? I also removed your API key from this post.

harishaidary | Posts: 1812

Reply to: Unauthorised and NoSession

0 votes
Screenshot

Attachments
pearl4ever | Posts: 8

Reply to: Unauthorised and NoSession

0 votes
I tried today also changing the Content-Type: application/json but still getting the same error Unauthorised using the fiddler. I have attached the screenshot for your consideration. What are all the other possibilities for this type of error. And also I tried using the Silanis.ESL.dll version 11.8 which gives me different problem.
  DocumentPackage documentPackage = PackageBuilder.NewPackageNamed("Package from template via Dlls " + DateTime.Now)
                    .WithSettings(DocumentPackageSettingsBuilder.NewDocumentPackageSettings())
                    .DescribedAs("Package from template via Dlls")
                    .WithEmailMessage("This message should be delivered to all signers")
                    .WithStatus(DocumentPackageStatus.SENT)
                    .WithVisibility(Visibility.ACCOUNT)
                    .WithAutomaticCompletion()

                    // Define the 1st signer first and last name
                    .WithSigner(SignerBuilder.NewSignerWithEmail(contract.emailAddress)
                                             .WithFirstName(contract.firstName)
                                             .WithLastName(contract.lastName)
                                             .Replacing(new Placeholder(placeHolderId1)))

                    // Define the 2nd signer first and last name
                    .WithSigner(SignerBuilder.NewSignerWithEmail(contract.emailAddressSigner2)
                                             .WithFirstName(contract.firstNameSigner2)
                                             .WithLastName(contract.lastNameSigner2)
                                             .Replacing(new Placeholder(placeHolderId2)))

                    .WithDocument(DocumentBuilder.NewDocumentNamed("Electronic Disclosures and Signatures Consent"))

                    // Define the document
                    .WithDocument(DocumentBuilder.NewDocumentNamed("sample_contract2")
                                        .WithInjectedField(FieldBuilder.Label()
                                            .WithName("FirstName")
                                            .WithValue(contract.firstName))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("LastName")
                                            .WithValue(contract.lastName))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("Email")
                                            .WithValue(contract.emailAddress))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("Company")
                                            .WithValue(contract.company))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("Address")
                                            .WithValue(contract.address))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("City")
                                            .WithValue(contract.city))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("State")
                                            .WithValue(contract.state))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("Country")
                                            .WithValue(contract.country))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("Zip")
                                            .WithValue(contract.zip))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("PhoneNumber")
                                            .WithValue(contract.phone))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("PolicyNumber")
                                            .WithValue(contract.policyNumber))
                                        .WithInjectedField(FieldBuilder.TextField()
                                            .WithName("PolicyNumberSigner2")
                                            .WithValue(contract.policyNumberSigner2))

                ).Build();

 string templateId = "tMs3tH1EWD3uKKQCgaLbjG64f-A=";
                PackageId templatePackage = new PackageId(templateId);
                EslClient eslClient = new EslClient(Constants.SANDBOX_API_KEY, Constants.SANDBOX_URL);
sentPackageId = eslClient.CreatePackageFromTemplate(templatePackage, documentPackage);
It gives me exception as Document fileName must be set. Kindly suggest how to proceed further on the both issues. Thanks in advance.

Attachments
Capture-1.gif200.56 KB
harishaidary | Posts: 1812

Reply to: Unauthorised and NoSession

0 votes
For the SDK code, you need to define the location of the PDF document with ".FromFile()" method. As for the unauthorized error, is it only on the get template call that it happens? or on every call you try to make? And can you confirm it works the second time?

pearl4ever | Posts: 8

Reply to: Unauthorised and NoSession

0 votes
It happens for the all the request. The first request response is always Unauthorised, when you drag it in visual studio for the same request again it works fine. Today also I tried with Retrieve package by id for which the first response Unauthorised and you drag it again it works fine. Regarding the SDK sample will try and let you know.

pearl4ever | Posts: 8

Reply to: Unauthorised and NoSession

0 votes
Today when I tried with SDK sample, the same Unauthorized error it gives. Below is the exception details Silanis.ESL.SDK.EslServerException: Could not create a new package. Exception: The remote server returned an error: (401) Unauthorized. HTTP POST on URI https://sandbox.esignlive.com/api/packages. Optional details: {"messageKey":"error.unauthorised.noSession","message":"Failed to retrieve Session","code":401,"name":"Unauthorized"} ---> Silanis.ESL.SDK.EslServerException: The remote server returned an error: (401) Unauthorized. HTTP POST on URI https://sandbox.esignlive.com/api/packages. Optional details: {"messageKey":"error.unauthorised.noSession","message":"Failed to retrieve Session","code":401,"name":"Unauthorized"} ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Silanis.ESL.SDK.Internal.HttpMethods.PostHttp(String apiToken, String path, Byte[] content) --- End of inner exception stack trace --- at Silanis.ESL.SDK.Internal.HttpMethods.PostHttp(String apiToken, String path, Byte[] content) at Silanis.ESL.SDK.RestClient.Post(String path, String jsonPayload) at Silanis.ESL.SDK.Services.PackageService.CreatePackage(Package package) --- End of inner exception stack trace --- at Silanis.ESL.SDK.Services.PackageService.CreatePackage(Package package) at Silanis.ESL.SDK.EslClient.CreatePackage(DocumentPackage package) at Silanis.ESL.SDK.EslClient.CreateAndSendPackage(DocumentPackage package). I used the code sample (7389_Car_Loan_Net) obtained from the eSignLive quick demo or from the forum and changed the signer email's and file path. Even the SDK is throwing Failed to retrieve Session exception.
 class CarLoanApplication
    {
        private static string API_KEY = "";
        private static string API_URL = ""; //e.g. https://sandbox.esignlive.com/api
        public static void start()
        {
            EslClient eslClient = new EslClient(API_KEY, API_URL);

            DocumentPackage documentPackage = PackageBuilder.NewPackageNamed("Car Loan Application")
                .WithSigner(SignerBuilder.NewSignerWithEmail("[email protected]")
                        .WithFirstName("John")
                        .WithLastName("Smith")
                        .WithCustomId("Signer1")
                        .WithSMSSentTo("418-555-5585")
                        .WithAttachmentRequirement(AttachmentRequirementBuilder.NewAttachmentRequirementWithName("Driver license")
                            .WithDescription("Please upload a copy of your driver license.")
                            .IsRequiredAttachment()
                            .Build()))
                .WithSigner(SignerBuilder.NewSignerWithEmail("[email protected]")
                        .WithFirstName("Patty")
                        .WithLastName("Galant")
                        .WithCustomId("Signer2")
                        .ChallengedWithQuestions(ChallengeBuilder.FirstQuestion("What's 1+1?")
                            .Answer("2")))
                .WithDocument(DocumentBuilder.NewDocumentNamed("Car Loan Agreement")
                        .FromFile("../4B-CarLoan.pdf")
                        .EnableExtraction()
                        .WithSignature(SignatureBuilder.SignatureFor("[email protected]")
                                .WithName("applicant_signature")
                                .WithPositionExtracted()
                                .WithField(FieldBuilder.SignatureDate()
                                        .WithName("Date")
                                        .WithPositionExtracted())
                                .WithField(FieldBuilder.CheckBox()
                                        .WithName("agree")
                                        .WithPositionExtracted())
                                .WithField(FieldBuilder.RadioButton("radioGroup")
                                        .WithName("radio1")
                                        .WithPositionExtracted()
                                        .WithValue("X"))
                                .WithField(FieldBuilder.RadioButton("radioGroup")
                                        .WithName("radio2")
                                        .WithPositionExtracted())
                                .WithField(FieldBuilder.RadioButton("radioGroup")
                                        .WithName("radio3")
                                        .WithPositionExtracted()))
                        .WithSignature(SignatureBuilder.SignatureFor("[email protected]")
                                .WithName("coapplicant_signature")
                                .WithPositionExtracted())
                        .WithInjectedField(FieldBuilder.TextField()
                                .WithName("amount")
                                .WithValue("50000"))
                        .WithInjectedField(FieldBuilder.TextField()
                                .WithName("applicant_name")
                                .WithValue("John Smith"))
                        .WithInjectedField(FieldBuilder.TextField()
                                .WithName("applicant_email")
                                .WithValue("[email protected]"))
                        .WithInjectedField(FieldBuilder.TextField()
                                .WithName("coapplicant_email")
                                .WithValue("[email protected]"))
                        .WithInjectedField(FieldBuilder.TextField()
                                .WithName("coapplicant_name")
                                .WithValue("Patty Galant"))
                        .WithInjectedField(FieldBuilder.TextField()
                                .WithName("radio5")
                                .WithValue("X"))
                        )
                .Build();

            PackageId packageId = eslClient.CreateAndSendPackage(documentPackage);
        }
    }
Kindly suggest solution to proceed further.

harishaidary | Posts: 1812

Reply to: Unauthorised and NoSession

0 votes
A 401 error is an authentication issue. I ran the code above using your api key and I was successful in creating a package. Let's setup a screensharing session so I can have a better understanding of what is really going on. You can send me an email at [email protected] with your availability.

test_sn | Posts: 1

Reply to: Unauthorised and NoSession

0 votes
Hi, i have a same error with soapUi , Have you found a solution for erro 401? Thanks

Duo_Liang | Posts: 3776

Reply to: Unauthorised and NoSession

0 votes
Hi test_sn, Can you double check with your api key and the environment URL, and which environment are you currently in? Are you using REST api or SDK? Besides that, are you using a proxy connecting to OneSpan Sign? Can you try hitting GET /api/sysinfoor eslClient.getSystemService().getApplicationVersion() in SDK to test your connection with OneSpan Sign? Duo

cindy | Posts: 380

Reply to:

0 votes

Hi Duo,

we tried to use proxy to connect to Saas, we got the same issue, 1st call gets 401, then the next request is working. 

error return: 

{"messageKey":"error.unauthorised.noSession","message":"Failed to retrieve Session","code":401,"name":"Unauthorized"}

 

any idea?

 

thanks, 


Duo_Liang | Posts: 3776

Reply to:

0 votes

Hi Cindy,

 

Is it consistent that the first call always fails? Which particular API or function caused this 401 error, or any API or function as long as it's the first call? 

Are you developing with Java, .NET SDK or RESTful API? API Key vs API Token? Could you share the code around how you build the EslClient or HttpClient? 

 

Duo


cindy | Posts: 380

Reply to:

0 votes

Hi Duo,

we found out that without proxy (via internet) we don't have issue at all, so we suspect this is the proxy issue. since I saw somebody post the exact the same issue here but doesn't found the root cause and solution. from your experience, do you have any idea?

 

thanks,

Cindy


Duo_Liang | Posts: 3776

Reply to:

0 votes

Hi Cindy,

 

The 401 error could indicate:

#1 The connection doesn't get blocked by proxy

#2 However somehow the request header "Authorization" is either removed or changed by the proxy.

Hence are you able to pull the outbound raw request from your proxy server? Does the proxy allow you to test against it via another HTTP client (e.g. Postman/Curl from your local)? Or any possible to test through another proxy?

 

Duo


cindy | Posts: 380

Reply to:

0 votes

Hi Duo,

the strange thing is only failed at 1st time or 2nd time for the same request, the subsequent request are all successful, if the connection the request header "Authorization" is removed or changed, why the subsequent requests are successful.

I will try to see if I can get raw request from our proxy server, is it possible to ask Onespan to look at sandbox log to see what request they got? why onespan return 401 for 1st time? 

Yes, I tried to test from SOA test from my local and got the same result via same proxy. 

Another thing I want to ask is the error message (401)we got as below, but actually it's nothing to do with session, right? I tested it, as I mentioned that once getting successful request, all the subsequent ones are successful without any time period, so I suspect nothing to do with session. please confirm.

{
    "messageKey" : "error.unauthorised.noSession",
    "message" : "Failed to retrieve Session",
    "code" : 401,
    "name" : "Unauthorized"
}

 

 


Duo_Liang | Posts: 3776

Reply to:

0 votes

Yes, the error message is not necessary related to session. If you simply hit this link:

"https://sandbox.esignlive.com/api/packages/07YTkf-tiKA0IBdIm5hvAI-cPzE=" in your browser (It's a GET /api/packages/{packageId} call, refers to a package created by me)

it returns you the same error message.

 

Duo


cindy | Posts: 380

Reply to:

0 votes

I see, I removed "Authorization: Basic ${API_KEY}" in the header, I got 401 all the times. 

by the way, is it possible to check sandbox log to see what Onespan get for the 401 error? 

 

this is my request:

GET https://sandbox.esignlive.com/api/packages/5uQLpwRrjhuSmtYG5oaioxQwXBc= HTTP/1.0
Host: sandbox.esignlive.com
Authorization: Basic RExxxQ==
Accept: application/json; esl-api-version=11.21

thanks,

Cindy


Duo_Liang | Posts: 3776

Reply to:

0 votes

Hi Cindy,

 

Just consulted with our support team and seems due to security concern, the "Authorization" header won't be logged no matter whether it's included in the request. 

 

Duo


cindy | Posts: 380

Reply to: Unauthorised and NoSession

0 votes

thanks for the information. meanwhile, I am trying to see if I can get raw request from our proxy. 

BTW, I tested from Postman ->Proxy ->SaaS, and I am getting the same result.


cindy | Posts: 380

Reply to: Unauthorised and NoSession

0 votes

Hi Duo,

Regarding this issue, I found out the difference between successful request vs error one (401), the difference is Cookie. if there is Cookie, it's successful, and it gets 401 without Cookie. does it make sense to you? 

Successful one:


GET https://sandbox.e-signlive.ca/api/packages/oaSfJlDW19aMSi9fnWR8EVjv9o0= HTTP/1.1
Host: sandbox.e-signlive.ca
Authorization: Basic NldxxQ==
Accept: application/json; esl-api-version=11.21
Cookie: BCSI-CS-1a37b6c6e9fad08c=1

Error One: 

GET https://sandbox.e-signlive.ca/api/packages/oaSfJlDW19aMSi9fnWR8EVjv9o0= HTTP/1.1
Host: sandbox.e-signlive.ca
Authorization: Basic NlxxQ==
Accept: application/json; esl-api-version=11.21

 


Duo_Liang | Posts: 3776

Reply to:

0 votes

Hi Cindy,

 

As per below article, seems this cookie is set by proxy server and to determine if to forward credentials upstream - This is to avoid leaking enterprise credentials to an external server in most cases. Leaking credentials would be a serious security risk, especially when Basic credentials were used.

https://knowledge.broadcom.com/external/article/200712/what-is-the-http-header-bcsics-cookie-se.html

 

Duo


cindy | Posts: 380

Reply to:

0 votes

thanks for the information. Does Onespan check cookie in the request? I will check with our proxy team to see why sometimes it set the cookie, and sometimes not.

but from Onespan, it seems the request with cookie is successful.

 

Cindy


cindy | Posts: 380

Reply to:

0 votes

Hi Duo,

I tried the one flow as our application server -> Proxy ->SaaS.

I have same request if it's sending to US sandbox, it is working fine, but if it's sending to CA sandbox, I got the below error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Is there any setting different between US and CA sandbox?

thanks,

Cindy

 


Duo_Liang | Posts: 3776

Reply to:

0 votes

Hi Cindy,

 

Please make sure either the root CA or leaf certificate of CA sandbox environment has been added to your JRE trust chain, as per below documentation:

https://community.onespan.com/documentation/onespan-sign/guides/admin-guides/user/updating-certificates

If this still doesn't work, can you try connecting to CA sandbox without proxy? 

 

Duo


cindy | Posts: 380

Reply to: Unauthorised and NoSession

0 votes

Hi Duo,

thanks for the information. after i import the cert in my trust store, it works.

in the cert which I download from your website, it contains 3 certification. what's the purpose for each certificate (eSignlive.ca, globalSign, globalSign GCC)? and which one should be imported? 

thanks,

Cindy

 


cindy | Posts: 380

Reply to: Unauthorised and NoSession

0 votes

leaf cert will be expired on Nov 2021, and root cert will be expired on 2029, and currently I imported root cert and seems working. 


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off