demellor | Posts: 46

Get Senders Roles (Rights)

0 votes

We are using subaccounts and I want to see what senders have rights in the main account and each subaccount.  Any suggestions on the API call to use?  I have access to the sender API keys and unique IDs if that helps.


Duo_Liang | Posts: 3776

Reply to: Get Senders Roles (Rights)

0 votes

Hi Richard,

 

Sorry for the late reply! As you may have known, because the Roles & Permissions and Subaccounts are still evolving features, for the time being, OneSpan Sign doesn't suggest integrated users to leverage these features. However if you already get started, there's an API to get sender roles:

GET /api/account/senders/{senderId}/account/{subaccountId}/roles

Example Response:

[
  {
    "permissions": [
      "sender_admin.custom_fields",
      ......
      "sender_admin.role"
    ],
    "enabled": true,
    "description": "esl.account.account_role.default_role.owner.description",
    "predefined": true,
    "inherited": false,
    "numericId": 2,
    "id": "owner",
    "name": "esl.account.account_role.default_role.owner.name",
    "data": null
  },
  {
    "permissions": [
      "transaction.change_signer",
      "sender_admin.event_notification",
      "groups.group_signing_management",
      "sender_admin.subscription",
      "sender_admin.reports"
    ],
    "enabled": true,
    "description": "My Customized Role Description",
    "predefined": false,
    "inherited": false,
    "numericId": 73,
    "id": "dc996466-8a0a-40d2-a9fb-461de2c2fab7",
    "name": "My Customized Role",
    "data": null
  }
]

If you authenticate this API with account owner's API Key under the main account level, it returns you the specific sender roles under a certain subaccount

This requires you to invoke sender numbers * subaccount numbers APIs which is not desired, but I temporary didn't find a better way to bulk pull the data.

I've also created some sample codes if you want to follow this path:

            string apiKey = "your_api_key";
            string apiUrl = "https://sandbox.esignlive.com/api";
            OssClient client = new OssClient(apiKey, apiUrl);


            //step1: get a list of senders (IDs)

            List<Sender> senderList = new List<Sender>();
            IDictionary<string, Sender> accountMembers;
            int i = 1;            
            do
            {
                accountMembers = client.AccountService.GetSenders(Direction.ASCENDING, new PageRequest(i, 100));
                senderList.AddRange(accountMembers.Values);
                i += 100;
            } while (accountMembers.Count == 100);

 

            //step2: get a list of subaccount IDs
            IList<Account> subaccountList = client.AccountService.getSubAccounts();

 

            //step3: loop through the list and query sender roles

            foreach (Account subaccount in subaccountList)
            {
                string subaccountId = subaccount.Id;
                foreach (Sender sender in senderList)
                {
                    string senderId = sender.Id;
                    HttpClient myHttpClient = new HttpClient();
                    myHttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", apiKey);
                    myHttpClient.DefaultRequestHeaders.Add("Accept", "application/json");
                    var response = myHttpClient.GetAsync(new Uri(apiUrl + $"/account/senders/{senderId}/account/{subaccountId}/roles")).Result;
                    JArray senderRoles = JArray.Parse(response.Content.ReadAsStringAsync().Result);

                    var defaultRoles = new Dictionary<string, string>()
                    {
                        { "esl.account.account_role.default_role.owner.name", "Admin"},
                        { "esl.account.account_role.default_role.manager.name", "Manager"},
                        { "esl.account.account_role.default_role.member.name", "Sender"}
                    };


                    StringBuilder sb = new StringBuilder(50);

                    foreach (JObject senderRole in senderRoles)
                    {
                        string name = senderRole.GetValue("name").ToString();
                        if (defaultRoles.ContainsKey(name)) {
                            name = defaultRoles[name];
                        }
                        sb.Append(name).Append("; ");
                    }

                    Debug.WriteLine($"subaccount: {subaccountId}; sender: {senderId}; roles: {sb.ToString()}");

                }
            }
 

 

Duo


demellor | Posts: 46

Reply to: Get Senders Roles (Rights)

0 votes

Thank you for the code. I'm willing to use Roles, Subaccounts and the rest of it while OneSpan finishes it's enhancements.  We need the reports for the Annual Security Audits required by State policy. 


demellor | Posts: 46

Reply to: Get Senders Roles (Rights)

0 votes

Using the code below:

 

                OssClient oClient = new OssClient(GlobalVars.CurrentapiKey, GlobalVars.CurrentapiUrl);
                //Sender s =  oClient.AccountService.GetSender();
                // s.`
                //step1: get a list of senders (IDs)

                List<Sender> senderList = new List<Sender>();
                IDictionary<string, Sender> accountMembers;
                int i = 1;
                do
                {
                    accountMembers = oClient.AccountService.GetSenders(Direction.ASCENDING, new PageRequest(i++, 100));
                    senderList.AddRange(accountMembers.Values);
                } while (accountMembers.Count == 100);

 

from the sample it thinks I have over 22K users, which with only about 300 seems like an issue.  Is that because of subaccounts or something in the code?


Duo_Liang | Posts: 3776

Reply to: Get Senders Roles (Rights)

0 votes

Do you mean that you can't retrieve 300 (out of all 22K) senders through the ".GetSenders()" function? If that's the case, could you send your account owner's email to [email protected] so that I can take a closer look at your account's structure?

Otherwise, did you hit any specific error?

 

Duo


demellor | Posts: 46

Reply to: Get Senders Roles (Rights)

0 votes

I mean the code returns over 22K users but I only have around 300.  

 

I got it to "work" by just grabbing 300 and calling it "all" of them but the logic getting them would be a better long term solution.  It was returning names more than once from what I could tell.


Duo_Liang | Posts: 3776

Reply to: Get Senders Roles (Rights)

0 votes

Hi Richard,

 

You are right! I made a mistake in the code logic, and didn't find it because I didn't have a 100+ senders account to test. Sorry about that! 

 

            int i = 1;
            do
            {
                accountMembers = client.AccountService.GetSenders(Direction.ASCENDING, new PageRequest(i, 100));
                senderList.AddRange(accountMembers.Values);
                i += 100;
            } while (accountMembers.Count == 100);

 

Duo


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off