Integration model

The OneSpan Identity Verification integration model is geared towards simplicity and security. System-to-system integration is done using the OneSpan Identity Verification REST API (for more information, see OneSpan Identity Verification REST API).

Authentication

The access to the API is authenticated through two-legged OAuth2 with a JSON Web Token (JWT). OneSpan support provides a JWT to OneSpan Identity Verification customers; this JWT is used to restrict access to resources authorized for a given tenant (transactions, providers, data sources etc.). Effectively, the JWT Bearer schema is used as client credentials for API requests.

  1. PUT /api/transaction/ HTTP1.1

  2. Host: onespan.com

  3. Accept: application/json, text/javascript

  4. Authorization: Bearer 00D50000000IehZ\!

  5.   AQcAQH0dMHZfz972Szmpkb58urFRkgeBGsx...

  6.  
  7. {
  8.   "tenant_id":"5e52d7b8-8b18-41a4-9187-d4ce75af6815",
  9.   "workflow_id":"80b601c9-f102-4761-9eaa-90ba8fcb58b6",

  10.   "urlSetKey":"default",
  11.   "brand_id:"a089f718-f12d-4b13-b82e-e1d8b324337d",

  12.   "language":"english",

  13.   "users": [...],

  14.   "documents": [...]

  15. }

JSON Web Tokens

The OneSpan Professional Services Team will provide the access token, which will be used by the client when creating transactions.

Scopes: tenant_access

Access token

HEADER: Algorithm and token type

  1. {

  2. "alg":"HS384"

  3. "typ":"JWT"

  4. }

PAYLOAD: Data

  1. {

  2.   "scope": [

        "tenant_access"

  3.   ],
  4.   "exp": 3698071610,
  5.   "jti": "5fbe2af0-fa42-4a47-9fe4-14b150b26180"
  6.   "client_id": "onespan"
  7. }

TOKEN:

eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJ0ZW5hbnRfYWNjZXNzIl0sImV4cCI6MY5ODA3MTYxMCwianRpIjoiNWZiZTJhZjAtZmE0Mi00YTQ3LTlmZTQtMTRiMTUwYjI2MTgwIiwiY2xpZW50X 2lkIjoiZGVhbGZsbyJ9.HxaQSMs27jIlXz9ZB1tZy3-LN8w3p_67bn-jFe9Nf4nepIfpwHu4xoX_
  gjeiLSzQ

Session token

HEADER: Algorithm and token type

  1. {

  2. "alg":"HS384"

  3. "typ":"JWT"

  4. }

PAYLOAD: Data

  1. {

  2.   "session": {

        "role": "Borrower"

  3.   },

      "scope": [

        "session_creation_authorization_code"

  4. ],
  5.   "transaction_uuid": "322c8c60-2b82-4ac4-90d5-54ca1fee130b,
  6.   "exp": 1550591677,
  7.   "jti": "d6562c41-e0d4-4f03-8b72-455d691b44d6",
  8.   "client_id": "onespan"
  9. }

TOKEN:

eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uIjp7InJvbGUiOiJCb3Jyb3dlciJ9LCJzY29wZSI6WyJzZXNzaW9uX2NyZWF0aW9uX2F1dGhvcml6YXRpb25fY29kZSJdLCJ0cmFuc2FjdGlvbl91dWlkIjoiMzIyYzhjNjAtMmI4Mi00YWM0LTkwZDUtNTRjYTFmZWUxMzBiIiwiZXhwIjoxNTUwNTkxNjc3LCJqdGkiOiJkNjU2MmM0MS1lMGQ0LTRmMDMtOGI3Mi00NTVkNjkxYjQ0ZDYiLCJjbGllbnRfaWQiOiJkZWFsZmx
vIn0.7Sa-H9SvN9DT9nK4_Jsdcct2oyNdVW2fC9g6aOrhBG Fbor-FuwG3QL9bL0PaHu-2