Duo_Liang submitted January 9 2019

A Java Stand-alone application that runs at client side.

 

Prerequisite:
This tool is encapsulated as an Executive Jar, so you need to install the JRE/JDK environment in order to run the Jar.

 

Supported Function:

1. Allow using API KEY or email/password as a credential.

2. Loading all packages of all sender under your main account within a period of time.(0 <= timeDiff <= 365)

3. Allow specifying save folder.

4. Download Completed Packages:

4.1 Allow to select partial of completed packages

4.2 For each package, download a zip file including evidence summary and all signed documents.

5. Export Packages as CSV file:

5.1 Two Options -- export only completed packages or export package of all status.(not include deleted packages)

 

 

Update 1.6.9.1: 2024/02/13

1. Add duplicate filename handling for file download process.

 

Update 1.6.8: 2023/08/04

1. Increase the sender limitation to 2000. Also see release note "Update 1.6.0".

 

Update 1.6.7: 2023/06/07

1. Allow to filter transactions by keyword (transaction name and description), sender (sender email, Id, f/lname) and status (multi-select).

2. Now the reports include either selected transactions (before it was completed transactions), or transactions of all statuses.

 

Update 1.6.6: 2023/06/06

-Add a new function bulk delete selected transactions. Users can expect a warning dialog to double confirm before final delete.

 

Update 1.6.5.2: 2023/04/21

-Use system proxy as default

-Escape downloaded documents' names

-Add transaction ID as a suffix to downloaded evidence summary ("Evidence Summary_C_ejhz7t2XqlHiEodYrdo1beMXc=.pdf") and uploaded attachments folder ("Uploaded Attachments_C_ejhz7t2XqlHiEodYrdo1beMXc="), so that if you have select multiple zip files in a folder and choose "Extract Files...", the extracted evidence summary and attachments folders won't overwrite each other.

 

Update 1.6.5: 2023/04/19

-Allow to customize the name of the downloaded PDFs. An additional toggle was added to the left bottom of the panel to enter the name formula.

-The default value is "{document_name}", and the other available placeholders are "transaction_name", "transaction_id", "transaction_desc", "document_name", "document_id", "document_desc", "fieldname:your_field_name", "fieldid:your_field_id".

-For example you have a label field "client_name" that you want to make as part of the document name, your formula could be like "{document_name} - {fieldname:client_name}".

 

Update 1.6.4: 2023/03/28

1.Allow to select draft transactions from list

2.For non-integrated users, resolved an issue when using login credentials.

 

Update 1.6.3: 2023/03/16

-Add time zone support.

 

Update 1.6.2: 2023/03/16

-Add export fields CSV functionality, to export a list of all transactions with their field data in CSV format. Rename packages to transactions in UI labels.
 

Update 1.6.1: 2023/02/03

-Move project to Maven file structure with POM file. Rename esignlive package to OneSpan.

 

Update 1.6.0: 2022/12/14

-For accounts with more than 1,000 senders, instead of looping through senders and retrieve each senders' transactions, the tool now uses transaction summary API. This significantly improves the performance in this case, however some features will be disabled, e.g. to download flattened PDF or to download signer attachments. Also, the exported report will miss some columns, e.g. signer list, document list, transaction attributes, etc.

 

Update 1.5.5: 2022/11/22

-Fixed a bug where the selected file path was not correct for Mac users.

 

Update 1.5.4: 2022/11/04

-Added an index at the front of each line.

 

Update 1.5.2: 2021/12/10

-Fixed a bug in version 1.5.1 where if the account has Roles & Permissions turned on and the tool might not read the admin user's permissions properly.

 

Update 1.5.1: 2021/12/01

-Added an additional option to download flattened documents. This option will be turned off by default (download active documents by default), hence it won't affect your normal usage.

 

Update 1.5.0: 2021/11/23

-For accounts who has turned on the "Roles & Permissions" feature, as of release 11.45, a new permission "Manage users’ transactions, templates, layouts (API)" has been introduced. This has changed the way how the tool retrieves the transactions and downloads signed documents & evidence summary. 

-Despite the complexity in code upgrade, the end users of the tool simply need to make sure your admin account has at least "API Access" and "Manage users’ transactions, templates, layouts (API)" permissions to manage all your senders' transactions.

Note:
(1)Accounts that hasn't turned on the RnP feature won't be affected by this upgrade.

(2)Considering Production environments are still in 11.44 release, I've also attached the v1.4.2 tool for the backward compatibility.

(3)For now, "Admin" role won't be automatically granted the new permissions, hence you will need to manually create a customized role and assign the role to your admin user. Also, "Admin" user won't be able to edit their own account role through UI, you will need to either edit through another admin user, or contact support team to have your account set up properly.

 

Update 1.4.2: 2021/10/01

-When the account has turned on the “Roles & Permissions” feature:

1. Removed the logic to query every sender’s Account Role For better performance

2. Adapted the response handling for API “GET /api/account/senders/{senderId}/roles” 

 

Update 1.4.1: 2021/03/17

1. Set JVM default locale as Locale.US.

 

Update 1.4.0: 2021/03/04

1. Support entering API Client ID + Secret as login credentials. 

 

Update 1.3.8: 2021/02/25

1. Add a retry mechanism for most core outbound APIs

2. Add an option to enable logging capability - user needs to toggle the option and select a directory to store log files. This log file WON'T store your API Key / login credentials, but still may include sensitive information, hence it's important to keep the log files in a secured location or remove it after execution.

 

Update 1.3.7: 2021/02/23

1. The tool now supports accounts with Roles & Permission feature turned on. Make sure the input user has the "Admin" role. 

 

Update 1.3.6: 2021/02/17

1. Allow to list and download not completed transactions.

 

Update 1.3.5: 2020/11/04

1. Date Picker is editable now.

 

Update 1.3.4: 2020/10/30

1. fixed a bug introduced by previous code change that failed to load transactions when logged in user is a regular member. 

 

Update 1.3.3: 2020/10/16

1. Retrieve the usage report before loading all packages, and only loads partial senders and package statuses accordingly. This optimization helps to reduce outbound API calls.
2. provide support for accounts enabled sub-account feature. Because subaccount is still an evolving feature, please make a post or leave a comment below if it doesn't work for your account.

 

Update 1.3.1: 2020/09/24

1. if enabled Roles & Permission, sender role will be reflected as the actual role(s) in CSV report - there's a known issue that even if a sender has "Admin" role, if the sender's type is "Regular" instead of "Manager", the sender still missed some API access.

2. allowed to select only completed or archived packages for downloading

3. offered an option to avoid downloading signed documents

4. better UI auto-sizing

 

Update 1.3.0: 2020/09/18

1. introduced multiple language support for Spanish and Brazilian Portuguese, localization includes all the UI labels and the downloaded file names.

2. add an option to include signer attachments. Attachments are downloaded individually with naming convention of {attachment_name}_{signer_full_name}_{actual_uploaded_file_name}

3. refactored the string encoding to better support accent characters

 

Update 1.2.1: 2020/09/04

1. allow on-premise users to specify custom instance URL.

 

Update 1.2.0: 2020/08/20

1. fix an issue that the tool failed to connect through proxy when username + password are specified.

 

Update 1.1.9: 2020/04/20

1. fix a CSV display issue when sender's first/last name, or the package name contains comma. The tool will surround double quotation marks to the string in these cases.

 

Update 1.1.8: 2020/04/17

1. removed the limitation that only pulls senders with status of "ACTIVE", that's because in many cases, senders are auto-provisioned and therefore might be active in PENDING status.

2.Now the tool only won't pull senders with "LOCKED" status, this is because suspended sender's API Key can't be directly used to pull packages. It's a known limitation that if there are still ongoing packages under a suspended sender, these packages won't be retrieved.

 

Update 1.1.7: 2020/03/26

1. add the proxy capability, allow to manually choose proxy ip/port or use a proxy script, also allow proxy authentication

2. fixed a bug that previous versions won't export trashed packages in the report (this is because the package retrieval API won't return trashed packages)

3. provide an extra option to choose whether to export packages to the report where the sender is just a signer (sender is not the package owner)

 

 

If you have any questions or suggestions on this tool, please feel free to make a post!

Rate this Code Share

Comments

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo....General comment/question:  I find it slightly annoying that when you come this codeshare page you must scroll all the way to the bottom, then select the "last" page to be brought to the query I raised.  Any thought in changing the order to have the most current updates on the first page, thus eliminating the scrolling?

Thanks, Anne-Marie

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo....General comment/question:  I find it slightly annoying that when you come this codeshare page you must scroll all the way to the bottom, then select the "last" page to be brought to the query I raised.  Any thought in changing the order to have the most current updates on the first page, thus eliminating the scrolling?

Thanks, Anne-Marie

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo,

Good morning! Are you planning to publish the new version of the tool with Log4j vulnerability fix?

Thanks! Geejov 

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo...quick question...does this tool work for Sub-Accounts?  I have run the latest .jar and I am not getting the packages that were created after it was made a sub-account, under the Parent Account.  Only packages displayed belong to the account BEFORE it was made a child/sub-account.  Thanks Anne-Marie

Reply to:

0 votes

Hi Anne-Marie,

 

From my test, the tool should work with Subaccount and Roles&Permissions features. Quick question - what's the account role of your API Key/Login credentials holder? As described in this blog, you will need the new permission "Manage users' transactions, templates, layouts (API)" in order to manage other senders' transactions. However, Admin and Manager role don't by default has this permission enabled, you'll need to create a custom role and assign the new role to your admin user, so that the permissions will add on.

 

Duo

Reply to:

0 votes

Hi Anne-Marie,

 

Can you share these information to [email protected] so that I can take a closer look at the issue?

(1)The OSS environment (2)The subaccount owner's email (3)An example package ID that was created after the migration but didn't get pulled (4)An example package ID that get pulled before migration

 

Duo

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo....we just ran the .jar again and now the documents are showing on the report.  Could it be that you have to wait overnight (xxhrs) for the permission update to occur.  I just ran another .jar on the 3rd account we moved to SubAccount (we just added the new role & permission 20 minutes ago) and the packages aren't displaying.  I will run the .jar again tomorrow morning and confirm that is the case and confirm we indeed are getting the listing with all the transactions recorded.  Thanks Anne-Marie

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo....I just ran "OneSpan Sign - Package Export & Download Tool - v1.5.2.jar" and the report is not displaying "Declined or Expired" packages.  Should it?  I had thought in the past I had seen those statuses.

Thanks,

AM

Reply to:

0 votes

Thanks for the information! Just did a quick test with my CA production account, and I can successfully grab the DECLINED transaction:
4-27-1

Quick questions, those two transactions are created by t**.m**@s**.com, are you connecting the jar tool via Tara's API Key? or account owner's API Key? Can you see other transactions created by Tara? If given a larger time range, are there any DECLINED/EXPIRED transactions?

 

Duo

Reply to:

0 votes

Hi again....I looked at the report that is generated as part of the 'In-App' reporting that is generated via the Account and seen on the WEB UI Dashboard under the reports link.  That was how i could confirm that the packages still existed. 

What i need to do is download these packages that are in "Declined" status, hence why i was running  the .jar.  Should the report that is generated via the .jar not list these packages as well?

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hello, 

We received a business request to bulk download historical packages older than 365 days. 

I understand that this tool has a limitation of 365 days (0 <= timeDiff <= 365) but after speaking with OneSpan support, they advised that I ask developers in this forum.

Is it possible to by-pass the 365 days limitation in order to download packages older than 365 days? 

Thank you! 

 

 

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi, 

We have recently introduced Forced SSO in one of our client's account. After that SSO implementation user is no longer able to login to this application via the credentials method. Can you please provide insights in to the API key login method and also are there any security implications if we use the API key method to login?

Is it safe to login via API key method, please share if there are any disadvantages of logging in via the API key method. I am assuming if OneSpan has given the capability to login via API key method it must be secure but i read on the integration documentation below mentioned points: Are the below mentioned points applicable to the package export and download tool?

API Keys

While API keys can be used with OneSpan Sign, we recommend that you use Client Apps instead. Clients Apps are more flexible and help reduce the number of potential security vulnerabilities.

Client apps provide the following benefits over API Keys:

  • With Client Apps access can be created, rotated, or revoked as needed. API Keys are fixed, and thus if you want to make any access changes you will need to contact our Support Team.

  • Multiple Client Apps can be used if you have multiple integrations configured. This helps to limit the scope of any fraudulent attack on your system. Conversely, only one API Key is provided for all integrations.

  • Client Apps use temporary tokens to allow API access, which are only available for a brief period of time. API Keys do not expire, and thus any breach will require you to contact our Support Team.

Reply to:

0 votes

Hi Vibhore,

 

Exactly like the documentation stated, comparing to the API Key, API Token is more suggested to use in the integrations as it's more flexible and secure. If you preferred, I would like to upgrade the tool and add the API Token capability.

 

Duo

Reply to:

0 votes

Hi Duo, 

Thanks for your response. I can see from the apps UI that API token login method is already there. I am attaching  screenshot for better understanding. Can you please tell me the steps on using the API token method for users. Also, the other logging in using API key method mention on the login page for this application is secure or not?

If forced SSO is enabled on our OneSpan Esign application does that impact Package Export and Download tool login credentials as well? Post SSO user got the error as mentioned in the screenshot, any solution to overcome this?

Hi Please check this screenshot for the login methods available and error we are getting for user credentials being invalid after forced SSO implementation.

 

Reply to:

0 votes

Hi Vibhore,

 

For your questions:

(1)You can refer to my blog "API Token for Client Application" for the detailed steps on how to register an oAuth client

(2)Using API Key is still considered as secured, it's just less suggested than using the API Token

(3)I can confirm that the error in screenshot is caused because your account has enabled login SSO. In that case, using login credentials will no longer be an option and you will have to use either API Key or Token instead.

 

Duo

 

 

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi, 

We have recently introduced Forced SSO in one of our client's account. After that SSO implementation user is no longer able to login to this application via the credentials method. Can you please provide insights in to the API key login method and also are there any security implications if we use the API key method to login?

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo,

The tool does not allow the download of the documents corresponding to the signature flows carried out by users of the tool. When starting the download process, the document packages are not generated. Version 1.5.2 was previously available and version 1.5.5 was downloaded but the problem persists.
Can you tell us what we can do to correct the problem?

the program does nothing

Reply to:

0 votes

Hi Omar,

 

Thanks for reaching out to us! Some quick questions before we go further:
(1)How did the loading summary page look like? Did it list all the senders and if there are available completed transactions?

11-30-1

 

(2)Does the tool work with other time range? Or if you use a wider range of time, did the tool fetch any transactions? Any pattern like the tool only pulls transactions created by the logged in email?

 

Duo

 

Reply to:

0 votes

(1)How did the loading summary page look like? Did it list all the senders and if there are available completed transactions?

A: For the download, everything was requested, completed or not completed, signature formats and attachments, but it does not download anything.

(2)Does the tool work with other time range?

A: No, we have tried several months and days and it does not generate the information.

Or if you use a wider range of time, did the tool fetch any transactions?

A: We have made consultation by days and by month, or by ranges, no record will be generated.

Any pattern like the tool only pulls transactions created by the logged in email?

A: Yes, in the parameterization of the extraction it was indicated that it must download all the signature flows made by the users registered in the tool. 

 

 

Reply to:

0 votes

(1)How did the loading summary page look like? Did it list all the senders and if there are available completed transactions?

A: For the download, everything was requested, completed or not completed, signature formats and attachments, but it does not download anything.

(2)Does the tool work with other time range?

A: No, we have tried several months and days and it does not generate the information.

Or if you use a wider range of time, did the tool fetch any transactions?

A: We have made consultation by days and by month, or by ranges, no record will be generated.

Any pattern like the tool only pulls transactions created by the logged in email?

A: Yes, in the parameterization of the extraction it was indicated that it must download all the signature flows made by the users registered in the tool. 

 

 

Reply to:

0 votes

Hi Duo,


We are waiting to do the session, please tell us how we can communicate with you in a meet.


We also want to see if it could be something internally that prevents the tool from downloading the documentation. Can you tell us if there is any port that should be checked or what services must be enabled for communication in the tool.

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo,
 

I am getting a "pointer null" exception while trying to use this tool over proxy. Please note I am using Client App credentials. Can you have a look what might causing this error?

 

Exception

GET https://apps.esignlive.com.au/apitoken/clientApp/accessToken : 502
java.lang.NullPointerException
at java.io.Reader.<init>(Unknown Source)
at java.io.InputStreamReader.<init>(Unknown Source)
at com.esignlive.bulkDownloadTool.service.RestService.doPost(RestService.java:229)
at com.esignlive.bulkDownloadTool.service.SenderService.injectAccountVo(SenderService.java:219)
at com.esignlive.bulkDownloadTool.service.EndpointService.testConnection(EndpointService.java:28)
at com.esignlive.bulkDownloadTool.view.Process1$5$1.run(Process1.java:311)
at java.lang.Thread.run(Unknown Source)
Exception in thread "Thread-4" java.lang.NullPointerException
at com.esignlive.bulkDownloadTool.data.UserData.info(UserData.java:73)
at com.esignlive.bulkDownloadTool.view.Process1$5$1.run(Process1.java:326)
at java.lang.Thread.run(Unknown Source)

 

Thanks

Maruf 

Reply to:

0 votes

Hi Maruf,

 

The root cause of this issue is the 502 error when calling this API (POST https://apps.esignlive.com.au/apitoken/clientApp/accessToken). I did a quick test with a similar setup but can't reproduce the same error, see below screenshot:
12-9-1

Some quick questions before we go further:
(1)Any chance you can execute the tool with a different internet setup, or without the proxy, will the error persist?

(2)What happens if you use API Key or login credentials instead of the API Token, with and without proxy?

 

Duo

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo....

I ran the latest v1.6.0 and no data is being populated in the Document List or Signer list columns.  This is critical info for us.  Was a change made to remove data/not populate these columns.  

 

Thanks, Anne-Marie

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hi Duo,

Where in the code can I change the filename of the downloaded files? Or is it automatically given by the API?

 

Grts,

Eduardo

Reply to:

0 votes

Hi Eduardo,

 

Sorry for missing your reply! If we are talking about the source codes in this code share for version 1.5.2. The download function, for example to download signed documents only, can be found at class PackageService.java > line 86-103:

    private void downloadPackage_signedDocumentsOnly(PackageVo packageVo, String packageName) throws Exception {
        if (!new File(UserData.folderPath).exists()) {
            new File(UserData.folderPath).mkdirs();
        }
        try {
            byte[] doGetByteArray = RestService.getInstance().doGetByteArray(
                    UserData.apiUrl + "/packages/" + packageVo.getId() + "/documents/zip", packageVo.getAccountVo());
            String fileName = packageName + " _ " + packageVo.getId();
            fileName = FileUtil.validateFileName(fileName);

            File targetFile = new File(UserData.folderPath + "\\" + fileName + ".zip");
            System.out.println(targetFile.getAbsolutePath());
            targetFile.createNewFile();
            FileUtils.writeByteArrayToFile(targetFile, doGetByteArray);
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }

 

You can customize the file name around the highlighted lines.

 

Duo

Reply to:

0 votes

Hi Eduardo,

 

No worries! Take the same downloadPackage_signedDocumentsOnly() function for example, you can use codes around below lines to get the sender's name:

            String senderName = packageVo.getReportVO().getFirst_Name() + " " + packageVo.getReportVO().getLast_Name();


            String fileName = senderName + "_" + packageName + " _ " + packageVo.getId();

 

Duo

Reply to: OneSpan Sign - Transaction Export & Download Tool - v1.6.9.1

0 votes

Hello!  I've been using this tool for the last 6-8 months with no issue and this month I'm not getting the error message below.  Has anyone else experienced this or have any ideas on what the issue may be?

Connection test fail - error message

Thank you!

Reply to:

0 votes

Hi Allison,

 

Thanks for using the tool! Could you kindly try with the latest version 1.6.5.2? There's a update note from 2023/3/28 mentioning "For non-integrated users, resolved an issue when using login credentials.", which I think could be related to your issue. Let me know if this resolves your issue.

 

Duo

 

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off