demellor

Get Senders Roles (Rights)

0 votes

We are using subaccounts and I want to see what senders have rights in the main account and each subaccount.  Any suggestions on the API call to use?  I have access to the sender API keys and unique IDs if that helps.

Richard DeMello


Reply to: Get Senders Roles (Rights)

0 votes

Hi Richard,

 

Sorry for the late reply! As you may have known, because the Roles & Permissions and Subaccounts are still evolving features, for the time being, OneSpan Sign doesn't suggest integrated users to leverage these features. However if you already get started, there's an API to get sender roles:

GET /api/account/senders/{senderId}/account/{subaccountId}/roles

Example Response:

[
  {
    "permissions": [
      "sender_admin.custom_fields",
      ......
      "sender_admin.role"
    ],
    "enabled": true,
    "description": "esl.account.account_role.default_role.owner.description",
    "predefined": true,
    "inherited": false,
    "numericId": 2,
    "id": "owner",
    "name": "esl.account.account_role.default_role.owner.name",
    "data": null
  },
  {
    "permissions": [
      "transaction.change_signer",
      "sender_admin.event_notification",
      "groups.group_signing_management",
      "sender_admin.subscription",
      "sender_admin.reports"
    ],
    "enabled": true,
    "description": "My Customized Role Description",
    "predefined": false,
    "inherited": false,
    "numericId": 73,
    "id": "dc996466-8a0a-40d2-a9fb-461de2c2fab7",
    "name": "My Customized Role",
    "data": null
  }
]

If you authenticate this API with account owner's API Key under the main account level, it returns you the specific sender roles under a certain subaccount

This requires you to invoke sender numbers * subaccount numbers APIs which is not desired, but I temporary didn't find a better way to bulk pull the data.

I've also created some sample codes if you want to follow this path:

            string apiKey = "your_api_key";
            string apiUrl = "https://sandbox.esignlive.com/api";
            OssClient client = new OssClient(apiKey, apiUrl);


            //step1: get a list of senders (IDs)

            List<Sender> senderList = new List<Sender>();
            IDictionary<string, Sender> accountMembers;
            int i = 1;
            do
            {
                accountMembers = client.AccountService.GetSenders(Direction.ASCENDING, new PageRequest(i++, 100));
                senderList.AddRange(accountMembers.Values);
            } while (accountMembers.Count == 100);

 

            //step2: get a list of subaccount IDs
            IList<Account> subaccountList = client.AccountService.getSubAccounts();

 

            //step3: loop through the list and query sender roles

            foreach (Account subaccount in subaccountList)
            {
                string subaccountId = subaccount.Id;
                foreach (Sender sender in senderList)
                {
                    string senderId = sender.Id;
                    HttpClient myHttpClient = new HttpClient();
                    myHttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", apiKey);
                    myHttpClient.DefaultRequestHeaders.Add("Accept", "application/json");
                    var response = myHttpClient.GetAsync(new Uri(apiUrl + $"/account/senders/{senderId}/account/{subaccountId}/roles")).Result;
                    JArray senderRoles = JArray.Parse(response.Content.ReadAsStringAsync().Result);

                    var defaultRoles = new Dictionary<string, string>()
                    {
                        { "esl.account.account_role.default_role.owner.name", "Admin"},
                        { "esl.account.account_role.default_role.manager.name", "Manager"},
                        { "esl.account.account_role.default_role.member.name", "Sender"}
                    };


                    StringBuilder sb = new StringBuilder(50);

                    foreach (JObject senderRole in senderRoles)
                    {
                        string name = senderRole.GetValue("name").ToString();
                        if (defaultRoles.ContainsKey(name)) {
                            name = defaultRoles[name];
                        }
                        sb.Append(name).Append("; ");
                    }

                    Debug.WriteLine($"subaccount: {subaccountId}; sender: {senderId}; roles: {sb.ToString()}");

                }
            }
 

 

Duo

Duo Liang OneSpan Evangelism and Partner Integrations Developer


Reply to: Get Senders Roles (Rights)

0 votes

Thank you for the code. I'm willing to use Roles, Subaccounts and the rest of it while OneSpan finishes it's enhancements.  We need the reports for the Annual Security Audits required by State policy. 

Richard DeMello


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off