New API architecture - Trusted Identity Platform API v1.0

3 votes

Hi All,

Just a quick post about the Intelligent Adaptive Authentication, OneSpan Cloud Authentication, and Risk Analytics (IAA/OCA/RA) monolithic API architecture that is currently rolling out through the Trusted Identity Platform sandbox and soon the production environments.  This new API architecture replaces the original REST API's used with IAA and RA.  To recap the old IAA REST API architecture, contained 8 endpoints, userregister, checkactivationstatus, eventtransaction, login, transaction, checksessionstatus, userunregister and trusteddevicecmd.  The old RA REST API's added two more endpoints to the list for bulk file uploads.  These API's bundled a number of hidden components behind them, but attempted to make the integration easy for developers.  We believe the new API architecture will make things even easier by laying out the API's in an easy to understand structure.

The new platform API architecture will encompass a single approach for all of the Trusted Identity Platform authentication solutions, including Intelligent Adaptive Authentication, OneSpan Cloud Authentication and OneSpan Risk Analytics (IAA/OCA/RA).  The platform API has standardized the REST service calls so that all endpoints will now begin with the platform version (since this is the first version of the platform API's, the release version will be v1).  In addition to how the endpoint versioning is being handled, the response handling (including error responses) is also being standardized across all of the endpoints, so that the return from each end point will be a standardized return allowing for more simplistic coding.  The new structure will classify different operational groupings for the endpoints, and a more normalized set of REST calls within those operational groups.  All of these changes will create a better environment for developers to interact and deploy new authentication mechanisms across a wide range of applications.

Here is a quick list of the operational groups that can be seen for v1 of the platform API.  Authenticators, this grouping will have all of the REST API's that will deal with interacting directly with an authenticator or DIGIPASS token. Bulkfile Uploads, this grouping will replace the traditional RA bulkfile uploads and will allow users to submit many transaction in a single bulkfile that can then be analyzed by the Risk Analytics service. Device Commands, this grouping is to interact with the Mobile Security Suite and Mobile Authenticator Studio by processing trusted device commands.  Events, these are the authentication requests, for logins, or other non-monetary (not having to do with money) authentication requests.  Provisioning, this grouping handles the activation and provisioning of an authenticator to a user.  Sessions, this API allows for developers to monitor the progress of an event or transaction validation.  Transactions, these are the other authentication requests that deal with money and validation of a monetary transaction. Users, this operational grouping is where all of the user interactions happen, most developers will integrate these calls into administration backend interfaces. And finally, Visual Codes, this set of API's allow for generation of Cronto codes or traditional black and white QR codes.  All of these new groupings and the associated API's can be viewed in the swagger documentation associated with your TID IAA/OCA/RA sandbox tenant or here in the community portal.

We believe these changes will make your life as a developer working with OneSpan easier.  We have a long history of creating developer interfaces to make adding authentication to your projects fast and easy and trouble free.  This is the next step in that long line.  Please let us know if you have any questions.

Will LaSala

Sr. Director of Global Solutions, Security Evangelist

M: +1 978 666 4495 
O: +1 508 281 6670 x. 6326

[email protected]

OneSpan, Inc.

VASCO and eSignLive are now OneSpan. 
See our transformation at 

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off