POST /api/packages/{packageId}/attachment/{attachmentId} Adds an attachment error 403
Friday, April 17, 2020 at 11:45amHi, i am trying to use the POST api /api/packages/{packageId}/attachment/{attachmentId} to add an attachment to a package but i always receive the below reply.
I am testing it through the swagger of the community portal. Any idea on the reason of the error?
{ "messageKey": "error.forbidden.operationNotAllowed", "technical": "User is not in a role to modify attachment.", "message": "Operation not allowed.", "code": 403, "name": "Access Denied" }
Reply to: POST /api/packages/{packageId}/attachment/{attachmentId} Adds an attachment error 403
Friday, April 17, 2020 at 12:22pmHi ceriagi1,
Please be aware that this API required the signer's the session who are assigned to upload the attachment. If you were using sender's API Key, OSS system will return you this error telling that only the signer has the permission to upload the attachment.
So if you want to programmatically upload an attachment on behalf of your signer, you'd:
(1)retrieve a signer's authentication token
POST /api/authenticationTokens/signer/multiUse
(2)get a session ID/Token out of this authentication token
GET /auth?signerAuthenticationToken={signerAuthenticationToken}
(3)when invoking the upload attachment call, include the session ID as a cookie header instead of using API Key.
Cookie: ESIGNLIVE_SESSION_ID={sessionToken}
Duo
Duo Liang OneSpan Evangelism and Partner Integrations Developer