POST ​/api​/packages​/{packageId}​/attachment​/{attachmentId} Adds an attachment error 403

0 votes

Hi, i am trying to use the POST api /api​/packages​/{packageId}​/attachment​/{attachmentId} to add an attachment to a package but i always receive the below reply.

I am testing it through the swagger of the community portal. Any idea on the reason of the error?

{ "messageKey": "error.forbidden.operationNotAllowed", "technical": "User is not in a role to modify attachment.", "message": "Operation not allowed.", "code": 403, "name": "Access Denied" } 

Reply to: POST ​/api​/packages​/{packageId}​/attachment​/{attachmentId} Adds an attachment error 403

1 votes

Hi ceriagi1,


Please be aware that this API required the signer's the session who are assigned to upload the attachment. If you were using sender's API Key, OSS system will return you this error telling that only the signer has the permission to upload the attachment.

So if you want to programmatically upload an attachment on behalf of your signer, you'd:

(1)retrieve a signer's authentication token

POST /api/authenticationTokens/signer/multiUse

(2)get a session ID/Token out of this authentication token

GET /auth?signerAuthenticationToken={signerAuthenticationToken}

(3)when invoking the upload attachment call, include the session ID as a cookie header instead of using API Key.

Cookie: ESIGNLIVE_SESSION_ID={sessionToken}



Duo Liang OneSpan Evangelism and Partner Integrations Developer

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off