IlyaS | Posts: 12

Sandbox API Key doesn't work with swagger page

0 votes

Hi,

 

I tried using the API Key (specified under the Authorize button) from under the sandbox account (not the Client ID & Secret) with the swagger page (https://community.onespan.com/products/onespan-sign/sandbox#/) where different calls can be tried out. However, the API key is not accepted. This is the response:

 

{ "messageKey": "error.unauthorised.noSession", "message": "Failed to retrieve Session", "code": 401, "name": "Unauthorized" }

 

Is there anything additional that needs to be done to use the swagger page?

 

Thanks in advance.


Duo_Liang | Posts: 3776

Reply to: Sandbox API Key doesn't work with swagger page

0 votes

Hi IlyaS,

 

Have you entered it completely like "Basic {your_api_key}" vs only input the API Key? 

Another underlying cause is the swagger page only connects to the US2 sandbox environment (https://sandbox.esignlive.com), so it won't work if your account is in other environments and you'd download the YAML file, edit it then load it in another swagger editor.

 

Duo

 

 


IlyaS | Posts: 12

Reply to:

0 votes

Hi Duo,

 

The environment is: https://sandbox.e-signlive.ca/ . I guess for Canadian sandbox it wouldn't work? The only way to test then is by calling direct via a REST client or from code?

 

Thanks,

 

Ilya


IlyaS | Posts: 12

Reply to: Sandbox API Key doesn't work with swagger page

0 votes

Hi Duo,

 

I tried getting the authentication token via Postman using the client ID and secret, but it doesn't seem to be working. Is there anything that I need to set differently (please see attached screenshot)?

 

Thanks in advance,

 

Ilya


Duo_Liang | Posts: 3776

Reply to: Sandbox API Key doesn't work with swagger page

1 votes

Hi Ilya,

 

I'm afraid it won't work in this way, this is because the API OneSpan Sign exposed to generate access token doesn't restrictly fit the Client Credentials Flow, see below:

HTTP Request

POST /apitoken/clientApp/accessToken

HTTP Headers

Accept: application/json Content-Type: application/json

Request Payload

{ "clientId": "your_client_id", "secret": "your_client_secret", "type": "OWNER" }

The request body has to be JSON format, instead of the typical "application/x-www-form-urlencoded"

You can add a separate request hitting above endpoint. Then specify the bearer header as the authorization method for any subsequent API calls.

3-2-1

 

Duo

 


IlyaS | Posts: 12

Reply to:

0 votes

Thanks Duo, I was able to get the Authorization Token via the client/secret request.

 

When trying to use it, however, I get no session error:

{

    "code": 401,

    "messageKey": "error.unauthorised.noSession",

    "message": "Failed to retrieve Session",

    "name": "Unauthorized"

}

 

I don't think I need a body to retrieve packages, but then that would be a different error anyway.

 

Thanks again.

 

Ilya

 


IlyaS | Posts: 12

Reply to:

0 votes

Hi Duo,

 

Tried it (https://sandbox.e-signlive.ca/api/packages/), but I get the same error.

 

{

    "messageKey": "error.unauthorised.noSession",

    "message": "Failed to retrieve Session",

    "code": 401,

    "name": "Unauthorized"

}

 

Regards,

 

Ilya


IlyaS | Posts: 12

Reply to:

0 votes

Hmmm, yours works, and the only thing I changed was the token.

 

I just retrieved another token on my sandbox, and it started working too. I don't know why the first one did not work, I have not changed anything.

 

Thanks Duo regardless.

 

Ilya


Kevin.Chrzanowski | Posts: 4

Reply to:

0 votes

Hello Duo,

Is there documentation on the path 'apitoken/clientApp/accessToken'? 

The only reference to 'apitoken/clientApp/accessToken' in the swagger file doesn't reference the required body. 

I would've expected to find it in one of the following links, but it wasn't present:

Integration | OneSpan Community Platform

OneSpan Sign Sandbox | OneSpan Community Platform

Thanks,

Kevin


Duo_Liang | Posts: 3776

Reply to:

1 votes

Hi Kevin,

 

I described this API endpoint in one of my blogs:
OneSpan Sign Release 11.34: API Token for Client Application

HTTP Request

POST /apitoken/clientApp/accessToken

HTTP Headers

Accept: application/json Content-Type: application/json

Request Payload

{ "clientId": "your_client_id", "secret": "your_client_secret", "type": "OWNER" }

The available options for the field “type” are “OWNER” and “SENDER”. If the latter, “email” field is required:

{ "clientId": " your_client_id ", "secret": " your_client_secret ", "type": "SENDER", "email": "sender_email" }

 

Duo


Kevin.Chrzanowski | Posts: 4

Reply to: Sandbox API Key doesn't work with swagger page

0 votes

That is exactly what I was after, thank you!


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off