Integration model

The OneSpan Identity Verification integration model is geared towards simplicity and security. System-to-system integration is done via the OneSpan Identity Verification REST API. For more information, see OneSpan Identity Verification REST API.

Authentication

Authentication for access to the OneSpan Identity Verification REST API happens via two-legged OAuth2 with a JSON Web Token (JWT). OneSpan support provides a JWT to OneSpan Identity Verification customers. This token is used to restrict access to resources that are authorized for a given tenant, such as transactions, providers, or data sources. Effectively, the JWT Bearer schema is used as client credentials for API requests.

  1. PUT /api/transaction/ HTTP1.1
  2. Host: onespan.com
  3. Accept: application/json, text/javascript
  4. Authorization: Bearer 00D50000000IehZ\!
  5.   AQcAQH0dMHZfz972Szmpkb58urFRkgeBGsx...
  6.  
  7. {
  8.   "tenant_id":"5e52d7b8-8b18-41a4-9187-d4ce75af6815",
  9.   "workflow_id":"80b601c9-f102-4761-9eaa-90ba8fcb58b6",
  10.   "urlSetKey":"default",
  11.   "brand_id:"a089f718-f12d-4b13-b82e-e1d8b324337d",
  12.   "language":"english",
  13.   "users": [...],
  14.   "documents": [...]
  15. }

JSON Web Tokens

The OneSpan Professional Services Team provides the access token, which will be used by the client when creating transactions.

  • Scopes: tenant_access

Access token

Header: Algorithm and token type

  1. {
  2. "alg":"HS384"
  3. "typ":"JWT"
  4. }

Payload: Data

  1. {
  2.   "scope": [
  3.     "tenant_access"
  4.   ],
  5.   "exp": 3698071610,
  6.   "jti": "5fbe2af0-fa42-4a47-9fe4-14b150b26180"
  7.   "client_id": "onespan"
  8. }

Token

eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJ0ZW5hbnRfYWNjZXNzIl0sImV4cCI6MY5ODA3MTYxMCwianRpIjoiNWZiZTJhZjAtZmE0Mi00YTQ3LTlmZTQtMTRiMTUwYjI2MTgwIiwiY2xpZW50X 2lkIjoiZGVhbGZsbyJ9.HxaQSMs27jIlXz9ZB1tZy3-LN8w3p_67bn-jFe9Nf4nepIfpwHu4xoX_
  gjeiLSzQ

Session token

Header: Algorithm and token type

  1. {
  2. "alg":"HS384"
  3. "typ":"JWT"
  4. }

Payload: Data

  1. {
  2.   "session": {
  3.     "role": "Borrower"
  4.   },
  5.   "scope": [
  6.     "session_creation_authorization_code"
  7. ],
  8.   "transaction_uuid": "322c8c60-2b82-4ac4-90d5-54ca1fee130b,
  9.   "exp": 1550591677,
  10.   "jti": "d6562c41-e0d4-4f03-8b72-455d691b44d6",
  11.   "client_id": "onespan"
  12. }

Token

eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uIjp7InJvbGUiOiJCb3Jyb3dlciJ9LCJzY29wZSI6WyJzZXNzaW9uX2NyZWF0aW9uX2F1dGhvcml6YXRpb25fY29kZSJdLCJ0cmFuc2FjdGlvbl91dWlkIjoiMzIyYzhjNjAtMmI4Mi00YWM0LTkwZDUtNTRjYTFmZWUxMzBiIiwiZXhwIjoxNTUwNTkxNjc3LCJqdGkiOiJkNjU2MmM0MS1lMGQ0LTRmMDMtOGI3Mi00NTVkNjkxYjQ0ZDYiLCJjbGllbnRfaWQiOiJkZWFsZmx
vIn0.7Sa-H9SvN9DT9nK4_Jsdcct2oyNdVW2fC9g6aOrhBG Fbor-FuwG3QL9bL0PaHu-2