OneSpan Identity Verification REST API

The OneSpan Identity Verification REST API is organized around the Transaction model. This model is fully defined by JSON schemas that can be used to generate client-side libraries for accessing the API.

With the OneSpan Identity Verification REST API, the following actions are available:

  • Create and execute e-agreement workflows
  • Define and parametrize workflow instances
  • Provide and manipulate documents
  • Query transaction information
  • Provide personal details of e-agreement process participants
  • Define/assign roles to signers
  • Provide metadata as additional evidence
  • Retrieve signed agreements, audit-trail, and electronic evidence
  • Delete transactions

The OneSpan Identity Verification JSON model defines several key entities:

The requests described in this section require a JSON Web Token (JWT) in the Bearer header. Depending on the request, the JWT must possess the corresponding role:

  • For requests to access a transaction, the JWT must contain the transaction access role.
  • For requests to access a session, the JWT must contain the session access role.
  • For requests to access evidence, the JWT must contain the evidence access role.

For more information, see JSON Web Tokens .

Overview of API endpoints

Create transaction

  1. PUT /api/transaction/ HTTP1.1
  2. Host: onespan.com
  3. Accept: application/json, text/javascript

For more information, see Create transaction.

Get transaction status and metadata

  1. GET /api/transaction/uuid: transaction_id(?withVerifications=true/false optional) HTTP1.1
  2. Host: onespan.com

For more information, see Get transaction status and metadata.

Get transaction verification

  1. GET /api/transaction/uuid: transaction_id/verification HTTP/1.1
  2. Host: onespan.com
  3. Accept: application/json, text/javascript

For more information, see Get transaction verification.

Get evidence

  1. GET /api/transaction/uuid: transaction_id/document/AuditTrailDocument/pdf
  2. Host: onespan.com
  3. Accept: application/json, application/pdf

For more information, see Get evidence.

Get document

  1. GET /api/transaction/uuid: transaction_id/document/document_id/pdf HTTP/1.1
  2. Host: onespan.com
  3. Accept: application/json, text/javascript

For more information, see Get document.

Cancel transaction

  1. PUT /api/transaction/uuid: transaction_id/event
  2. Host: onespan.com
  3. Accept: application/json, text/javascript

For more information, see Cancel transaction.

Mark transaction for erasure

  1. POST /api/transactions/mark-for-erasure
  2. Authorization: Bearer token
  3. Content-Type: application/json
  4. X-Tenant: dealflo

For more information, see Mark transaction for erasure.

Unmark transaction for erasure

  1. POST /api/transactions/unmark-for-erasure
  2. Authorization: Bearer token
  3. Content-Type: application/json
  4. X-Tenant: dealflo

For more information, see Unmark transaction for erasure.

Create session creation token

  1. POST /api/transaction/uuid: transaction_id/token HTTP /1.1
  2. Host: onespan.com
  3. Accept: application/json, text/javascript

For more information, see Create session creation token.

Generate audit trail

  1. POST /api/transactions/uuid: transaction_id/generate-audit-trail
  2. Authorization: Bearer token

For more information, see Generate audit trail on demand.

Download audit trail document

  1. GET /api/transactions/uuid: transaction_id/data
  2. Authorization: Bearer token

For more information, see Generate audit trail on demand.

Get URL of verification images

  1. GET /api/transactions/transaction_id/verifications/verification_id/verification-images
  2. Host: onespan.com
  3. Accept: application/json

For more information, see Retrieve verification images.

Download image binary data

  1. GET /api/transactions/transaction_id/data?url=sfs_url

For more information, see Retrieve verification images.

Detailed verification report

  1. GET /api/transactions/id/detailed-verification-report
  2. Authorization: Bearer tenant_access_token

For more information, see Detailed verification report.