elu

How to identify sessionUser from JSON response payload via Rest API

0 votes
Hello, Our team has started the integration with eSignLive REST API to create and send packages, sign the documents and get response payload from callback listener. We have a question regarding the sessionUser. After we created and sent a package using the url as https://sandbox.esignlive.com/api/packages, we were able to get a packageId from the response. The sample JSON content we passed in the request is like below:
{
   "roles":[
      {
         "locked":false,
         "emailMessage":{
            "content":""
         },
         "attachmentRequirements":[

         ],
         "reassign":false,
         "specialTypes":[

         ],
         "id":"Signer",
         "data":null,
         "type":"SIGNER",
         "index":0,
         "signers":[
            {
               "auth":{
                  "challenges":[

                  ],
                  "scheme":"NONE"
               },
               "company":"",
               "firstName":"John",
               "lastName":"Smith",
               "phone":"",
               "email":"[email protected]",
               "knowledgeBasedAuthentication":null,
               "language":"en",
               "title":"",
               "external":null,
               "professionalIdentityFields":[

               ],
               "userCustomFields":[

               ],
               "delivery":{
                  "email":false,
                  "provider":false,
                  "download":false
               },
               "group":null,
               "id":"12345",
               "signature":null,
               "address":null,
               "data":null,
               "name":"",
               "specialTypes":[

               ]
            }
         ],
         "name":"Signer"
      }
   ],
   "documents":[
      {
         "approvals":[
            {
               "role":"Signer",
               "signed":null,
               "accepted":null,
               "data":null,
               "fields":[
                  {
                     "page":0,
                     "subtype":"CAPTURE",
                     "width":276,
                     "binding":null,
                     "extract":false,
                     "extractAnchor":null,
                     "left":46,
                     "top":358,
                     "validation":null,
                     "height":22,
                     "data":null,
                     "type":"SIGNATURE",
                     "value":"John Smith"
                  },
                  {
                     "page":0,
                     "subtype":"LABEL",
                     "width":200,
                     "binding":"{approval.signed}",
                     "extract":false,
                     "extractAnchor":null,
                     "left":340,
                     "top":358,
                     "validation":null,
                     "height":22,
                     "data":null,
                     "type":"INPUT",
                     "value":"dd/MM/yyyy"
                  }
               ],
               "name":""
            }
         ],
         "name":"Order Agreement"
      }
   ],
   "name":"Thin Slice Demo Package",
   "type":"PACKAGE",
   "language":"en",
   "emailMessage":"",
   "description":"Demo Package",
   "autoComplete":true,
   "status":"SENT"
}
From here, we set up a signer with ID 12345 and an email address. In terms of the callback response payload, what we got is like below:
{
	"@class":"com.silanis.esl.packages.event.ESLProcessEvent",
	"name":"SIGNER_COMPLETE",
	"sessionUser":"b5eb623e-2e3f-495a-82c0-810cf7e764dc",
	"packageId":"yHOL1TGWL9UmX20NTe7YQ9V6ASY=",
	"message":null,
	"documentId":null,
	"createdDate":"2017-06-26T19:12:17.563Z"	
}
There's no way for use to identify who has signed the document at this moment. So the question is how do we identify who has signed the document by using REST API not Java SDK? All the best, Eddy 27/06/2017

Approved Answer

Reply to: How to identify sessionUser from JSON response payload via Rest API

1 votes

It looks like you need to whitelist the IP address of the sandbox environment: https://community.onespan.com/documentation/onespan-sign/guides/quick-start-guides/developer/environment-urls-ip-addresses#aanchor88 And to your second question, you only really need to make a second call if you don't set any signer id. Since you are setting a signer id, you can keep track of that in your code since you already know who sessionUser 12345 is. Therefore, you don't need to make a GET call.

Haris Haidary OneSpan Technical Consultant

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
Hi Eddy, The sessionUser lines up with the signer id. Looking at your package 'yHOL1TGWL9UmX20NTe7YQ9V6ASY=', it looks like you didn't assign a signer id (i am guessing you created this package from the user interface as a test). That's why you received a randomly generated signer id from esignlive as a session user. If you do a GET https://sandbox.esignlive.com/api/packages/yHOL1TGWL9UmX20NTe7YQ9V6ASY=, you will see that the sessionUser is the same as the signer id for signer 'univeris test'.
Haris Haidary OneSpan Technical Consultant

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
Hello Haris, Thanks for quick response. You're right, I have some problems in integrating with your REST API behind our company's firewall, so I created a package and signed the document from your sandbox env. The reason I was doing this is trying to simulate the workflow and test my callback listener. Unfortunately I got a failure email saying Failed to communicate with the callback server. URL: https://35.182.12.55/approvals/api/esl/events Payload: {"@class":"com.silanis.esl.packages.event.ESLProcessEvent","name":"SIGNER_COMPLETE","sessionUser":"e862440a-7647-4897-b239-b44e012c00c3","packageId":"qNlPbrVyAIoGgHj9t_18_5Um1qk=","message":null,"documentId":null,"createdDate":"2017-06-27T20:02:19.277Z"}. The callback URL starts with a firewall IP address. I have no clue what is going wrong out there? Any idea is highly appreciated. In reality, we don't create and send packages via the UI but our app instead, for example with the json content listed in the previous post as well, we got the package Id tFOcD4SRAMnu-NHCoNAPQllq02Q=. So from your word, we have to make a second call to get package info by the id and match the sessionUser ? Thanks, Eddy

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
Cool, I bet you're right but let me try it out and see how it's going. Thanks for the kind reply.

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
Hello Haris, It seems I've made some positive progress but for a second call inside my callback listener to endpoint /packages/{packageId}, I got a 403 error code that says "user: K9znX1pm0tU9 does not have VIEW access to package: IAGbdVatDHEwvAMmkTV8yCewY8o=". Here K9znX1pm0tU9 means a sessionUser, right? What do I need to do so as to get passed and retrieve the actual payload? Thanks, Eddy

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
Hi Eddy, I'm not sure I am following here. What are you trying to do after receiving the SIGNER_COMPLETE event?
Haris Haidary OneSpan Technical Consultant

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
Hello Haris, Sorry about my previous comment if you've already seen it. I was using a wrong API KEY that is another developer's. So I removed it. The problem now is the roles are empty. Can you help me verify if the roles are empty based on the packageId "IAGbdVatDHEwvAMmkTV8yCewY8o="? Thanks.

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
What do you mean by roles being empty? Were you able to send the package above? If so, then the roles are definitely not empty. You can do the following call to retrieve your roles in transaction: GET https://sandbox.esignlive.com/api/packages/{packageId}/roles
Haris Haidary OneSpan Technical Consultant

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
Hello Haris, I was trying to use GET: /packages/{packageId} to see if I can get a signerId from roles within the response payload. But the roles were empty. This morning I tried another integration testing regarding the callback listener. I couldn't find any update from within our app after I signed the document and noticed the status is completed in iframe. Also there's nothing failed in our server logs. But when I used Postman to simulate the callback with the similar json response body, I was able to see the change from my local app server. Any clue? Thanks, Eddy

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
Then, your callback listener is definitely not receiving the json payloads from esignlive . Make sure those IPs that I posted previously are whitelisted. Did you try making a postman call to your listener outside of your network?
Haris Haidary OneSpan Technical Consultant

Reply to: How to identify sessionUser from JSON response payload via Rest API

0 votes
Hello Haris, Everything works well now after having spent hours with our DevOps guys investigating issues. End to end testing is actually good since the first time but there're some settings in our firewall and web server. Thanks for your patience and great help. Eddy

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off