Bikram | Posts: 33

Creating Sender Account

0 votes

Hello Duo, 

We are implementing sender account API key for creating transaction on behalf of the sender. While creating a sender's API key, I have found that if the sender ID is same, the API key generated is always the same. In this case, we can save the sender's API key in the database so that next time we don't have to generate the API key again hitting the onespan end point.

If the API key generated for particular sender is always same, we can save the API key in the database otherwise we have to hit the api key generator end point every time? 

What do you recommend ? Saving the api key in the database or use it dynamically hitting the one span endpoint every time. 

 

Thank you 


Approved Answer
Duo_Liang | Posts: 3776

Reply to: Creating Sender Account

0 votes

Hi Bikram,

 

Thanks for your post!

For your question, yes, the API Key will be the same for the same sender ID and you can store it in your local database instead of query every time.

On top of that for better security, it's also suggested to register a client application, retrieve an access token (valid for 30 minutes) for the sender, and authenticate the API calls with this API token instead of API key. You can refer to my blog for more detailed information:
https://www.onespan.com/blog/onespan-sign-release-1134-api-token-client-application

 

Duo


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off