Integration of message-based transaction data signing

Message-based transaction data signing is a type of transaction data signing that supports virtual signatures that are sent via email, SMS, or voice delivery to a mobile device. A virtual signature consists of a one-time password (OTP) and signature data fields that are unique to the pending transaction.

This type of transaction requires a virtual authenticator that supports VDP Sign.

Prerequisites

To ensure successful message-based transaction data signing, the following prerequisites must be met:

  • The user exists in OneSpan Cloud Authentication.
  • A virtual authenticator that supports VDP Sign must be assigned to the user in OneSpan Cloud Authentication.
  • The user must provide a valid phone number and/or email address.

Message-based transaction data signing via virtual signature

Message-based transaction data signing - overview

Sequence of a message-based transaction data signing operation via virtual signature

  1. The user initiates the operation from their browser. They enter their credentials which triggers the client application to initiate the signature generation request to the OneSpan Trusted Identity platform API with a call to the POST /users/{userID@domain}/generate-virtual-signature endpoint.
  2. The Authentication component verifies the user credentials.
  3. The Authentication component generates the signature and contacts the Message Delivery component.
  4. The Message Delivery component forwards the message, which consists of an OTP and signature data fields, via the specified delivery method (SMS/ email/ voice call) to the mobile device of the user.
  5. The user verifies the signature data fields and enters the one-time password (OTP) into their client application.
  6. The client application sends the transaction validation request to the OneSpan Trusted Identity platform API with a call to the POST /users​/{userID@domain}​/transactions​/validate endpoint. The request contains the OTP and the signature data fields.
  7. The Authentication component validates the signature and confirms the transaction.

To integrate message-based transaction data signing via virtual signature

  1. Issue a generate virtual signature request with a call to the POST /users/{userID@domain}/generate-virtual-signature endpoint and provide the following information:

    • Payload:
      • dataFields
      • credentials
      • deliveryMethod
  2. Issue a transaction validation request with a call to the POST /users​/{userID@domain}​/transactions​/validate endpoint and provide the following information:

    • Payload:
      • objectType: “TransactionValidationInput”
      • data.standard
        • dataFields
        • signature