Hey guys, 

I'm trying to put together the following flow:

  1. Create a Package through Postman using the following payload.
  2. Add a document through a azure function (Its working).
  3. Update Package from Draft to Sent by making a Put request with only { "status": "SENT" }.

The last step always returns 


    "messageKey": "error.validation.sendPackage.noApprovals",

    "message": "Cannot send package without approvals.",

    "code": 400,



I am trying to interface with OneSpan Sign using the REST API. I am using the LotusScript language on a HCL Notes / Domino platform.

When I send a package with no document, including only the json, it works fine. When I try to add a document using a MIME message, I always get the 406 Not Acceptable error message. I did some research in the forums but couldn't find any helpful help for this error.

HTTP request:


I'm querying packages from OneSpan Sign REST API. I don't use any filters, so I expect to get all of the packages. There are two, one in the inbox, and one in the drafts folder. 

Here's query

curl -X GET "" -H "accept: application/json; esl-api-version=11" -H "Authorization: Basic API KEY"

Response contains JSON with


   "count": 2"

   "results": [ ... ]



I am testing on the Sandbox the /generate-votp service I successfully tested the Email Flow, but when i tried to test the SMS  i recived the following error:"status": 500, "error": "Internal Server Error", "message": "Unable to execute request", "service": "authenticator-management",

My Questions are:

Is SMS sending flow enabled on the sandbox?

What should i put on the "mdcProfile" field if i am from Latin America?




Hi, i am trying to use the POST api /api​/packages​/{packageId}​/attachment​/{attachmentId} to add an attachment to a package but i always receive the below reply.

I am testing it through the swagger of the community portal. Any idea on the reason of the error?

{ "messageKey": "error.forbidden.operationNotAllowed", "technical": "User is not in a role to modify attachment.", "message": "Operation not allowed.", "code": 403, "name": "Access Denied" }