OneSpan Sign Developer: Account Invite and Password Reset
In our previous blog, “Retrieve Sender Packages”, we discussed the concepts around and the differences between Account Owners and Account Members (Senders). As an account owner, adding senders with different emails is very useful, because it grants them the ability to send and handle transactions separately. Here, we’ll take a closer look at how to invite/create a sender to your main account.
The following picture shows you how to invite a sender using either a REST or SDK method:
Note:
The most common error message you may encounter is:
{"messageKey":"error.validation.senderAlreadyMemberOfAnother","message":"Sender is already a member of another account.","code":400,"name":"Validation Error"}
Because in a single portal environment, such as Sandbox US V11, one email can only become a sender under one main account. Therefore, this error occurs because you are inviting an email account that has already become an account owner or an account member.
But it will be fine if you are ready to go live on production and create senders with the same email in the new environment. According to the restriction we talked above, the Sandbox and PROD are different environments, so the accounts are mutually independent.
“INVITED” vs “ACTIVE”
In the above example, we invited a new sender to our account with the status of “INVITED” which is a standard workflow to add a sender. While in OneSpan Sign, you can also skip the invitation email and add a sender directly with “ACTIVE” status when you don’t need your senders to set their password and basic profile. We will explain these two concepts separately.
INVITED: The INVITED status is a pending status, and OneSpan Sign will send an email to your invited email prompting sender to fill in some basic user information, such as first name, last name, and password. After this information is submitted, the new sender’s status will change to “ACTIVE”.
Note:
The first and last names that OneSpan Sign originally had on file will be overwritten by whatever the user actually inputs when they are invited.
ACTIVE: Instead of creating a sender with the INVITED status, you can directly set your sender’s status to ACTIVE without requesting user information and prompting them to create a password. Doing so will not limit the functionality of the account, you can still retrieve the sender’s API key and call APIs for your sender. The primary difference between these two approaches is that a sender set immediately to ACTIVE will not have a set password. This prevents the sender from logging onto the Web Portal currently.
To send the invitation email manually, you can call following API:
POST /api/account/senders/{roleID}/invite
For other management on Senders, you can have a check on Senders Guide.
Password Reset
When you have a need to reset your password, you can click “Forgot your password” at your Web Portal Login page and input an account email. In response, a password reset email will be sent. With OneSpan Sign, we have an API interface for this:
HTTP Request
POST /api/account/senders/{roleID}/resetpassword
HTTP Headers
Accept: application/json
Authorization: Basic api_key
Note:
This API is just for sending a reset email to the sender’s email address. It won’t change your password directly.
Unlike on the Web Portal, you can send a reset email to any account. With this API, you can only send a reset email to senders under your account owner and not your main account or senders under other accounts.
The email templates for both Account Invitation and Password-Rest Request can be customized if you contact our support team at [email protected].
Besides resetting password from Email, you can also change your password at your Web UI dashboard. The Password section from “My Account” page enables you to change your account's password by giving the current password.
If you have any questions regarding this blog or anything else concerning integrating OneSpan Sign into your application, visit the Developer Community Forums. Your feedback matters to us!