Login
    Contents x
    Authentication Tokens
    • 06 May 2025
    • 6 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Authentication Tokens

    • Updated on 06 May 2025
    • 6 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    The content discusses various types of authentication tokens used to obtain valid sessions for users in a system. The main types include userAuthToken, senderAuthToken, signerAuthToken, and singleUseSignerAuthToken, with the exception of signerAuthToken, all being single-use. Each token has a default expiry time of 30 minutes. User authentication tokens provide complete account access, while sender tokens grant access to specific packages. Signer tokens can be used multiple times or as single-use tokens. The document provides code examples for creating these tokens and accessing the OneSpan Sign account or specific transactions through constructed URLs. Additionally, it mentions the use of HTTP requests for generating these tokens in different SDKs, including Java, .NET, REST API, and APEX SDKs, emphasizing the importance of authentication in managing user sessions securely.

    Java SDK .NET SDK REST API APEX SDK

    Java SDK

    To download the full code sample see our Code Share site.

    An authentication token is used to obtain a valid session for a particular user of the system. This topic introduces the following types of authentication tokens:

    • userAuthToken

    • senderAuthToken

    • signerAuthToken

    • singleUseSignerAuthToken.

    With the exception of signerAuthToken these tokens are all single-use. The default expiry time for all these tokens is 30 minutes.

    The Code

    User Authentication Tokens

    A user authentication token is a token that can be used to obtain a session for a user with complete access to the account. The following code will create a user authentication token:

     // Generate a user authentication token using the eSignLive client
String userAuthToken = eslClient
    .getAuthenticationTokensService()  // Access the authentication tokens service
    .createUserAuthenticationToken();  // Create a new user authentication token

    Using the user authentication token, you can access your OneSpan Sign account by building the following URL:

    https://sandbox.esignlive.com/auth?authenticationToken={userToken}&target=https://sandbox.esignlive.com/a/dashboard

    Sender Authentication Tokens

    A sender authentication token is token that can be used to obtain a session for a sender with access only to a specific package.The following code will create a sender authentication token:

    // Generate a sender authentication token using the eSignLive client
String senderAuthToken = eslClient
    .getAuthenticationTokensService()  // Access the authentication tokens service
    .createsenderAuthenticationToken(packageId);  // Create a new sender authentication token for the specified package

    Using the sender authentication token, you can access the package by building the following URL:

    https://sandbox.esignlive.com/auth?senderAuthenticationToken={senderToken}&target=https://sandbox.esignlive.com/a/transaction/{packageId}

    Signer Authentication Tokens

    A signer authentication token is a token that can be used to obtain a session for a signer with access to the Signer Experience.The following code will create a signer authentication token:

    // Generate a signer authentication token using the eSignLive client
String signerAuthToken = eslClient
    .getAuthenticationTokensService()  // Access the authentication tokens service
    .createSignerAuthenticationToken(packageId, signerId);  // Create a new signer authentication token for the specified package and signer

    The signer token above can be used multiple times.You can also create a signer token with a single use:

    // Generate a single-use authentication token for a signer
String singleUseToken = eslClient
    // Access the authentication tokens service from the client
    .getAuthenticationTokensService()
    // Create a single-use authentication token for the specified signer in the given package
    .createSignerAuthenticationTokenForSingleUse(packageId, signerId, signerSessionFields);

    Using the signer authentication token, you can obtain a signing session by building the following URL:

    https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}

    .NET SDK

    To download the full code sample see our Code Share site.

    An authentication token is used to obtain a valid session for a particular user of the system. This topic introduces the following types of authentication tokens:

    • userAuthToken

    • senderAuthToken

    • signerAuthToken

    • singleUseSignerAuthToken.

    With the exception of signerAuthToken these tokens are all single-use. The default expiry time for all these tokens is 30 minutes.

    The Code

    User Authentication Tokens

    A user authentication token is a token that can be used to obtain a session for a user with complete access to the account. The following code will create a user authentication token:

    string userAuthToken = eslClient
    .AuthenticationTokenService
    .CreateUserAuthenticationToken();

    Using the user authentication token, you can access your OneSpan Sign account by building the following URL:

    https://sandbox.esignlive.com/auth?authenticationToken={userToken}&target=https://sandbox.esignlive.com/a/dashboard

    Sender Authentication Tokens

    A sender authentication token is a token that can be used to obtain a session for a sender with access only to a specific package. The following code will create a sender authentication token:

     string senderAuthToken = eslClient
    .AuthenticationTokenService
    .CreateSenderAuthenticationToken(new PackageId(packageId));

    Using the sender authentication token, you can access the transaction by building the following URL:

    https://sandbox.esignlive.com/auth?senderAuthenticationToken={senderToken}&target=https://sandbox.esignlive.com/a/transaction/{packageId}

    Signer Authentication Tokens

    A signer authentication token is a token that can be used to obtain a session for a signer with access to the Signer Experience.The following code will create a signer authentication token:

    string signerAuthToken = eslClient
    .AuthenticationTokenService
    .CreateSignerAuthenticationToken(new PackageId(packageId), signerId);

    The signer token above can be used multiple times.You can also create a signer token with a single use:

    string singleUseToken = eslClient
    .AuthenticationTokensService
    .CreateSignerAuthenticationTokenForSingleUse(packageId, signerId, signerSessionFields);

    Using the signer authentication token, you can obtain a signing session by building the following URL:

    https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}

    REST API

    To download the full code sample see our Code Share site.

    An authentication token is used to obtain a valid session for a particular user of the system. This topic introduces the following types of authentication tokens:

    • userAuthToken

    • senderAuthToken

    • signerAuthToken

    • singleUseSignerAuthToken.

    With the exception of signerAuthToken these tokens are all single-use. The default expiry time for all these tokens is 30 minutes.

    The Code

    User Authentication Tokens

    A user authentication token is a token that can be used to obtain a session for a user with complete access to the account. The following code will create a user authentication token:

    HTTP Request

    POST /api/authenticationTokens/user

    HTTP Headers

    Accept: application/json   
Authorization: Basic api_key

    For a complete description of each field, see the Request Payload table below.

    Response Payload

    {
    "value": "MjY0MjQ4MzgtMTJlOS00MzhjLTgzODMtMzJmMGNiZTg3ODBl"
}

    Using the user authentication token, you can access your OneSpan Sign account by building the following URL:

    https://sandbox.esignlive.com/auth?authenticationToken={userToken}&target=https://sandbox.esignlive.com/a/dashboard

    Sender Authentication Tokens

    A sender authentication token is a token that can be used to obtain a session for a sender with access only to a specific package. The following code will create a sender authentication token:

    HTTP Request

    POST /api/authenticationTokens/sender

    HTTP Headers

    Accept: application/json   
Content-Type: application/json   
Authorization: Basic api_key

    Request Payload

    {
    "packageId": "5vjLRY5MWrDJ6MzRAEyCKOy5IH0="
}

    Response Payload

    {
    "value": "MjY0MjQ4MzgtMTJlOS00MzhjLTgzODMtMzJmMGNiZTg3ODBl"
}

    Using the sender authentication token, you can access the transaction by building the following URL:

    https://sandbox.esignlive.com/auth?senderAuthenticationToken={senderToken}&target=https://sandbox.esignlive.com/a/transaction/{packageId}

    Signer Authentication Tokens

    A signer authentication token is a token that can be used to obtain a session for a signer with access to the Signer Experience. The following code will create a signer authentication token:

    HTTP Request

    POST /api/authenticationTokens/signer/multiUse

    HTTP Headers

    Accept: application/json   
Content-Type: application/json   
Authorization: Basic api_key

    Request Payload

    {
    "packageId": "5vjLRY5MWrDJ6MzRAEyCKOy5IH0=","signerId": "8b734331-bc5b-4843-9784-d4ece4b7dc22"
}

    Response Payload

    {
    "packageId": "5vjLRY5MWrDJ6MzRAEyCKOy5IH0=","signerId": "8b734331-bc5b-4843-9784-d4ece4b7dc22",
    "value": "ZDNmMDNiNGUtNGYxOC00YWZiLTkwMmUtNWE5YmIwZTRjZDg1"
}

    The signer token above can be used multiple times. You can also create a signer token with a single use:

    HTTP Request

    POST /api/authenticationTokens/signer/singleUse

    HTTP Headers

    Accept: application/json   
Content-Type: application/json   
Authorization: Basic api_key

    Request Payload

     {   "packageId":"s-wy6PFASBlAKfnLJjcbzoaMyTg=","signerId":"cd9lbzvjgblygdncdz3x@esignlive.com"   }

    Response Payload

    {
    "packageId": "s-wy6PFASBlAKfnLJjcbzoaMyTg=","signerId": "cd9lbzvjgblygdncdz3x@esignlive.com"
}

    Using the signer authentication token, you can obtain a signing session by building the following URL:

    https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}

    Request Payload Table

    Property

    Type

    Editable

    Required

    Default

    Sample Values

    packageID

    string

    No

    No

    n/a

    5vjLRY5MWrDJ6MzRAEyCKOy5IH0=

    signerId

    string

    Yes

    No

    n/a

    8b734331-bc5b-4843-9784-d4ece4b7dc22

    value

    string

    No

    No

    n/a

    ZDNmMDNiNGUtNGYxOC00YWZiLTkwMmUtNWE5YmIwZTRjZDg1

    APEX SDK

    To download the full code sample see our Code Share site.

    An authentication token is used to obtain a valid session for a particular user of the system. This topic introduces the following types of authentication tokens:

    • userAuthToken

    • senderAuthToken

    • signerAuthToken

    • singleUseSignerAuthToken.

    With the exception of signerAuthToken these tokens are all single-use. The default expiry time for all these tokens is 30 minutes.

    The Code

    User Authentication Tokens

    A user authentication token is a token that can be used to obtain a session for a user with complete access to the account. The following code will create a user authentication token:

     public String createUserAuthenticationToken() {
    // Your implementation here
}

    Using the user authentication token, you can access your OneSpan Sign account by building the following URL:

    https://sandbox.esignlive.com/auth?authenticationToken={userToken}&target=https://sandbox.esignlive.com/a/dashboard

    Sender Authentication Tokens

    A sender authentication token is token that can be used to obtain a session for a sender with access only to a specific package. The following code will create a sender authentication token:

    public String createsenderAuthenticationToken(String packageId) {
    // Your implementation here
}

    Using the sender authentication token, you can access the transaction by building the following URL:

    https://sandbox.esignlive.com/auth?senderAuthenticationToken={senderToken}&target=https://sandbox.esignlive.com/a/transaction/{packageId}

    Signer Authentication Tokens

    A signer authentication token is a token that can be used to obtain a session for a signer with access to the Signer Experience. The following code will create a signer authentication token:

     public String createSignerAuthenticationTokenForMultiUse(String packageId, String signerId)

    The signer token above can be used multiple times. You can also create a signer token with a single use:

    public String createSignerAuthenticationTokenForMultiUse(String packageId, String signerId) {
    // Your implementation here
}

    Signer ID in this function can also be replaced by Signer Email.Using the signer authentication token, you can obtain a signing session by building the following URL:

    https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant