Release 25.R3: May 2025 (Coming soon!)
  • 27 May 2025
  • 7 Minutes to read
  • Dark
    Light
  • PDF

Release 25.R3: May 2025 (Coming soon!)

  • Dark
    Light
  • PDF

Article summary

Changed Behavior

Here are some of the changes in behavior that you might want to be aware of.

Improved API Key Generation

To increase the security of our API keys, we have implemented a new generation algorithm that will generate longer keys. This change means that all existing API keys have been converted to follow the new format. Additionally, any new keys that are created with the creation of a new user will also follow this new format.

Note that any integrations that were implemented using the older keys will continue to work. These keys will remain functional until March 1, 2026. At this time the shorter API keys will no longer work.

What do I need to do?

To prepare for this change OneSpan recommends that you do the following:

  1. Validate that your systems and applications can accommodate the new longer API key format. This may involve changes to your codebase and configuration settings.

  2. Plan your migration to the new longer API key format as soon as possible. While these keys will be generated for you, any integrations that you have made using the shorter key format will have to be manually updated.

  3. Migrate your Sandbox environments to the new API key format. To ensure a smooth transition we strongly recommend testing the new longer API keys in our Sandbox environment before the Production rollout.

  4. Once you have successfully migrated your Sandbox environments, migrate your Production environments to the new API key format.

Should you need any assistance during this transition phase, please contact our Support Team .

Additional Changes in Behavior

  • We have introduced additional validation for callback URLs to improve security and prevent misconfigurations. This includes stricter checks for IP addresses (IPv4 & IPv6), domain names, and URL schemes. (refs PB-82547)

  • Our out-of-the-box signer email templates now include additional warnings that remind signers not to forward or sign any unexpected signing requests. (refs PB-115478)

Upcoming Changes

Here are some of the new features, changes, and enhancements that we will be introducing in an upcoming release.

Deprecation of Legacy TLS Ciphers

As part of our ongoing commitment to security we'll be deprecating some legacy TLS ciphers. We will be phasing out the following ciphers on the following dates:

Type

Environment

Phase Out Date

Cipher suites not supporting Forward Secrecy

US2 Sandbox

June 30, 2025

Cipher suites not supporting Forward Secrecy

All other environments

August 30, 2025

Cipher suites using the CBC algorithm

US2 Sandbox

February 28, 2026

Cipher suites using the CBC algorithm

All other environments

June 30, 2026

What do I need to do?

We recommend that you start working with your IT team immediately to ensure that your integration framework does not use any of the above-mentioned cipher suites. Once completed, please test your OneSpan Sign Sandbox environment to ensure that all TLS communications are working properly. This is an important step that ensures that your organization does not encounter service disruptions.

Changes to the email.delegation.activate template

In an upcoming release, the out of the box email.delegation.activate email template will be updated to include the delegation start date. (refs PB-116151)

The string Your role as a delegate will expire on: $EXPIRY_DATE;. will change to Your role as a delegate will span from $DELEGATION_START_DATE; to $EXPIRY_DATE;.

No changes will be made to the email.delegation.activate email at the account level.

What's New

Here are some of the new features and enhancements we have made for this release.

Ad Hoc Group General Availability:

We are pleased to announce that our Ad Hoc Groups are now in GA!

In addition to all the great features introduced in our BETA versions of this feature, this new release now includes the following enhancements: (refs PB-113276)

  • You can now add "Myself" as a member of an Ad Hoc Group

  • Using the Sender UI, you can now add the same recipient as both an individual signer, and as an ad hoc group member.

  • Duplicate signers can be used

  • Attachments can be added

  • The Electronic Disclosures and Signatures Consent document will now be displayed for all members of the Ad Hoc Group

  • The Mobile Capture signature type is available

  • Document and Text Tag extraction are now supported

  • Saving and applying a layout with ad hoc groups

  • Reporting

Counter Signing General Availability

We are pleased to announce that Counter Signing is also available in GA! (refs PB-113633)

In addition to the features added during our BETA release, this release also adds the ability to use Sender Groups for counter signing. This enhancement covers the entire end-to-end flow—from configuring counter signers in the Sender UI to completing the Signer Experience — ensuring smooth transaction creation, signing, and completion.

Enhanced Transaction Analytics Reports

We continue to improve and enhance our Transaction Analytics Reports. Some of the improvements we have made for this release include:

  • More descriptive filter names: We have renamed some of our transaction filters, for ease of understanding.

  • New filters: We have added the following new filters to help you narrow down the information you are looking for even further.

    • Status: This filter helps you find transactions that fit a specific status, such as Completed or Declined (available on the Transaction Performance dashboard).

    • Completion time: This filter allows you to see only the transactions that fit the time period you are looking for (available on the Transaction Velocity dashboard).

  • The ability to zoom in on transaction time frames: Using the Drill up or Drill down features, you can focus on a particular time period (using the Created date filter) to view transactions from that time. This can range from an annual overview down to a detailed minute-by-minute analysis.

  • Reset, Undo, and Redo Actions: You can now reset or redo your most recent actions.

  • A new 30-minute completion time category: The Transaction Completion Time Breakdown chart can now display transactions that were completed in 30 minutes or less. This filter is available on the Transaction Velocity dashboard.

  • New and improved transaction volume charts: We have changed our Transaction Volume Breakdown chart so that it now displays information in a bar chart, and we have added a new Transaction Volume Trend chart.

Note the following:

  • This feature is only available for users with Admin or Manager roles, or users with the Reports permission enabled for them.

  • To enable transaction analytics, you must contact our Support Team

  • Data for these reports is collected from transactions that were created on or after January 1, 2024, and NOT purged or deleted before March 31, 2025. Any transaction that was deleted before this date will not be used in these reports. However, starting in April 2025 all transaction data, including from any transactions that were purged or deleted on or after April 1, 2025, will be included.

Overview of transaction statistics including status breakdown and performance trends.

New Delegator API

You can now use an API to see the delegators that are available for a particular sender. This API can be found in our Interactive API by navigating to /api/session/delegators/{senderId}. (refs DAG-266)

New introductory walk through!

Our enhanced product walkthrough for new users is now available. With this improved walkthrough new users can follow a step-by-step guide to creating, preparing, and sending their first transaction. (refs PB-111168)

Welcome message prompting users to start their first transaction with e-signatures.

Rate limiting

We have implemented a rate limiting functionality that will limit the number of notifications a single user will get. This will help prevent signers from being spammed with unnecessary notifications. The current rate limit is 20 notifications within a 2-hour span. Should you need this to be changed, contact our Support Team .

Workflow Integrations

We have made more enhancements to the Workday Business Process framework that we introduced in Release 25.R.2. (refs DAG-172)

OneSpan Sign for SharePoint Enhancements

  • Users can now add an authentication method (SMS, Q&A) for contacts.

  • You can now define a signing order for your contacts. Note that the signing order range is from 0 to 99, and that we recommend that you set a default signing order. If more than one contact has the same signing order assigned to them, then parallel signing is enforced.

Workday Business Process Enhancements

You can now use signing as a sub-process within the Workday Business Process, beginning with the Workday Review Document phase.

With this integration documents can be dynamically retrieved based on events from the Workday business process.

These documents can be retrieved from the following sources:

  • A generated report. For example, an offer letter.

  • A static document, such a Non-Disclosure Agreement (NDA).

  • An attachment that is uploaded in real-time, intended solely for OSS review

Bug Fixes

The following issues were resolved in this release:

Integrators

  • Attempting to use the API call /api/account/usage would sometimes result in a 500 error (timed out). This error no longer appears. (refs PB-108395)

Senders

  • When editing and resending a transaction the transaction’s Expiry Date was not always accurate. This has been fixed. (refs PB-114251)

  • In Australian environments the Expiry Date on certain transactions was also not always accurate. This occurred during the switch to Daylight Savings time and was caused by a miscalculation in hours (which would be off by one or two). This has been fixed and the correct Expiry Date now appears. (refs PB-114354)

Signers

  • We have resolved a problem where the default value of a field would not appear during the signing ceremony when conditions were linked to that field. (refs PB-114666)

Vaulting

  • An EDEPOSIT_FAILURE callback message was sometimes reported when optional fields in a transaction were missing. As these fields were optional, this warning should not have appeared. This has been corrected. (refs PB-114578)

Vulnerabilities

We have addressed an issue where a transaction having a name that starts with any of the characters listed below would result in a formula being applied in the downloaded report. Now when a transaction name starts with any of the following symbols it will be preceded with a ' in the downloaded report. (refs PB-99804)

=

-

+

@


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant