Version 3.28 (December 2025)

A new cleanup strategy for the bulkCleanupDigipass command has been added. The new DigipassInstancesWithoutPNID strategy deletes all authenticator instances that have no DIGIPASS Push Notification Identifier (PNID) assigned and were never used (last authentication time is not set). The PNID is implicitly set when an authenticator instance is bound to a mobile app. The last authentication time is initially set when the authenticator instance is effectively activated.

The bulkCleanupDigipass command now accepts a new dryrun parameter. If set to true, the command is executed but only searches for authenticators and authenticator instances that match the strategy without deleting any data.

An overview of the items that would be deleted is stored in the status information of the respective server task when completed. The server task also generates a CSV report to provide a complete and detailed summary of the items that would be deleted. That report can be downloaded via the reportfiledownloadmtom command.

The digipassQuery command now accepts new attributes to refine queries and filter the results based on the last authentication time. The new DIGIPASSFLD_FROM_LAST_AUTH_TIME and DIGIPASSFLD_TO_LAST_AUTH_TIME attributes allow to find all authenticators that where used after/before a specific time, respectively, or within a specific time range. The new DIGIPASSFLD_NOT_AUTHENTICATED attribute allows to find all authenticators that where never used before at all (and have no last authentication time set).

The reporting system has been enhanced in several ways:

• You can now natively create CSV reports for list analysis reports using a new built-in CSV report format. To do so, the REPORTFLD_FORMAT_NAME attribute can now also be set to the pre-defined value CSV. The new report format is especially useful if you need create very large reports (1 GB or bigger).

• Two new report file attributes were introduced: the REPORTFILEFLD_CONTENT_TYPE attribute specifies the report file MIME type and the REPORTFILEFLD_FILENAME attribute is the report file name that is automatically generated when a report is run. These attributes are returned by the reportFileQuery command .

• The reportExecute:REPORTCMD_RUN command now returns the report file name (REPORTFLD_REPORT_FILE_NAME) and the ID of the server task that created the report file (REPORTFLD_TASK_ID).

• The report attachment content ID when downloading a report file with the reportfiledownloadmtom command is now always set as report@onespan.com.

EMV-CAP is no longer supported, and its functionality has been completely removed. Any references to EMV-CAP in the code base and the documentation have been removed. The specific SOAP commands related to EMV-CAP authentication are kept as stubs for backward-compatibility reasons only, however, if you attempt to use them, you will receive an EMV not supported error. Note that the API SOAP command stubs may be removed in a future release without prior notice.

The PDF documentation has been completely removed from the OneSpan Authentication Server SDK product deliverable. You can view the OneSpan Authentication Server SDK user documentation exclusively online on the OneSpan documentation portal, available at https://docs.onespan.com/sec/docs/onespan-authentication-server-sdk.

Note that the SDK documentation covers both, the OneSpan Authentication Server SDK and the OAS Authentication SDK. The content is appropriately tagged to indicate which SDK it applies to.