Authenticating Signers
  • 15 Jan 2025
  • 11 Minutes to read
  • Dark
    Light
  • PDF

Authenticating Signers

  • Dark
    Light
  • PDF

Article summary

Java SDK.NET SDKREST APIAPEX SDK

Java SDK

To download the full code sample see our Code Share site.

To add an extra layer of security to your online transactions, OneSpan Sign offers robust and flexible recipient-authentication options. Specifically, you can select various ways of verifying the identity of the recipient of an invitation to a transaction before they are permitted to access the transaction's documents.

General Authentication refers to tools built into OneSpan Sign that enable you to verify the identity of the recipient through SMS, Email, or a custom Question and Answer format.

Knowledge-Based Authentication (KBA) relies on a third-party KBA provider to perform the authentication. That provider is LexisNexis. .

KBA questions are generated dynamically, based on information in a signer's personal credit report.

KBA authentication can be used in conjunction with any one of the General authentication methods above.

To enable Knowledge-Based Authentication, please contact our Support Team.

Using General Authentication

The code below illustrates how to edit the signer block for each general authentication method. If you need a comparison with basic document-object creation, or if this is your first time creating a package with the Java SDK, see this Creating a Transaction.

.withSigner(
    newSignerWithEmail("first.signer@email.com")
        .withFirstName("First")
        .withLastName("Signer")
        .challengedWithQuestions(
            ChallengeBuilder.firstQuestion("What's your favorite sport?")
                .answer("soccer")
                .secondQuestion("What music instrument do you play?")
                .answer("drums")
        )
)
.withSigner(
    newSignerWithEmail("second.signer@example.com")
        .withFirstName("Second")
        .withLastName("Signer")
        .withSmsSentTo("1234567890")
)

Manually sending an SMS code

A new SMS code is generated and sent each time a signer clicks the email link. If for any reason you need to manually send a new SMS code, you can do so by using PackageService and passing the PackageId and Signer objects as parameters. The following code will do this:

eslClient.getPackageService().sendSmsToSigner(
    packageId,
    retrievedPackage.getSigner(email1)
);

Using KBA

You can also authenticate a signer with KBA. You can also edit the signer block to implement KBA. The following code will do this:

.withSigner(newSignerWithEmail(email1)
                        .withFirstName(FIRST_NAME)
                        .withLastName(LAST_NAME)
                        .challengedWithKnowledgeBasedAuthentication(newSignerInformationForLexisNexis()
                                .withFirstName(FIRST_NAME)
                                .withLastName(LAST_NAME)
                                .withFlatOrApartmentNumber(FLAT_OR_APARTMENT_NUMBER)
                                .withHouseName(HOUSE_NAME)
                                .withHouseNumber(HOUSE_NUMBER)
                                .withCity(CITY)
                                .withZip(ZIP)
                                .withState(STATE)
                                .withSocialSecurityNumber(SOCIAL_SECURITY_NUMBER)
                                .withDateOfBirth(DATE_OF_BIRTH)))

Results

After running your code, if a transaction is sent with signer authentication enabled, your signers will be required to validate their identity using the method specified in the transaction.

With Knowledge Based Authentication, the signer's identity is verified by asking them a series of questions about their personal credit report.

.NET SDK

To download the full code sample see our Code Share site.

To add an extra layer of security to your online transactions, OneSpan Sign offers robust and flexible recipient-authentication options. Specifically, you can select various ways of verifying the identity of the recipient of an invitation to a transaction before they are permitted to access the transaction's documents.

General Authentication refers to tools built into OneSpan Sign that enable you to verify the identity of the recipient through SMS, Email, or a custom Question and Answer format.

Knowledge-Based Authentication (KBA) relies on a third-party KBA provider to perform the authentication. That provider is LexisNexis. .

KBA questions are generated dynamically, based on information in a signer's personal credit report.

KBA authentication can be used in conjunction with any one of the General authentication methods above.

To enable Knowledge-Based Authentication, please contact our Support Team.

Using General Authentication

The code below illustrates how to edit the signer block for each general authentication method. If you need a comparison with basic document-object creation, or if this is your first time creating a package with the Java SDK, see this Creating a Transaction.

.WithSigner(
    SignerBuilder.NewSignerWithEmail("first.signer@example.com")
        .WithFirstName("First")
        .WithLastName("Signer")
        .ChallengedWithQuestions(
            ChallengeBuilder.FirstQuestion("What's your favorite sport?")
                .Answer("golf")
                .SecondQuestion("What music instrument do you play?")
                .Answer("drums")
        )
)
.WithSigner(
    SignerBuilder.NewSignerWithEmail("second.signer@example.com")
        .WithFirstName("Second")
        .WithLastName("Signer")
        .WithSMSSentTo("1234567890")
)

Manually sending an SMS code

A new SMS code is generated and sent each time a signer clicks the email link. If for any reason you need to manually send a new SMS code, you can do so by using PackageService and passing the PackageId and Signer objects as parameters. The following code will do this:

eslClient.PackageService.SendSmsToSigner(
    packageId,
    retrievedPackage.GetSigner(email1)
);

Using KBA

You can also authenticate a signer with KBA. You can also edit the signer block to implement KBA. The following code will do this:

.WithSigner(
    SignerBuilder.NewSignerWithEmail(email1)
        .WithFirstName(FIRST_NAME)
        .WithLastName(LAST_NAME)
        .WithCustomId(signerId)
        .ChallengedWithKnowledgeBasedAuthentication(
            SignerInformationForLexisNexisBuilder.NewSignerInformationForLexisNexis()
                .WithFirstName(FIRST_NAME)
                .WithLastName(LAST_NAME)
                .WithFlatOrApartmentNumber(FLAT_OR_APARTMENT_NUMBER)
                .WithHouseName(HOUSE_NAME)
                .WithHouseNumber(HOUSE_NUMBER)
                .WithCity(CITY)
                .WithState(STATE)
                .WithZip(ZIP)
                .WithSocialSecurityNumber(SOCIAL_SECURITY_NUMBER)
                .WithDateOfBirth(DATE_OF_BIRTH)
                .Build()
        )
)
 .WithDateOfBirth(DATE_OF_BIRTH)
                                        .Build()))

Results

After running your code, if a transaction is sent with signer authentication enabled, your signers will be required to validate their identity using the method specified in the transaction.

With Knowledge Based Authentication, the signer's identity is verified by asking them a series of questions about their personal credit report.

REST API

To download the full code sample see our Code Share site.

To add an extra layer of security to your online transactions, OneSpan Sign offers robust and flexible recipient-authentication options. Specifically, you can select various ways of verifying the identity of the recipient of an invitation to a transaction before they are permitted to access the transaction's documents.

General Authentication refers to tools built into OneSpan Sign that enable you to verify the identity of the recipient through SMS, Email, or a custom Question and Answer format.

Knowledge-Based Authentication (KBA) relies on a third-party KBA provider to perform the authentication. That provider is LexisNexis. .

KBA questions are generated dynamically, based on information in a signer's personal credit report.

KBA authentication can be used in conjunction with any one of the General authentication methods above.

To enable Knowledge-Based Authentication, please contact our Support Team.

Using General Authentication

The code below illustrates how to edit the auth object for each authentication method. If you need a comparison with basic document-object creation, or if this is your first time creating a package with the Java SDK, see this Creating a Transaction.

HTTP Request

POST /api/packages

HTTP Headers

Accept: application/json
Content-Type: application/jsonAuthorization: 
Basic api_key

Request Payload

 {
  "roles": [
    {
      "type": "SIGNER",
      "index": 0,
      "signers": [
        {
          "auth": {
            "scheme": "CHALLENGE",
            "challenges": [
              {
                "answer": "golf",
                "question": "What's your favorite sport?",
                "maskInput": false
              }
            ]
          },
          "email": "mail22@example.com",
          "firstName": "Patty",
          "lastName": "Galant"
        }
      ],
      "name": "Signer1"
    },
    {
      "type": "SIGNER",
      "index": 0,
      "signers": [
        {
          "auth": {
            "scheme": "SMS",
            "challenges": [
              { "answer": null, "question": "+15515584587", "maskInput": false }
            ]
          },
          "email": "mail11@example.com",
          "firstName": "John",
          "lastName": "Smith"
        }
      ],
      "name": "Signer2"
    }
  ],
  "status": "DRAFT",
  "type": "PACKAGE",
  "name": "Signer Authentication Example"
}

For a complete description of each field, see the Request Payload section below.

Response Payload

{
  "id": "9sKhW-h-qS9m6Ho3zRv3n2a-rkI="
}

Manually sending an SMS code

A new SMS code is generated and sent each time a signer clicks the email link. If for any reason you need to manually send a new SMS code, the following code will do this:

HTTP Request

POST /api/packages/{packageId}/roles/{roleId}/sms_notification

HTTP Headers

Accept: application/json
Content-Type: application/json
Authorization: Basic api_key

Using KBA

You can also authenticate a signer with KBA. You can also edit the signer block to implement KBA. The following code will do this:

 {
  "id": "Signer1",
  "index": 0,
  "type": "SIGNER",
  "signers": [
    {
      "email": "john.smith@mailinator.com",
      "firstName": "John",
      "language": "en",
      "lastName": "Smith",
      "id": "Signer1",
      "auth": {
        "scheme": "NONE",
        "idvWorkflow": null,
        "challenges": []
      },
      "knowledgeBasedAuthentication": {
        "signerInformationForLexisNexis": {
          "city": "CALERA",
          "dateOfBirth": "1973-02-02T00:00:00Z",
          "firstName": "John",
          "lastName": "Smith",
          "socialSecurityNumber": "666110007",
          "houseName": "Decarie",
          "flatOrApartmentNumber": "1234",
          "houseNumber": "5678",
          "zip": "35040",
          "state": "AL"
        }
      }
    }
  ],
  "name": "Signer1"
}

Results

After running your code, if a transaction is sent with signer authentication enabled, your signers will be required to validate their identity using the method specified in the transaction.

With Knowledge Based Authentication, the signer's identity is verified by asking them a series of questions about their personal credit report.

Request Payload Table

Property

Type

Editable

Required

Default

Sample Values

status

string

Yes

No

DRAFT

DRAFT / SENT / COMPLETED / ARCHIVED / DECLINED / OPTED_OUT / EXPIRED

type

string

Yes

No

PACKAGE

PACKAGE / TEMPLATE / LAYOUT

name

string

Yes

No

n/a

Signer Authentication Example

roles

type

string

Yes

No

SIGNER

SIGNER / SENDER

index

index

Yes

No

0

0 / 1 / 2 ...

name

string

Yes

No

n/a

Signer1

signers

email

string

Yes

No

n/a

mail22@example.com

firstName

string

Yes

No

n/a

Patty

lastName

string

Yes

No

n/a

Galant

auth

scheme

string

Yes

No

n/a

CHALLENGE / SMS

challenges

answer

string

Yes

No

n/a

golf

question

string

Yes

No

n/a

What's your favorite sport?

/ +15515584587

maskInput

boolean

Yes

No

false

true / false

APEX SDK

To download the full code sample see our Code Share site.

To add an extra layer of security to your online transactions, OneSpan Sign offers robust and flexible recipient-authentication options. Specifically, you can select various ways of verifying the identity of the recipient of an invitation to a transaction before they are permitted to access the transaction's documents.

General Authentication refers to tools built into OneSpan Sign that enable you to verify the identity of the recipient through SMS, Email, or a custom Question and Answer format.

Knowledge-Based Authentication (KBA) relies on a third-party KBA provider to perform the authentication. That provider is LexisNexis. .

KBA questions are generated dynamically, based on information in a signer's personal credit report.

KBA authentication can be used in conjunction with any one of the General authentication methods above.

To enable Knowledge-Based Authentication, please contact our Support Team.

Using General Authentication

The code below shows you how to create a Role Object for each signer authentication method. If you need a comparison with basic document-object creation, or if this is your first time creating a package with the Apex SDK, see this guide.

 ESignLiveAPIObjects.Role role = new ESignLiveAPIObjects.Role(); 
ESignLiveAPIObjects.AuthChallenge firstChallenge = new ESignLiveAPIObjects.AuthChallenge(
    firstQuestionAnswer, 
    false, 
    firstQuestion
); // Question & Answer

ESignLiveAPIObjects.AuthChallenge secondChallenge = new ESignLiveAPIObjects.AuthChallenge(
    secondQuestionAnswer, 
    false, 
    secondQuestion
); // Question & Answer

ESignLiveAPIObjects.AuthChallenge smsAuthentication = new ESignLiveAPIObjects.AuthChallenge(
    null, 
    false, 
    phoneNumber
); // SMS

Manually sending an SMS code

A new SMS code is generated and sent each time a signer clicks the email link. If for any reason you need to manually send a new SMS code, you can do so using the following function encapsulated in the Code Share:

 public void sendSmsToSigner(String packageId, String roleId) 

Using KBA

You can also authenticate a signer with KBA. You can use the two encapsulated functions below to create a role, and add it to an existing transaction. The two functions are used separately for Equifax USA and Equifax CA:

public void createRoleWithKBA_EquifaxUSA(
    String packageId,
    String roleId,
    String firstName,
    String lastName,
    String email,
    String streetAddress,
    String city,
    String zip,
    String state,
    Integer timeAtAddress,
    String driversLicenseNumber,
    String dateOfBirth,
    String socialSecurityNumber,
    String homePhoneNumber
)

public void createRoleWithKBA_EquifaxCA(
    String packageId,
    String roleId,
    String firstName,
    String lastName,
    String email,
    String streetAddress,
    String city,
    String zip,
    String state,
    Integer timeAtAddress,
    String driversLicenseNumber,
    String dateOfBirth,
    String socialSecurityNumber,
    String homePhoneNumber
)

Results

After running your code, if a transaction is sent with signer authentication enabled, your signers will be required to validate their identity using the method specified in the transaction.

With Knowledge Based Authentication, the signer's identity is verified by asking them a series of questions about their personal credit report.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant