OneSpan Developer: Intelligent Adaptive Authentication Sandbox API Intro

Hakim Aldaoub,

The Intelligent Adaptive Authentication (IAA) Sandbox API allows developers to integrate OneSpan solutions, including Intelligent Adaptive Authentication, Risk Analytics, and OneSpan Cloud Authentication, within their web and mobile products to better detect fraud and improve the user experience. You can use the IAA Sandbox API to manage users, validate events, assign authenticators, provision devices, and much more.

To make integration easier, all the services in the IAA Sandbox adhere to REST architecture. In addition, there is an interactive API page with OpenAPI Swagger Documentation. It has examples to help you understand each of the services and build your JSON payloads in order to explore the different endpoints. In this blog, we will review how to access the interactive API page and use the Open API Swagger documentation.

Join the OneSpan Community:

Prior to exploring the Interactive API, you must be a OneSpan Community member and sign up for a free IAA sandbox account. Check out our previous blog ”OneSpan Cloud Solutions In Action - MyBank Web Portal Demo, Part I” to learn how to do so.

Access the Adaptive Authentication Interactive API

First, log into the OneSpan Community webpage. Then from the navigation bar in the top right corner, hover over the dropdown menu which is displaying your user name, then click on “Sandbox” which will direct you to your Sandbox account details page.


From the Sandbox details page, click the link labelled “Adaptive Authentication interactive API” as seen in the screenshot below. This will take you to the OpenAPI Swagger Interactive API webpage.


Upon clicking the link above, you will take you to the OpenAPI Swagger Interactive API webpage shown below.


The Interactive Swagger API Page:

In the Interactive API page, the endpoints will be grouped by resources. For example, the authenticator resource will encompass the endpoints to query, assign, unassign, and all endpoints to handle authenticators as seen below. In the same way, the other resources will contain their related endpoints grouped together in a logical approach. 


The full list of available resources in the interactive API includes:
•    Authenticators
•    Bulkfile Upload
•    Device Commands
•    Events
•    Provisioning
•    Sessions
•    Transactions
•    Users
•    Visual Codes

Each endpoint in the API is marked by its HTTP method, whether Get, Post, Put, Delete, or Patch. These endpoints can then be tested from within the IAA interactive API. Also, the OpenAPI Swagger editor gives you the option to conveniently edit the URL path parameters with a description for each of these parameters. This function is shown in the screenshot below. Each of these parameters will be marked with an asterisk when it is required for each endpoint. 


In addition, the interactive API will present the expected structure and examples for 

•    The JSON request body for each endpoint


•    The JSON response body for each endpoint


•    The expected response code for either a successful or an erroneous webservice call. For instance, an example of a 200 response code which indicates a successful request or an example of 400 response code which indicates an input data error.


The Interactive API Schemas

One of the most important sections of the interactive API is the Schema section. Inside you will find all the attributes that can be utilized for every single endpoint. They will be listed along with their data types and an example for each of the data fields. You will notice that the required attributes are marked with a red asterisk. If an attribute lacks the asterisk, it is an optional attribute, which is unnecessary to provide when it is not needed in the request body.


Learn More on the Community Portal Forums

This blog post was an introduction to the IAA Sandbox API. We have seen how the Interactive API page is structured with an example template for each endpoint call, how the endpoints are grouped into resources, and how to explore the data fields’ schema. In upcoming blogs, we will explore each of the endpoints individually. Meanwhile, if you have any question, please reach us on the Community Portal Forums.


OneSpan Developer Community

OneSpan Developer Community

Join the OneSpan Developer Community! Forums, blogs, documentation, SDK downloads, and more.

Join Today