Unauthorized 401 error for CallBack Failure

Hi Ankit,

Thanks for your post! If I understand your scenario correctly, you are integrating with OneSpan Sign Apex SDK from salesforce, and you want to monitor the callback events as well? If that's the case, have you followed my blog series on how to register an OAuth2 app in salesforce and configures OSS callback :
https://www.onespan.com/blog/onespan-sign-developers-oauth-event-notification-salesforce-part-1

https://www.onespan.com/blog/onespan-sign-developers-oauth-event-notification-salesforce-part-2

https://www.onespan.com/blog/onespan-sign-developers-oauth-event-notification-salesforce-part-3

Few noteworthy points I'd like to highlight:
(1)In Part2, it describes how to update the OneSpan Sign Callback service, it's not the callback you've specified in UI, please remove that from UI and follow the guide with a different API endpoint

(2)In order to trigger this callback versus the regular callback, you need to explictly set the “data” > “origin” : “OSS” in the transaction JSON. This could require you to modify the SDK source code a bit:
OneSpanAPIObjects.cls: line 244
        public Data()
       {
           origin = 'OSS';
           sdk = 'Apex v1.0';
       }

Let me know how it works for you.

Duo

Hi Duo, 

We have modified OneSpanAPIObjects class to change the Origin from Salesforce to OSS but for the first point that you mentioned when we are utilizing POST /api/callback with below payload:
 

Please note that we have generated Base64 Encoded Key using: 

String inputString = '{"host": "test.salesforce.com","client_id": "3MxxxxY9.g==","refresh_token": "5AexxxxxxoK"}';
Blob binaryData = Blob.valueOf(inputString);
String base64String = EncodingUtil.base64Encode(binaryData);
system.debug('Base 64 - '+base64String);

{
 "url": "https://xxxx.sandbox.my.salesforce.com/services/apexrest/OSS/callback",
 "events": ["DOCUMENT_SIGNED","EMAIL_BOUNCE","KBA_FAILURE","PACKAGE_ACTIVATE","PACKAGE_ARCHIVE","PACKAGE_ATTACHMENT","PACKAGE_COMPLETE","PACKAGE_CREATE","PACKAGE_DEACTIVATE","PACKAGE_DECLINE","PACKAGE_DELETE","PACKAGE_EXPIRE","PACKAGE_OPT_OUT","PACKAGE_READY_FOR_COMPLETE","PACKAGE_RESTORE","PACKAGE_TRASH","ROLE_REASSIGN","SIGNER_COMPLETE","SIGNER_LOCKED","TEMPLATE_CREATE"],
 "key": "eyJxxxxyJ9"
}

It registered successfully and added it on UI but we are still facing below error for each event notification:

URL: 

Payload: {"@class":"com.silanis.esl.packages.event.ESLProcessEvent","name":"PACKAGE_CREATE","sessionUser":"U5HU2N7UHN8U","packageId":"2ZpiA7uVoxVWnn0XgEdfzLQpqDM=","message":null,"documentId":null,"createdDate":"2024-03-07T11:39:57.402Z"} 

Reason(s): status code: 401, reason phrase: 401: Unauthorized 

URL: 

Payload: {"@class":"com.silanis.esl.packages.event.ESLProcessEvent","name":"PACKAGE_ACTIVATE","sessionUser":"U5HU2N7UHN8U","packageId":"2ZpiA7uVoxVWnn0XgEdfzLQpqDM=","message":null,"documentId":null,"createdDate":"2024-03-07T11:39:59.280Z"} 

Reason(s): status code: 401, reason phrase: 401: Unauthorized 

Thanks,

Ankit

Hi Ankit,

Are you developing with a US2 sandbox account with email of "[email protected]"? I've checked your account settings and seems the callback service wasn't registered successfully. I disabled your regular callback and enabled the connector callback for your account, can you try now and let me know if it works for you?

Duo

Hi Duo,

I guess it is US2 Sandbox and email address is correct. I didn't check your response and hit the POST /api/callback one more time. This has added Callback URL and Key once again. 

We have enabled the debug log and cleared the Callback URL and Key from UI. If you have enabled the callback connector for our account then how our rest API endpoint can listen to the callback events. 

As event notification on Sandbox Integration UI is reset now. How would we test it if it works?

Thanks,

Ankit

Hi Ankit,

Please use this GET call to double check your callback settings (instead of from UI):

GET /api/callback/connectors/salesforceOauth2

From what I can see, your account has been properly set up, please go ahead and create a transaction from APEX code and see if callback hits your listener.

Duo

Hi Duo,

We have used API Endpoint methodGET /api/callback/connectors/salesforceOauth2 and it worked fine. Also enabled the debug log for Callback listener apex class and it worked.

Where did you enable for callback connector for our account?

Thanks,

Ankit 

Hi Ankit,

I did it from the backoffice, actually it should do the same as you invoke POST call, but it wasn't there when I checked your account. Let me test in my own account and let you know.

Dispite of that, when you go live to production, please reach out to support team directly ([email protected]) and ask to import the similar setup to your production account. 

Duo

Quick update - the POST call to update connector callback service works for my Sandbox account.

Duo

Hi Duo, 

Thank you, all of your suggestion helped us to work in different Sandboxes. We went live yesterday, could you please help us to register the Callback for US1 PROD for [email protected] account?

Also, we registered callback in multiple sandboxes using Onespan Swagger - OneSpan Sign Sandbox | OneSpan Community Platform. How I can register it for Production environment?

Thanks,

Ankit

Hi Ankit,

To set up Production account, please fill in an official support ticket ([email protected]) with your request.

To use swagger against production environment, you have to:
-either download the yaml file, modify the service URL, then load it in another swagger tool

-or use a REST API tool instead, like Postman 

Because this can also be configured via backoffice, you can also ask our support agent to specify the settings for you.

Duo

Hi Duo,

We have reached out to OneSpan Support team and they confirmed that Callback is registered successfully for US1 PRD for [email protected] account. We are also able to receive 200 – OK response when working with GET /api/callback/connectors/salesforceOauth2 but it seems Callback is not registered with Onespan or some other issue.

We enabled the Debug Log for Callback Listener Apex Class as well and no logs generated for Apex Class. Customer will start signing NDA document from tomorrow. Could you please confirm if we are missing any steps or Configuration is pending for Prod?

Thanks,

Ankit