▲ Top

Getting Started

The following sections should help you to get started with your integration:

Overview of the Signing Process

The following figure provides an overview of OneSpan Sign's signing process, including the interactions between the OneSpan Sign Application, your Web Application, and an end-user's browser.

The above figure applies to the Java SDK, .NET SDK, and REST API.

Connecting to OneSpan Sign Servers

To use the OneSpan Sign service, you must connect to a OneSpan Sign server. The following sections explain how to do so:

Environment URLs

You must provide the URL of a OneSpan Sign server.

If you are exploring the system or performing tests, you can connect to our Sandbox environment. Alternatively, if you have completed your integration with our system and want to launch your product, you can connect to our Production environment.

Sandbox Accounts are not equivalent to Production Accounts. To connect to the OneSpan Sign Production Environment, you must purchase a Production Account.

For more information on which Environment URLs you should use to connect to, and which IP addresses need to be whitelisted to do so, see Environment URLs & IP Addresses.


Customers who wish to communicate with OneSpan Sign software can do it via REST API calls from within their own system. These communications are secured via an API key. Every call made to the REST API must provide this API key. If the key is not provided, the call will be refused.

API calls are always specific to a User Account, and a caller cannot modify information unrelated to their account. The code enforces this via access-rights verifications.

All calls made to the REST API with an API key are deemed to have been done on behalf of the User Account for which the API key was created. Users should protect their API key as they would a password or an Authentication Certificate.

Users can retrieve their API key from their Account Information page. The key is a long string of encrypted data.


  • To view an account's API key, you must be the account owner.
  • If you are in a Production environment, you must have an Integration Production account.


To view your account's API key:

  1. Go to your environment's Login page.
  2. Log in by entering your credentials.

    If you don't have an account, obtain a free Developer account by clicking Sign up on the Login page.

  3. Click your name near the top right, and from the drop-down menu that appears, select Admin. A new page appears.
  4. On the left pane, click Integration. The Integration page appears. The API Key field appears immediately below the title Integration. By default, that key is obfuscated.
  5. To reveal the value of your API key, click the little eye icon to the right of the obfuscated key.

Once you have an Environment URL and an API key, you can instantiate your ESLClient object (as done by the code examples below). All tasks performed using your ESLClient will be done under the authority of your account.

Anatomy of a Document Package

Before you start issuing commands, take a moment to consider the hierarchy of classes that constitute the model of the OneSpan Sign SDKs. The model's top-level class is the DocumentPackage. It contains all the information required to fully specify an e-signature process. Specifically:

A DocumentPackage contains:

  • A sender
  • A set of documents
  • A set of signers
  • Various other parameters (e.g., expiry date, auto-complete)

A document contains:

  • A document's binary content
  • A set of signatures
  • Other additional settings

A signature contains:

  • A set of fields
  • Data specific to a particular signature

By combining all these classes, we can specify an entire DocumentPackage.