Skip to content
On this page

Pass-Through Authentication

There may be scenarios where you want your signing Participant to bypass the AlphaTrust e-Sign™ Password or Registered User Authentication screen because you have already authenticated them in an internal system. To do this, you can encrypt the known credentials (using the API method shown below) and then pass them through with the signing link as additional querystring parameters.


The encrypted string tokens generated by the call to GetParticipantEncryptedCredentials() expire after 20 minutes and using them after this time will result in an authentication error.

//create a new transaction and return the participant signature link/url
var participantSignatureLink = CreateTransactionAndReturnParticipantSignatureLink();

//encrypt the password that you used in creating the participant's authentication
var req = new ParticipantEncryptedCredentialsRequestModel()
    Credentials = new List<object>
        new ParticipantCredentialsModel()
            ParticipantID = 1234567890,  //This gets returned in the CreateTransactions().Transactions[0].Participants[0].ID property
            Password = "1234",
            ExpirationInSeconds = 30
            //Username = "MyUsername"  //Include username also only for Registered User Authentication

var api = new ParticipantsApi(myRestEndpointUrl);
var results = api.GetParticipantEncryptedCredentials(req, apiKey, apiSecret, apiUsername, apiPassword);
if (results.IsSuccessful.Value)
    //add the encrypted credentials to the end of the existing participant signature link
    participantSignatureLink += string.Format("&adx={0}", results.EncryptedCredentials[0].Password);
    //do work...
    //handle error

Using the code above, a normal Participant signature link might look something like this as an example:

The response to the GetParticipantEncryptedCredentials() call's Password and/or Username property would look something like this:



base64 encoding often results in one or two trailing "=" signs as part of the data. This is normal and should be treated as data. Once you create the encrypted strings for the password (and username if applicable), you then add it to the redirection URL after the "?". The encrypted password has the parameter name "adx" (username has the parameter name "udx" if applicable).

So, a modified redirection URL with the "adx" parameter added for password would look like this:

And a modified redirection URL with both the "adx" parameter added for password and the "aux" for username would look like this: