Reconciling Missing/Invalid Credentials

If your application receives invalid credentials, or any required credentials are missing, your application's user-interface can prompt the originating user to reconcile the missing/invalid credentials. Users will be able to update the specific credential properties they are entitled to edit:

Users are entitled to edit the user level scoped credential properties that have been configured only for their use, and are not shared by other users. Only their administrator can edit shared user credentials.

Users are never entitled to edit company level scoped credential properties. Only their administrators can edit these.

Here is how you can prompt users to reconcile missing/invalid credentials on your application's user-interface during transaction origination, and receive their updated values:

Step 1: Invoke the JavaScript API's application.performAction("updateCredentials") method

When the credentials you receive from the GET /partner/v2/origins/:id REST API request are missing/invalid, have your back-end report to your application's user-interface, so that it can invoke the JavaScript API's application.performAction("updateCredentials") method:

const ACTION_UPDATE_CREDENTIALS = "updateCredentials"

async function reconcileInvalidCredentials() {
  try {
    const updatedCredentials = await applicationState.applicationObject.performAction(ACTION_UPDATE_CREDENTIALS)

    // Assuming authenticateUser is an asynchronous method for user authentication
    applicationState.identityContext = await authenticateUser(updatedCredentials)
  } catch (error) {


This will present the user with a modal prompt, asking them to update credential values for the properties they are entitled to edit. If there are missing credentials that are required but which the user is not entitled to edit (such as company level scoped credentials), the user will not be able to reconcile the situation, and will be asked to contact their administrator for help.

Step 2: Receive updated credential values

Once the user enters the updated credentials values and commits their updates, the new values will be committed to the EPC platform for future use. Now, whenever the user originates a transaction on the application's user-interface, the updated credential values will be received in all new origins and requests.

The updated credential values will also be immediately returned in the resolved state of the Promise returned by the application.performAction("updateCredentials") method:

 credential-property-id: "updated-credential-property-value",
 credential-property-id: "updated-credential-property-value",

The application's user-interface can use these updated credential values to re-authenticate the user. The user can now initiate a new transaction.


What about headless transaction requests?

When receiving invalid/missing credentials upon servicing a headless (Developer Connect API/automation engine initiated) transaction request, Partner applications will not be able to leverage the JavaScript API and request a user to reconcile the issue, because there is no user interaction involved.

As a best-practice, the application should respond to the transaction request by sending a failed response status, along with authentication error details in the response errors attribute. This error will be presented as an exception to the applicable users in an Encompass application, which they will need to manually reconcile to re-initiate the subject transaction.