Skip to main content
Veeva Support EU Holiday: Mar 15th - Limited staff, please plan accordingly



Welcome to Community

Securely Passing Veeva vault session id to external API from a Veeva notification message




  • Official comment
    Isak Thomas


    Sending the session id as a query parameter is not secure and is not supported. There are two ways you can handle the session id.

    The first is using a web tab and using postMessage to send the session id to an external URL.

    The second is sending the session id in a Spark message to an external endpoint. This would require the middleware to create an email notification.

  • Pavan Kamat

    Thank you Thomas for responding. We have explored the options suggested by you. 

    Spark messaging and Job Operations are not suitable for our requirement, as we need to call an external API  based on user action.

    We have explored the Web Tab approach. Web Tab is always getting displayed to user. Is it possible to Show/Hide the tab dynamically based on user action?

    Web tab should only be visible when user clicks on the Hyperlink present in the Veeva Notification message. Once user action is performed on the External URL, web tab should no longer be visible.


    • A custom Web Tab is created.
    • Notification is triggered using Veeva SDK Notification Service and the notification text contains the web tab address (https://{{vaultDNS}}/ui/#t/{{webTabId}}?queryParam=stringValue)
    • When User clicks on the notification hyperlink, user is redirected to the Web tab page and can perform the required action through the external api.

    Created below web tab

           Following Notification message is triggered on update of a custom object data by using Veeva Vault SDK Notification Service.                        


    On clicking the Notification message hyyperlink ( Click to Sign ), external API is invoked and user is prompted to ESign the document.


  • Pavan Kamat


    As mentioned in my previous comment, the Web Tab (named 'Test Esign' in my screenshots above) is always getting displayed to the user. Is it possible to Show/Hide the tab dynamically based on user action? It should be hidden by default and it should show up only when the user clicks on the notification hyperlink to the web tab(https://{{vaultDNS}}/ui/#t/{{webTabId}}?queryParam=stringValue). user should be redirected to the Web tab page and can perform the required action through the external api.



  • Isak Thomas

    Dynamically controlling access to a web tab is not supported.

    Another solution you can use that supports postMessage, is a web section on an object page layout.

    The section will always be present, similar to a web tab, but it may be more suitable aesthetically. 

  • Pavan Kamat

    Hi Isak,


    Thanks for all your help on this issue this far. We just have one final question and hoping you can help us out here.

    We have implemented it using a custom user task & Web Action. User clicks on this task to navigate the object page. Then executes the Web Action to make an external API call.


    Veeva SDK Record Trigger(BEFORE_UPDATE, BEFORE_INSERT) is used to create  a new task record for a custom user task object and update the current record field with this newly created task id.

    The Custom User task object (Object Class : User Task) inherits the default base User Task object (user_task__v).

    List<Record> recordList = VaultCollections.newList();
      RecordService recordService = ServiceLocator.locate(RecordService.class);
      RecordBatchSaveRequest.Builder recordSaveRequestBuilder =
      Record r = recordService.newRecord(OBJECT_AS_AGREEMENT_ACTION);
      r.setValue(FIELD_NAME, agreementName);
      r.setValue(FIELD_AS_AGR_ACTION_ASSIGNED_TO, participantVaultUserId);
      r.setValue(FIELD_AS_AGR_ACTION_AGREEMENT_ID, agreementId);
      r.setValue(FIELD_AS_AGR_ACTION_LINK_SYS, senderName);
      RecordBatchSaveRequest saveRequest =;
      if (recordList.size() > 0) {
            .onSuccesses(positionalRecordIds -> {
              Optional<PositionalRecordId> firstRecord =;
    if (firstRecord.isPresent()) {
                PositionalRecordId recordId = firstRecord.get();
                // Update the current participants record
    newRecord.setValue(OBJECT_AS_AGREEMENT_ACTION, recordId.getRecordId());
            .onErrors(batchOperationErrors -> {
     -> {
                String errMsg = error.getError().getMessage();
                int errPosition = error.getInputPosition();
                String name = recordList.get(errPosition).getValue("name__v", ValueType.STRING);
                String message = "Agreement Id - "+ agreementId +  " : Unable to create '" +
                    recordList.get(errPosition).getObjectName() + "' record: '" +
                    name + "' because of '" + errMsg + "'.";

    My Tasks page (Home > My Tasks ) is displaying all the tasks created through SDK code given above &   task name is being displayed as  hyperlink as shown below:

    Our question is - Is it possible to  append non-hyperlink text to this User Task name like “This task <<Hyperlink of task>> has been assigned to you by xyz person, please sign” in order to give a short instruction/description to the user?

  • Isak Thomas

    This is not supported in Vault in general. The end user will have to navigate to the User Task record and view the description on the record. Though, you can customize the notification that gets sent out when you assign a task.


Please sign in to leave a comment.

Powered by Zendesk