...
- Merchant request an access token with the
signdoc/read_write
scope to (i.e. client credentials grant) to be used in request to the SignDoc resource server. - Merchant creates and uploads the sign order by sending a request to the SignDoc resource server and receives a reference, i.e.
sign_id
. The signing transaction is initiated by adding the
sign
scope and thesign_id
reference as query parameters to the authorization request.- End user performs the signing using the BankID web client (netcentric).
- Merchant downloads the signing result from the SignDoc resource server.
Info |
---|
Sign order expiration time The sign order will expire in 90 seconds after it is created if user signing is not initiated (i.e. request to authorization endpoint). The timeout for the sign order when user is signing is determined by the timeoutSeconds (default 1800 seconds) specified when the order was uploaded. After the user has signed the order, the sign order will be valid for another 90 seconds before it expires. |
...
Requests to the SignDoc resource server requires an access token with the signdoc/read_write
scope.
The access token can be retrieved using the client credentials grant. See Access Tokens sign for more details.
...
Key | Type / Description | Example JSON | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
signProperties (required) | JSON object:
| "signProperties": { | ||||||||||||||||||||||||||||||||||||||||||||||||
padesSignProperties | JSON object:
| "padesSignProperties": { | ||||||||||||||||||||||||||||||||||||||||||||||||
documents | JSON array of documents to be signed (minimum one). The document to be signed is represented as a JSON object:
| "documents": [ "description": "My document", | ||||||||||||||||||||||||||||||||||||||||||||||||
resultContent (required) | JSON array of string. Must contain at either "padesSignedPdf" or "padesAppendix" or both. The string values will determine the content result when retrieving a completed sign order later:
See result specifiers in the PAdES section in Scopes and claims for details. | ["padesSignedPdf", "padesAppendix", "documentHash"] |
...
DELETE [signdoc-baseurl]/signdoc/pades?sign_id=4120de56-4391-4e5a-adea-a28e62daac7e |
Multiple end user signatures in the same envelope
Multiple end user signatures in the same envelope is supported through serial signing. In serial signing, the order of the signatories matters because any signatures that already exists in the document are part of the data that is signed over. The output from one signing session is used as input for the next. That means that the signed document is uploaded to the SignDoc resource server, the merchant receives a new sign_id
and initiates a new signing session with this sign_id
for the next end user to sign and then downloads the document with multiple end user signatures. For any signature sessions following the first, you would like to set endUserOnly
to true
for all documents when uploading the order to the SignDoc resource server to prevent multiple merchant signatures.