Signing API

An Access Token is required to authorize all API requests, as explained at the following link:

DIGITAL SIGNATURE REQUEST

REST service specs:

Method: POST
URL: {viafirma_fortress_url}/api/v1/signature

Security:

Authorization: Bearer {access_token}

Where:

viafirma_fortress_url: URL of the Fortress implementation, for example https://sandbox.viafirma.com/fortress or https://fortress.viafirma.com/fortress

Sample Request

Method: POST
URL: {viafirma_fortress_url}/api/v1/signature

Security Header: Authorization: Bearer 0b79bab50daca910b000d4f1a2b675d604257e42

Request Params

The request body contains information such as signature format, document to be signed, etc.

application/json format is used:

{
  "signatureConfigurations": [
    {
      "ref": "#1",
      "document": {
        "bytesB64": "JVBERi0xLjMKJcTl8uXrp/Og0MTGCjQ...",
        "name": "contract.pdf"
      },
      "signatureType": "PADES_LTA",
      "signatureAlgorithm": "RSA_SHA256",
      "packaging": "ENVELOPED",
      "reason": " test PAdES signature ",
      "padesConfiguration": {
        "stamper": {
          "csvPath": "http://<someURL>/v#",
          "logoB64": "iVBORw0KGgoAAAANSUhEUgAAAWYAAABsCAYAAABZyhj...",
          "page": 1,
          "type": "QR_BARCODE128",
          "xAxis": 80,
          "yAxis": 700
        }
      }
    }
  ]
}

Note: params for padesConfiguration, xadesConfiguration, tsa and policy are described later.

Where:

Param	Type	Desc
userCode	string	OPTIONAL, used to to specify the signer user. If null, user will be requested to authenticate before signing.
certificateCode	string	OPTIONAL, used to specify which certificate will be used to sign. If null, user will be requested to select any of the active certificates belonging to the user.
certificatePassword	string	OPTIONAL, used to specify which certificate password will be used to sign, this field is only allowed for the unattended signature.
multifactorAuth	boolean	OPTIONAL, if true , forces the use of 2 authentication factors.
async	string	Set value to `true` for asynchronous execution.
callbackUrl	string	Fortress will do a POST with the final status to the specified URL after a asynchronous execution.
certificateFilter	string	Attributes by which to filter the certificate. Enter which filters you want the certificate to meet to be used.
signatureConfigurations/document/name	string	Name of the document to be signed
signatureConfigurations/document/bytesB64	string	Document to be signed (Base64)
signatureConfigurations/document/url	string	URL of document to be signed
signatureConfigurations/signatureType	string	Signature format: - `CADES_B` - `CADES_T` - `CADES_LT` - `CADES_LTA` - `PADES_B` - `PADES_T` - `PADES_LT` - `PADES_LTA` - `XADES_B` - `XADES_T` - `XADES_LT` - `XADES_LTA` - `PKCS1`
signatureConfigurations/signatureAlgorithm	string	signature algorithm: - `RSA_SHA1` - `RSA_SHA224` - `RSA_SHA256` - `RSA_SHA384` - `RSA_SHA512`
signatureConfigurations/packaging	string	signature type: - `ENVELOPED` - `ENVELOPING` - `DETACHED`
signatureConfigurations/reason	string	OPTIONAL, signature reason
signatureConfigurations/location	string	OPTIONAL, signature location
signatureConfigurations/ref	string	OPTIONAL, if present, his value will be returned in the signature certificateRequestEntity.

Si se informa una URL y la firma se realiza de forma asíncrona, al finalizar la firma Fortress realiza una petición POST a dicha URL con el estado final de ejecución. |

Configuración de los filtros de certificados

Esta configuración hace que a la hora de firmar, el usuario solo pueda firmar con los certificados que cumplan todos los requisitos.

{
  "certificateFilter": {
    "issuer.cn": [
      "AC FNMT Usuarios"
    ],
    "subject.cn": [
      "ZAMORANO DE EJEMPLO JOSE LUIS - 71121212M"
    ],
    "subject.serialnumber": [
        "99999999R",
        "71121212M"
    ],
    "oid": [
      "2.5.29.14",
      "2.5.29.15"
    ]
  }
}

Podemos filtrar de varias formas.

Parámetro	Tipo	Descripción
oid	List - String	List of oids that the certificate must have to be valid
serialnumber	List - String	List of serialnumber that the certificate must have to be valid
issuer.C	Single list - String	(Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) CountryName -> ES
issuer.OU	Single list - String	(Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) OrganizationalUnit -> Ceres
issuer.CN	Single list - String	(Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) CommonName -> AC FNMT Usuarios
issuer.O	Single list - String	(Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) Organization -> FNMT-RCM
subject.SURNAME	Single list - String	(Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) Surname -> ZAMORANO DE EJEMPLO
subject.C	Single list - String	(Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) CountryName -> ES
subject.SERIALNUMBER	Single list - String	(Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) Serial number -> IDCES-71121212M
subject.CN	Single list - String	(Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) CommonName -> ZAMORANO DE EJEMPLO JOSE LUIS - 71121212M
subject.GIVENNAME	Single list - String	(Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) Givenname -> JOSE LUIS

PAdES Configuration

Params only applicable to signatureType PAdES (PAdES B, PAdES T, PAdES LT, PAdES LTA).

"padesConfiguration": {
    "stamper": { }
}

The stamper object is optional, and it defines a visual stamp associated with the signature PAdES.

{
  "stamper": {
    "csvPath": "https://sandbox.viafirma.com/fortress/v#",
    "imageB64": "JVBERi0xLjMKJcTl8uXlRU9GC...",
    "logoB64": "JVBERi0xLjMKJcTl8uXlRU9GC...",
    "page": 1,
    "rotation": "ROTATE_90",
    "textLine1": "Sample line 1",
    "textLine2": "Sample line 2",
    "textLine3": "Sample line 3",
    "type": "QR_BARCODE128",
    "xAxis": 100,
    "yAxis": 100
  }
}

Param	Type	Desc
stamper/csvPath	string	public URL for validating signed documents
stamper/xAxis	int	Stamper position on PDF; X-coordinates
stamper/yAxis	int	Stamper position on PDF; Y-coordinates
stamper/width	int	OPTIONAL. Stamper width
stamper/height	int	OPTIONAL. Stamper height
stamper/imageB64	string	Stamper watermark (Base64)
stamper/imageUrl	string	Stamper watermark (URL)
stamper/logoB64	string	Logo to be printed (Base64)
stamper/page	int	Page number where stamper will be embedded. Value `-1` for last page, `0` for all pages.
stamper/rotation	string	OPTIONAL. Rotation degrees: - `ROTATE_90` - `ROTATE_270`
stamper/textLine1	string	OPTIONAL. Text included in the stamper (line 1).
stamper/textLine2	string	OPTIONAL. Text included in the stamper (line 2).
stamper/textLine3	string	OPTIONAL. Text included in the stamper (line 3).
stamper/type	string	Stamper type: - `PDF417` - `QR_BARCODE128` - `QR` - `BARCODE128` - `IMAGE` - `TEXT` - `QR_NO_TEXT` - `QR_SCALED` - `CUSTOM_TEXT` - `QR_REDUCED` - `CSV` - `CSV_QR` - `IMAGE_TEXT` - `DEFAULT`
stamper/timeZoneId	string	Set the Time Zone. for stamper date to be printed

XAdES Configuration

Params only applicable to signatureType XAdES (XAdES B, XAdES T, XAdES LT, XAdES LTA)

{
  "signedInfoCanonicalizationMethod": "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
  "signedPropertiesCanonicalizationMethod": "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
  "xPathLocationString": "//book[@id='bk101-1']",
  "claimedSignerRoles": [
    "role1",
    "role2"
  ],
  "transformAlgorithms": [
    "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
  ],
  "dssReferenceUri": "http://dsa-reference.example.com/"
}

Where:

Param	Type	Desc
signedInfoCanonicalizationMethod	string	Canonicalization Method of node `signedInfo`
signedPropertiesCanonicalizationMethod	string	Canonicalization Method of node `signedProperties`
xPathLocationString	string	XPath of ID node (XML) to be signed
claimedSignerRoles	array	Signer role
transformAlgorithms	array	Transform Algorithm of signed node: - `"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"` - `"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"` - `"http://www.w3.org/2001/10/xml-exc-c14n#"` - `"http://www.w3.org/2001/10/xml-exc-c14n#WithComments"` - `"http://www.w3.org/2006/12/xml-c14n11"` - `"http://www.w3.org/2006/12/xml-c14n11#WithComments"` - `"http://santuario.apache.org/c14n/physical"`
dssReferenceUri	string	ID node (XML) to be signed

TSA Configuration

TSA configuration is mandatory if a signature format that requires timestamp is used:

{
  "url": "http://tsa.example.com/",
  "user": "tsa_user",
  "password": "tsa_pass",
  "type": "USER",
  "certificateCode": "tsa_certificate_code"
}

Param	Type	Desc
type	string	Authentication type: `USER` `CERTIFICATE` `CERTIFICATE_TLS` of `URL` (if authentication is not required)
user	string	OPTIONAL. Only when `USER` `type` is used
password	string	OPTIONAL. Only when `USER` or `CERTIFICATE` or `CERTIFICATE_TLS` `type` is used
url	string	TSA url
certificateCode	string	OPTIONAL. Only when `CERTIFICATE` or `CERTIFICATE_TLS` `type` is used

POLICIES Configuration

Only applicable to XAdES EPES format; a Signature Policy can be defined:

{
  "id": "102039485-10283757-102837575",
  "description": "Sample policy",
  "digestAlgorithm": "SHA256",
  "digestValueB64": "JVBERi0xLjMKJcTl8uXlRU9GC",
  "url" : "https://sample/lorem_ipsum_dolor_sit_amet.pdf",
  "contentHintsDescription": "Lorem ipsum dolor sit amet",
  "contentHintsType": "Lorem ipsum dolor sit amet"
}

<<<<<<< HEAD | Param | Type | Desc | |-----------------------------|----------|-------------------------------------------------------------------------------------------------------------------------------| | id | string | Policy id | | description | string | Policy description | | digestAlgorithm | string | Cipher Algorithm:
- SHA1
- SHA224
- SHA256
- SHA384
- SHA512
- RIPEMD160
- MD2
- MD5 | | digestValueB64 | string | Policy Digest value (Base64) | | contentHintsDescription | string | Help Description |

| contentHintsType | string | Help content type |

Param	Type	Desc
id	string	Policy id
description	string	Policy description
digestAlgorithm	string	Cipher Algorithm: - `SHA1` - `SHA224` - `SHA256` - `SHA384` - `SHA512` - `RIPEMD160` - `MD2` - `MD5`
digestValueB64	string	Policy Digest value (Base64)
url	string	The SpURI (signature policy qualifier). The spURI qualifier will contain a URL value where a copy of the signing policy document can be obtained.
contentHintsDescription	string	Help Description
contentHintsType	string	Help content type

26367b52051e0e30d23d28b90480e0e025b5537d

Response

Response in application/json format:

{
  "authCode": "1aeb979ddcf247e9ad46ee73e19a326d",
  "exeCode": "f116305e7f7c44f3a29385028c5374ba"
}

Where:

Param	Type	Desc
authCode	string	Authorization code
exeCode	string	Execution code

API Errors

Errors are returned using application/json format:

{
  "error": "error_code",
  "error_description": "error_description"
}

Where:

Param	Type	Desc
error	string	Error code
error_description	string	Error description

Errors:

Error code	Error desc
invalid_request	Bad request. Incorrect of insufficient request params. (HTTP Status: 400)
invalid_token	Invalid `access_token` (HTTP Status: 401)
user_not_found	Incorrect or inactive user (HTTP Status: 404)

USER AUTHENTICATION AND CERTIFICATE SELECTION

Please review the following User Authentication and Signature Authorization section to find more details.

SIGNATURE EXECUTION

REST service specs:

Method: POST
URL: {viafirma_fortress_url}/api/v1/signature/{executionCode}/execute

Where:

viafirma_fortress_url: URL of the Fortress implementation, for example https://sandbox.viafirma.com/fortress or https://fortress.viafirma.com/fortress
executionCode: authorization code returned by signature request method

Sample Request

Method: POST
URL: {viafirma_fortress_url}/api/v1/signature/f116305e7f7c44f3a29385028c5374ba/execute

Params

The request body must be an empty JSON:

{
}

Sample Response

[
  {
    "bytesB64": "a910b000d4f1a2b...",
    "signatureCode": "e2470412-33cc-467a-b357-880fe621920f",
    "mimeType": "application/pdf",
    "ref": "#1"
  },
  ...
]

Where:

Param	Type	Desc
bytesB64	string	Signed document (Base64). In case of asynchronous signature it will be empty and the signed document must be downloaded using the obtained `signatureCode`.
signatureCode	string	Signature ID
mimeType	string	MIME type
ref	string	It have the same value if present in the signature request

API Errors

{
  "error": "error_code",
  "error_description": "error_description"
}

Where:

Param	Type	Desc
error	string	Error code
error_description	string	Error description

Errors:

Error code	Error desc
invalid_request	Bad request. Incorrect on insufficient params. (HTTP Status: 400)
invalid_token	Invalid `access_token` (HTTP Status: 401)
user_not_found	Invalid or inactive user (HTTP Status: 404)
certificate_not_found	The certificate is not inactive or authorized, or has not been found (HTTP Status: 404)
signature_error	Problems found in signature process (HTTP Status: 500)

DOWNLOAD SIGNED DOCUMENT

Download signed document.

Service specs:

Method: GET
URL: {viafirma_fortress_url}/api/v1/signature/download/{signature_code}

Where:

viafirma_fortress_url: URL of the Fortress implementation, for example https://sandbox.viafirma.com/fortress or https://fortress.viafirma.com/fortress
signature_code: signature code returned by fortress in the signature execution service

Sample Request

Method: GET
URL: {viafirma_fortress_url}/api/v1/signature/download/C0XJ-XOAK-OF1O-TYJ7-S164-3197-3571-05

Response

Document in application/octet-stream format.

API Errors

{
  "error": "error_code",
  "error_description": "error_description"
}

Where:

Param	Type	Desc
error	string	Error code
error_description	string	Error description

Errors:

Error code	Error desc
document_not_found	Signed document ID not found (HTTP Status: 404).

results matching ""

No results matching ""