Signing API
An Access Token is required to authorize all API requests, as explained at the following link:
DIGITAL SIGNATURE REQUEST
REST service specs:
Method: POST
URL: {viafirma_fortress_url}/api/v1/signature
Security:
Authorization: Bearer {access_token}
Where:
viafirma_fortress_url: URL of the Fortress implementation, for example https://sandbox.viafirma.com/fortress or https://fortress.viafirma.com/fortress
Sample Request
Method: POST
URL: {viafirma_fortress_url}/api/v1/signature
Security Header: Authorization: Bearer 0b79bab50daca910b000d4f1a2b675d604257e42
Request Params
The request body contains information such as signature format, document to be signed, etc.
application/json format is used:
{
"signatureConfigurations": [
{
"ref": "#1",
"document": {
"bytesB64": "JVBERi0xLjMKJcTl8uXrp/Og0MTGCjQ...",
"name": "contract.pdf"
},
"signatureType": "PADES_LTA",
"signatureAlgorithm": "RSA_SHA256",
"packaging": "ENVELOPED",
"reason": " test PAdES signature ",
"padesConfiguration": {
"stamper": {
"csvPath": "http://<someURL>/v#",
"logoB64": "iVBORw0KGgoAAAANSUhEUgAAAWYAAABsCAYAAABZyhj...",
"page": 1,
"type": "QR_BARCODE128",
"xAxis": 80,
"yAxis": 700
}
}
}
]
}
Note: params for padesConfiguration, xadesConfiguration, references,cadesConfiguration, tsa and policy are described later.
Where:
| Param | Type | Desc |
|---|---|---|
| userCode | string | OPTIONAL, used to to specify the signer user. If null, user will be requested to authenticate before signing. |
| certificateCode | string | OPTIONAL, used to specify which certificate will be used to sign. If null, user will be requested to select any of the active certificates belonging to the user. |
| certificatePassword | string | OPTIONAL, used to specify which certificate password will be used to sign, this field is only allowed for the unattended signature. |
| multifactorAuth | boolean | OPTIONAL, if true , forces the use of 2 authentication factors. |
| async | string | Set value to true for asynchronous execution. |
| callbackUrl | string | Fortress will do a POST with the final status to the specified URL after a asynchronous execution. |
| certificateFilter | string | Attributes by which to filter the certificate. Enter which filters you want the certificate to meet to be used. |
| signatureConfigurations/document/name | string | Name of the document to be signed |
| signatureConfigurations/document/bytesB64 | string | Document to be signed (Base64) |
| signatureConfigurations/document/url | string | URL of document to be signed |
| signatureConfigurations/signatureType | string | Signature format: - CADES_B- CADES_T- CADES_LT- CADES_LTA- PADES_B- PADES_T- PADES_LT- PADES_LTA- XADES_B - XADES_T - XADES_LT - XADES_LTA - PKCS1 |
| signatureConfigurations/signatureAlgorithm | string | signature algorithm: - RSA_SHA1- RSA_SHA224- RSA_SHA256- RSA_SHA384- RSA_SHA512 |
| signatureConfigurations/packaging | string | signature type: - ENVELOPED- ENVELOPING- DETACHED |
| signatureConfigurations/reason | string | OPTIONAL, signature reason |
| signatureConfigurations/location | string | OPTIONAL, signature location |
| signatureConfigurations/ref | string | OPTIONAL, if present, his value will be returned in the signature certificateRequestEntity. |
Si se informa una URL y la firma se realiza de forma asíncrona, al finalizar la firma Fortress realiza una petición POST a dicha URL con el estado final de ejecución. |
Configuración de los filtros de certificados
Esta configuración hace que a la hora de firmar, el usuario solo pueda firmar con los certificados que cumplan todos los requisitos.
{
"certificateFilter": {
"issuer.cn": [
"AC FNMT Usuarios"
],
"subject.cn": [
"ZAMORANO DE EJEMPLO JOSE LUIS - 71121212M"
],
"subject.serialnumber": [
"99999999R",
"71121212M"
],
"oid": [
"2.5.29.14",
"2.5.29.15"
]
}
}
Podemos filtrar de varias formas.
| Parámetro | Tipo | Descripción |
|---|---|---|
| oid | List - String | List of oids that the certificate must have to be valid |
| serialnumber | List - String | List of serialnumber that the certificate must have to be valid |
| issuer.C | Single list - String | (Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) CountryName -> ES |
| issuer.OU | Single list - String | (Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) OrganizationalUnit -> Ceres |
| issuer.CN | Single list - String | (Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) CommonName -> AC FNMT Usuarios |
| issuer.O | Single list - String | (Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) Organization -> FNMT-RCM |
| subject.SURNAME | Single list - String | (Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) Surname -> ZAMORANO DE EJEMPLO |
| subject.C | Single list - String | (Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) CountryName -> ES |
| subject.SERIALNUMBER | Single list - String | (Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) Serial number -> IDCES-71121212M |
| subject.CN | Single list - String | (Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) CommonName -> ZAMORANO DE EJEMPLO JOSE LUIS - 71121212M |
| subject.GIVENNAME | Single list - String | (Only one is allowed, starting with version 6.2.5 of Viafirma Fortress, this restriction is removed) Givenname -> JOSE LUIS |
PAdES Configuration
Params only applicable to signatureType PAdES (PAdES B, PAdES T, PAdES LT, PAdES LTA).
"padesConfiguration": {
"stamper": { }
}
The stamper object is optional, and it defines a visual stamp associated with the signature PAdES.
{
"stamper": {
"csvPath": "https://sandbox.viafirma.com/fortress/v#",
"imageB64": "JVBERi0xLjMKJcTl8uXlRU9GC...",
"logoB64": "JVBERi0xLjMKJcTl8uXlRU9GC...",
"page": 1,
"rotation": "ROTATE_90",
"textLine1": "Sample line 1",
"textLine2": "Sample line 2",
"textLine3": "Sample line 3",
"type": "QR_BARCODE128",
"xAxis": 100,
"yAxis": 100
}
}
| Param | Type | Desc |
|---|---|---|
| stamper/csvPath | string | public URL for validating signed documents |
| stamper/xAxis | int | Stamper position on PDF; X-coordinates |
| stamper/yAxis | int | Stamper position on PDF; Y-coordinates |
| stamper/width | int | OPTIONAL. Stamper width |
| stamper/height | int | OPTIONAL. Stamper height |
| stamper/imageB64 | string | Stamper watermark (Base64) |
| stamper/imageUrl | string | Stamper watermark (URL) |
| stamper/logoB64 | string | Logo to be printed (Base64) |
| stamper/page | int | Page number where stamper will be embedded. Value -1 for last page, 0 for all pages. |
| stamper/rotation | string | OPTIONAL. Rotation degrees: - ROTATE_90- ROTATE_270 |
| stamper/textLine1 | string | OPTIONAL. Text included in the stamper (line 1). |
| stamper/textLine2 | string | OPTIONAL. Text included in the stamper (line 2). |
| stamper/textLine3 | string | OPTIONAL. Text included in the stamper (line 3). |
| stamper/type | string | Stamper type: - PDF417- QR_BARCODE128- QR- BARCODE128- IMAGE- TEXT- QR_NO_TEXT- QR_SCALED- CUSTOM_TEXT- QR_REDUCED- CSV- CSV_QR- IMAGE_TEXT- DEFAULT |
| stamper/timeZoneId | string | Set the Time Zone. for stamper date to be printed |
XAdES Configuration
Params only applicable to signatureType XAdES (XAdES B, XAdES T, XAdES LT, XAdES LTA)
{
"signedInfoCanonicalizationMethod": "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
"signedPropertiesCanonicalizationMethod": "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
"xPathLocationString": "//book[@id='bk101-1']",
"claimedSignerRoles": [
"role1",
"role2"
],
"transformAlgorithms": [
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
],
"dssReferenceUri": "http://dsa-reference.example.com/",
"manifestSignature": false
}
Where:
| Param | Type | Desc |
|---|---|---|
| signedInfoCanonicalizationMethod | string | Canonicalization Method of node signedInfo |
| signedPropertiesCanonicalizationMethod | string | Canonicalization Method of node signedProperties |
| xPathLocationString | string | XPath of ID node (XML) to be signed |
| claimedSignerRoles | array | Signer role |
| transformAlgorithms | array | Transform Algorithm of signed node: - "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"- "http://www.w3.org/2001/10/xml-exc-c14n#"- "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"- "http://www.w3.org/2006/12/xml-c14n11"- "http://www.w3.org/2006/12/xml-c14n11#WithComments"- "http://santuario.apache.org/c14n/physical" |
| dssReferenceUri | string | ID node (XML) to be signed |
| manifestSignature | boolean | Optional. If true is indicated, instead of passing the document object, a list of references is provided. |
| hashSignature | boolean | Optional. If true is indicated, the information provided in the Base64 of the document should be the digest of the document, and not the entire document. |
| hashDigestAlgorithm | string | Optional. Algorithm that has been used to obtain the digest of the document. Available values: - 'SHA1' - 'SHA224' - 'SHA256' - 'SHA384' - 'SHA512' |
References
This setting only applies to signatures whose signatureType is of type XADES (XAdES B, XAdES T, XAdES LT, XAdES LTA) and has been indicated to be a signature of type manifest xadesConfiguration.manifestSignature.
{
"uri":"src/test/examples/manifest/a_documento.pdf",
"digestValue":"GQBXsIg1NFp6IYYeAFuH6l7sjLv3FbvnpvvTX6f8ZEEr1TwgOuXFuEl9IVn1hseZJG+S1a6LDhIJcKS1sCfJ/w=="
}
Where:
| Parameter | Type | Description |
|---|---|---|
| uri | boolean | Path or URL where the original document is located. |
| digestValue | string | Digest of the document. |
CAdES Configuration
This setting only applies to signatures whose signatureType is of type CAdES (CAdES B, CAdES T, CAdES LT, CAdES LTA).
{
"hashSignature" : true,
"hashDigestAlgorithm" : "SHA256"
}
Where:
| Parameter | Type | Description |
|---|---|---|
| cadesConfiguration/hashSignature | boolean | If true, the information provided in the Base64 of the document should be the digest of the document, and not the entire document. |
| cadesConfiguration/hashDigestAlgorithm | string | Algorithm that has been used to obtain the digest of the document. Available values: - 'SHA1' - 'SHA224' - 'SHA256' - 'SHA384' - 'SHA512' |
TSA Configuration
TSA configuration is mandatory if a signature format that requires timestamp is used:
{
"url": "http://tsa.example.com/",
"user": "tsa_user",
"password": "tsa_pass",
"type": "USER",
"certificateCode": "tsa_certificate_code"
}
| Param | Type | Desc |
|---|---|---|
| type | string | Authentication type: USER CERTIFICATE CERTIFICATE_TLS of URL (if authentication is not required) |
| user | string | OPTIONAL. Only when USER type is used |
| password | string | OPTIONAL. Only when USER or CERTIFICATE or CERTIFICATE_TLS type is used |
| url | string | TSA url |
| certificateCode | string | OPTIONAL. Only when CERTIFICATE or CERTIFICATE_TLS type is used |
POLICIES Configuration
Only applicable to XAdES EPES format; a Signature Policy can be defined:
{
"id": "102039485-10283757-102837575",
"description": "Sample policy",
"digestAlgorithm": "SHA256",
"digestValueB64": "JVBERi0xLjMKJcTl8uXlRU9GC",
"url" : "https://sample/lorem_ipsum_dolor_sit_amet.pdf",
"contentHintsDescription": "Lorem ipsum dolor sit amet",
"contentHintsType": "Lorem ipsum dolor sit amet"
}
<<<<<<< HEAD
| Param | Type | Desc |
|-----------------------------|----------|-------------------------------------------------------------------------------------------------------------------------------|
| id | string | Policy id |
| description | string | Policy description |
| digestAlgorithm | string | Cipher Algorithm:
- SHA1
- SHA224
- SHA256
- SHA384
- SHA512
- RIPEMD160
- MD2
- MD5 |
| digestValueB64 | string | Policy Digest value (Base64) |
| contentHintsDescription | string | Help Description |
| contentHintsType | string | Help content type |
| Param | Type | Desc |
|---|---|---|
| id | string | Policy id |
| description | string | Policy description |
| digestAlgorithm | string | Cipher Algorithm: - SHA1- SHA224- SHA256- SHA384- SHA512- RIPEMD160- MD2- MD5 |
| digestValueB64 | string | Policy Digest value (Base64) |
| url | string | The SpURI (signature policy qualifier). The spURI qualifier will contain a URL value where a copy of the signing policy document can be obtained. |
| contentHintsDescription | string | Help Description |
| contentHintsType | string | Help content type |
26367b52051e0e30d23d28b90480e0e025b5537d
Response
Response in application/json format:
{
"authCode": "1aeb979ddcf247e9ad46ee73e19a326d",
"exeCode": "f116305e7f7c44f3a29385028c5374ba"
}
Where:
| Param | Type | Desc |
|---|---|---|
| authCode | string | Authorization code |
| exeCode | string | Execution code |
API Errors
Errors are returned using application/json format:
{
"error": "error_code",
"error_description": "error_description"
}
Where:
| Param | Type | Desc |
|---|---|---|
| error | string | Error code |
| error_description | string | Error description |
Errors:
| Error code | Error desc |
|---|---|
| invalid_request | Bad request. Incorrect of insufficient request params. (HTTP Status: 400) |
| invalid_token | Invalid access_token (HTTP Status: 401) |
| user_not_found | Incorrect or inactive user (HTTP Status: 404) |
USER AUTHENTICATION AND CERTIFICATE SELECTION
Please review the following User Authentication and Signature Authorization section to find more details.
SIGNATURE EXECUTION
REST service specs:
Method: POST
URL: {viafirma_fortress_url}/api/v1/signature/{executionCode}/execute
Where:
viafirma_fortress_url: URL of the Fortress implementation, for example https://sandbox.viafirma.com/fortress or https://fortress.viafirma.com/fortressexecutionCode: authorization code returned by signature request method
Sample Request
Method: POST
URL: {viafirma_fortress_url}/api/v1/signature/f116305e7f7c44f3a29385028c5374ba/execute
Params
The request body must be an empty JSON:
{
}
Sample Response
[
{
"bytesB64": "a910b000d4f1a2b...",
"signatureCode": "e2470412-33cc-467a-b357-880fe621920f",
"mimeType": "application/pdf",
"ref": "#1"
},
...
]
Where:
| Param | Type | Desc |
|---|---|---|
| bytesB64 | string | Signed document (Base64). In case of asynchronous signature it will be empty and the signed document must be downloaded using the obtained signatureCode. |
| signatureCode | string | Signature ID |
| mimeType | string | MIME type |
| ref | string | It have the same value if present in the signature request |
API Errors
{
"error": "error_code",
"error_description": "error_description"
}
Where:
| Param | Type | Desc |
|---|---|---|
| error | string | Error code |
| error_description | string | Error description |
Errors:
| Error code | Error desc |
|---|---|
| invalid_request | Bad request. Incorrect on insufficient params. (HTTP Status: 400) |
| invalid_token | Invalid access_token (HTTP Status: 401) |
| user_not_found | Invalid or inactive user (HTTP Status: 404) |
| certificate_not_found | The certificate is not inactive or authorized, or has not been found (HTTP Status: 404) |
| signature_error | Problems found in signature process (HTTP Status: 500) |
DOWNLOAD SIGNED DOCUMENT
Download signed document.
Service specs:
Method: GET
URL: {viafirma_fortress_url}/api/v1/signature/download/{signature_code}
Where:
viafirma_fortress_url: URL of the Fortress implementation, for example https://sandbox.viafirma.com/fortress or https://fortress.viafirma.com/fortresssignature_code: signature code returned by fortress in the signature execution service
Sample Request
Method: GET
URL: {viafirma_fortress_url}/api/v1/signature/download/C0XJ-XOAK-OF1O-TYJ7-S164-3197-3571-05
Response
Document in application/octet-stream format.
API Errors
{
"error": "error_code",
"error_description": "error_description"
}
Where:
| Param | Type | Desc |
|---|---|---|
| error | string | Error code |
| error_description | string | Error description |
Errors:
| Error code | Error desc |
|---|---|
| document_not_found | Signed document ID not found (HTTP Status: 404). |
results matching ""
No results matching ""