API: Methods related to unattended signature with certificate
Last update: November 13, 2024
The unattended signature process in Viafirma Fortress will consist of the processes of:
- Client authentication
- Signature request
- Signature execution
- Getting the signed document/s
In the following sections we will describe the methods available in Viafirma Fortress, associated with signature operations:
Note: To access these methods it is necessary to have an access token(access_token) obtained through an authentication and authorization request with ascope of type client and a grant_typeof type client_credentials, [for which you must follow the steps indicated in this section of the documentation] (../../auth/README.md).
Unattended signature request
Use of the service
Method:POST
URL: {viafirma_fortress_ url}/api/v1/signature
Where:
viafirma_fortress_url: Base URL of the Viafirma Fortress implementation, for example https://sandbox.viafirma.com/fortress or https://fortress.viafirma.com/fortress
Additionally, the access token (access_token) must be included in the HTTP header of thePOSTrequest as follows:
Authorization: Bearer {access_token}
Example:
Method:POST
URL:{viafirma_fortress_ url}/api/v1/signature
Request header :Authorization : Bearer 0b79bab50daca910b000d4f1a2b675d604257e42
Service parameters
This service receives through parameters the configuration of the signature used for each document to be signed, which indicates, among other things, the type of signature to be made, the document to be signed...
The parameters that are received (inapplication/jsonformat ) have the following form:
{
"certificateCode":"b8a25e04ab864583bb5ea8d02883e832",
"signatureConfigurations": [
{
"ref":"#1",
"document": {
"bytesB64":"JVBERi0xLjMKJcTl8uXrp/Og0MTGCjQ...",
"name":"contract.pdf"
},
"signatureType":"PADES_B",
"signatureAlgorithm":"RSA_SHA256",
"packaging":"ENVELOPED",
"padesConfiguration": {
"stamper": {
"csvPath":"http://localhost:7080/fortress/v#",
"logoB64":"iVBORw0KGgoAAAANSUhEUgAAAWYAAABsCAYAAABZyhj...",
"page": 1,
"type":"QR_BARCODE128",
"xAxis": 80,
"yAxis": 700
}
}
}
]
}
Note: Details of thepadesConfiguration,xadesConfiguration,tsaandpolicyparameters are shown below.
Where:
| Parameter | Type | Description |
|---|---|---|
| certificateCode | string | Code of the certificate to be used in the signature, it must be consulted in theCertificatestab of theConfigurationsection of the details of the client system or group where the certificate is hosted |
| certificatePassword | string | Contains the password of the certificate, this field is only allowed for unattended signing. |
| async | string | If set totruethe call to the signature execution service is made asynchronously. |
| callbackUrl | string | If a URL is reported and the signing is performed asynchronously, upon completion of the signing Fortress makes a POST request to said URL with the final execution status. |
| signatureConfigurations/document/name | string | Name of the document to sign |
| signatureConfigurations/document/bytesB64 | string | Document to sign, encoded in Base64 |
| signatureConfigurations/document/url | string | URL of the document to sign |
| signatureConfigurations/signatureType | string | Signature type. Available values: - CADES_B- CADES_T- CADES_LT- CADES_LTA- PADES_B- PADES_T- PADES_LT- PADES_LTA- XADES_B- XADES_T- XADES_LT- XADES_LTA- PKCS1 |
| signatureConfigurations/signatureAlgorithm | string | Algorithm that will be used to encrypt the signature. Available values: - RSA_SHA1- RSA_SHA224- RSA_SHA256- RSA_SHA384- RSA_SHA512 |
| signatureConfigurations/packaging | string | Signature wrapper. Available values: - ENVELOPED- ENVELOPING- DETACHED |
| signatureConfigurations/reason | string | OPTIONAL, reason for signing |
| signatureConfigurations/location | string | OPTIONAL, location of the signature |
| signatureConfigurations/ref | string | If reported, the same value will be returned in the signature result. |
PAdES configuration
This setting only applies for signatures whosesignatureTypeis of type PAdES ( PAdES B, PAdES T, PAdES LT, PAdES LTA).
"padesConfiguration": {
"stamper": { }
}
The stamper object is optional, and serves to define a visual stamp associated with the PAdES signature .
{
"stamper": {
"csvPath":"https://fortress.viafirma.com/fortress/v#",
"imageB64":"JVBERi0xLjMKJcTl8uXlRU9GC...",
"logoB64":"JVBERi0xLjMKJcTl8uXlRU9GC...",
"page": 1,
"rotation":"ROTATE_90",
"textLine1":"Sample line 1",
"textLine2":"Sample line 2",
"textLine3":"Sample line 3",
"type":"QR_BARCODE128",
"xAxis": 100,
"yAxis": 100,
"timeZoneId":"America/Santo_Domingo"
}
}
| Parameter | Type | Description |
|---|---|---|
| stamper/csvPath | string | Signature Verification URL |
| stamper/xAxis | int | Position (on the X axis) of the signature stamp |
| stamper/yAxis | int | Position (on the Y axis) of the signature stamp |
| stamper/imageB64 | string | Background image of signature stamp |
| stamper/logoB64 | string | Signature Seal Logo (will be painted on the bottom right side of the seal) |
| stamper/page | int | Page where the seal will be painted. You can use the value-1to indicate the last page or the value0to paint the stamp on all pages of the document |
| stamper/rotation | string | Seal rotation. If informed, the seal will rotate the indicated degrees. Possible values: - ROTATE_90- ROTATE_270 |
| stamper/textLine1 | string | First textual line to be painted in the content of the signature seal |
| stamper/textLine2 | string | Second textual line to be painted in the content of the signature stamp |
| stamper/textLine3 | string | Third textual line to be painted in the content of the signature seal |
| stamper/type | string | Stamp type. Available values: - PDF417- QR_BARCODE128- QR- BARCODE128- IMAGE- TEXT |
| stamper/timeZoneId | string | String that will correspond to the standard list of time zones. |
Depending on thetypechosen, the stamp will have pre-established dimensions (in pixels):
PDF417: 300x130QR_BARCODE128: 600x100QR: 450x50BARCODE128: 550x70IMAGE: Maintains the dimensions of the image specified inimageB64TEXT: 400x50
timeZoneId value is NOT reported in the API call, we will apply the following criteria:
- In case of unattended signature, if the Client System belongs to a group that has it informed, we apply the one of the first group that has it informed, if not we apply the one configured by default in the system.
XAdES Configuration
This setting only applies for signatures whosesignatureTypeis of type XAdES ( XAdES B, XAdES T, XAdES LT, XAdES LTA)
{
"signedInfoCanonicalizationMethod":"http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
"signedPropertiesCanonicalizationMethod":"http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
"xPathLocationString":"//book[@id='bk101-1']",
"claimedSignerRoles": [
"role1",
"role2"
],
"transformAlgorithms": [
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
],
"dssReferenceUri":"http://dsa-reference.example.com/"
}
Where:
| Parameter | Type | Description |
|---|---|---|
| signedInfoCanonicalizationMethod | string | Node canonicalization methodsignedInfo |
| signedPropertiesCanonicalizationMethod | string | Canonicalization method of nodesignedProperties |
| xPathLocationString | string | Selector of the node under which the signature will be inserted, in XPath format |
| claimedSignerRoles | array | Roles of the signatory |
| transformAlgorithms | array | Transformation algorithms for nodes. Possible values: - "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"- "http://www.w3.org/2001/10/xml-exc- c14n#"- "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"- "http://www.w3.org/2006/12/xml-c14n11"- "http://www.w3.org/2006/12/xml-c14n11#WithComments"- "http://santuario.apache.org/c14n/physical" |
| dssReferenceUri | string | Identifier of the node to sign |
TSA Settings
For signature types that include time stamping, the TSA settings must be reported.
{
"url":"http://tsa.example.com/",
"user":"tsa_user",
"password":"tsa_pass",
"type":"USER",
"certificateCode":"tsa_certificate_code"
}
| Parameter | Type | Description |
|---|---|---|
| type | string | TSA type. If it requires authentication with user and password , we will use the valueUSER, if it requires authentication with a certificateCERTIFICATE, if it requires authentication with a TSL certificateCERTIFICATE_TLS, if not, the valueURL |
| user | string | User for TSA authentication (only fortypewith valueUSER) |
| password | string | Password for TSA authentication (fortypewith valueUSERorCERTIFICATE_TLS) |
| url | string | TSA URL |
| certificateCode | string | Certificate code for TSA authentication (fortypewith valueCERTIFICATEorCERTIFICATE_TLS) |
Policy settings
So that the signature has a policy and can be considered EPES type, we can define its values with this configuration.
{
"id":"102039485-10283757-102837575",
"description":"Sample policies",
"digestAlgorithm":"SHA256",
"digestValueB64":"JVBERi0xLjMKJcTl8uXlRU9GC",
"url" : "https://sample/lorem_ipsum_dolor_sit_amet.pdf",
"contentHintsDescription":"Lorem ipsum dolor sit amet",
"contentHintsType":"Lorem ipsum dolor sit amet"
}
| Parameter | Type | Description |
|---|---|---|
| id | string | Policy identifier |
| description | string | Policy Description |
| digestAlgorithm | string | Encryption algorithm. Possible values: - SHA1- SHA224- SHA256- SHA384- SHA512- RIPEMD160- MD2- MD5 |
| digestValueB64 | string | Value (Base64 encoded) |
| url | string | The SpURI (signature policy qualifier). The spURI qualifier will contain a URL value where a copy of the signing policy document can be obtained. |
| contentHintsDescription | string | Help Description |
| contentHintsType | string | Type of help |
Service response
The response from this service will be given (inapplication/jsonformat ) as follows:
{
"authCode":"1aeb979ddcf247e9ad46ee73e19a326d",
"exeCode":"f116305e7f7c44f3a29385028c5374ba"
}
Where:
| Parameter | Type | Description |
|---|---|---|
| authCode | string | Authorization code |
| exeCode | string | Execution code |
Service errors
The errors returned by the service (returned inapplication/jsonformat ) look like this:
{
"error":"error_code",
"error_description":"error_description"
}
Where:
| Parameter | Type | Description |
|---|---|---|
| error | string | Error code |
| error_description | string | Error Description |
Possible mistakes:
| Error code | Error |
|---|---|
| invalid_request | Wrong request. Some of the input parameters are not correct. (HTTP Status : 400) |
| invalid_token | Theaccess_tokenused is not correct (HTTP Status : 401) |
Signature execution
With this method we will sign the documents associated with the signature preparation operation.
Use of the service
Method:POST
URL:{viafirma_fortress_ url}/api/v1/signature/{executionCode}/execute
Additionally, the access token (access_token) must be included in the HTTP header of thePOSTrequest as follows:
Authorization: Bearer {access_token}
Where:
viafirma_fortress_url: Base URL of the Viafirma Fortress implementation, for example https://sandbox.viafirma.com/fortress or https://fortress.viafirma.com/fortressexecutionCode: Execution code returned by the signature method
Example:
Method: POST
URL: {viafirma_fortress_ url}/api/v1/signature/f116305e7f7c44f3a29385028c5374ba/execute
Request header: Authorization : Bearer 0b79bab50daca910b000d4f1a2b675d604257e42
Service parameters
This service receives by parameters the execution code executionCode , resulting from the signature preparation procedure, with this code we will obtain the information associated with each signing operation.
It must be provided ( inapplication/jsonformat ) empty:
{
}
Service Response
The response from this service will be given (inapplication/jsonformat ) as follows:
[
{
"bytesB64":"a910b000d4f1a2b...",
"signatureCode":"e2470412-33cc-467a-b357-880fe621920f",
"mimeType":"application/pdf",
"ref":"#1"
},
...
]
Where:
| Parameter | Type | Description |
|---|---|---|
| bytesB64 | string | Signed document, Base64 encoded |
| signatureCode | string | Signature identifier |
| mimeType | string | MIME type of the signed document |
| ref | string | The same value is returned if it was reported in the signature request |
Service errors
The errors returned by the service (returned inapplication/jsonformat ) look like this:
{
"error":"error_code",
"error_description":"error_description"
}
Where:
| Parameter | Type | Description |
|---|---|---|
| error | string | Error code |
| error_description | string | Error Description |
Possible mistakes:
| Error code | Error |
|---|---|
| invalid_request | Wrong request. Some of the input parameters are not correct. (HTTP Status : 400) |
| invalid_token | Theaccess_tokenused is not correct (HTTP Status : 401) |
| certificate_not_found | The certificate you want to sign with is not correct or is not active (HTTP Status : 404) |
| invalidcertificate password | The certificate password is incorrect (HTTP Status: 401) |
| locked_certificate | The certificate is blocked (HTTP Status : 401) |
| signature_error | Error during signing (HTTP Status : 500) |
Download signed document
With this method we can download a signed document using a signature identifier.
Use of the service
Method:GET
URL:{viafirma_fortress_ url}/api/v1/signature/download/{signature_code}
Additionally, the access token (access_token) must be included in the HTTP header of theGETrequest as follows:
Authorization: Bearer {access_token}
Where:
viafirma_fortress_url: Base URL of the Viafirma Fortress implementation, for example https://sandbox.viafirma.com/fortress or https://fortress.viafirma.com/fortresssignature_code: Code of the signature from which you want to download the document
Example:
Method: GET
URL: {viafirma_fortress_ url}/api/v1/signature/download/C0XJ-XOAK-OF1O-TYJ7-S164-3197-3571-05
Service Response
The response from this service will be given (inapplication/octet-streamformat )
Service errors
The errors returned by the service (returned inapplication/jsonformat ) look like this:
{
"error":"error_code",
"error_description":"error_description"
}
Where:
| Parameter | Type | Description |
|---|---|---|
| error | string | Error code |
| error_description | string | Error Description |
Possible mistakes:
| Error code | Error |
|---|---|
| document_not_found | No document found for the provided signature ID (HTTP Status : 404) |
results matching ""
No results matching ""