Introduction

The Digital Signatures API allows you to:

  • Submit PDF documents to be signed by one or multiple signatories.

  • Query current documents.

  • Cancel documents.

  • Send reminders to signatories.

  • Retrieve signed PDF documents.

The service supports multiple authentication methods for signatories.

With this API, signed documents are accompanied by an act of signature, the so-called audit trail. All steps of the signing process are recorded in this deed: who took what action and when. The deed and the signed document are irrefutably recorded by sealing it with Zynyo's eSeal. This gives parties the warranty that the document has not been changed in the meantime.


API specification

Test the API on SwaggerHub


Base URL

https://api-prd.kpn.com/security/zynyo/digitalsignature


Conceptual model

Conceptual model


Definitions

Authentication method

There are several possibilities for the validation of a signatory. These are called authentication methods. For example, if you want to validate a mobile phone number you can use the SMS-TAN authentication method. The SMS-TAN code is sent to the phone number of the signatory, who then has to enter this code when signing. Other options are the Mouse Signature (where the signatory has to draw a signature on the document) or the iDIN authentication method. With iDIN, the signatory data is validated with the data from a (Dutch) bank account shared by the signatory.

Digital Signature

A digital signature is a type of e-signature that includes a digital certificate, issued by a third-party for independent identity validation. The digital signature used in the Digital Signatures API is compliant with the ETSI PAdES standard for the European Union. Zynyo uses an EIDAS compliant timestamp for long term validation.

Digital Signatures API

This is the REST interface that connects your application and Zynyo's Signing Service.

Document signing request

To submit a document for signing to 1 or more signatories, you need to POST a document signing request. The signing request must contain at least 1 signatory with the following data: e-mail address, first and last name and authentication methods (i.e. SMS-TAN authentication, iDIN authentication or mouse signature authentication). You can also add parameters for messaging and for the digital signature.

E-mail

Zynyo sends messages to signatories through e-mail. In case you rather want to send these from your own e-mail server, or if you have a different implementation for messaging, you can also process the e-mails yourself with an API implementation.

Invitation

The signatories receive an invitation via e-mail with the request to sign the document. Invitations are sent sequentially after each validation of the previous signatory. Suppression of e-mail invitations is possible. If you want to distribute the links in your own application, you can retrieve the signing link for a signatory in the response for a document signing request.

Reminder

Reminders for signing a document can be sent to a signatory by e-mail or by SMS. SMS is only possible when the SMS-TAN authentication method is added for that signatory.

Seal

After adding a digital signature to a document, the document is sealed and can no longer be altered without breaking the validity of the signature.

Signatory

A person that needs to sign a document and/or gets a copy of the signed document.

Signed document

The document with applied signatures (drawings) of the signatories, audit log (can also be kept separate), and a digital signature.

QuickSign request

With a QuickSign request, you can apply a digital signature to a document quickly. The signed document is returned immediately within the same API call, so you can process it right away.

UUID

A universally unique identifier (UUID) is a 128-bit number used to identify information in computer systems.


API workflow

API workflow


Features

  • Send document signing request: You can invite one or more signatories to sign a PDF document. The signatory validation can be specified for each signatory by using authentication methods. These authentication methods are SMS-TAN, mouse signature, iDIN, and certificate. Authentication methods can be stacked for extra security.
  • Send multiple document signing requests at once: You can send multiple documents for a signing request at once, to the same signatories. You can choose to merge your documents into a single document or send them as separate requests.
  • Query documents: You can query a list of your current documents. It's possible to filter the list by document state and reference. You can also paginate the results with limits and a start index. The content of the documents is not submitted in the results.
  • Send reminder: When a signatory did not respond to the invitation to sign the document, you can send a reminder. In this reminder, the document name and link to the Zynyo Signing environment is added. When a signatory has SMS-TAN for authentication, you can also send a reminder via SMS.
  • Cancel document: When a document is not in a finite state, you can cancel the document signing request.
  • Query document templates: In the Zynyo portal, you can create document templates for signing. With these templates, you can add fields to your document. There are input fields for the signatory to fill, or label fields that are filled when the document is processed for the digital signature. You can use the results of the document templates query to add the document template UUID as a parameter for a document signing request.
  • Get signed document: You can retrieve the documents that are signed. The document is sealed with a digital signature and a eIDAS qualified timestamp. The signed document is available for 30 days. After 30 days the document expires and will not be available anymore.
  • Quicksign: If you want to seal a document with a digital signature without any other signatories to sign the document, you can use Quicksign. With Quicksign, you can submit a PDF document and get the sealed document in the response immediately.
  • Process e-mail: When you want to send e-mails through your own e-mail server or other messaging implementation, you can use Zynyo e-mail processing. Every message that is sent with the Digital Signatures API is temporarily stored in the database. You can query these messages to process them yourself. After processing, you can mark the e-mails as sent. The messages will then be deleted from the database.


Getting started

Make sure you've read What's in it for you for more info on how to register and start testing APIs.

Authentication

The API follows the KPN Store API Authentication Standard to secure the API. It includes the use of OAuth 2.0 client_id and client_secret to receive an access token.

Go to the Authentication tab on top of this page to find out how to:

  • Authenticate to an API using cURL.
  • Authenticate to an API on Swaggerhub.
  • Import Open API Specifications (OAS), also called Swagger files into Postman.


How to...

Send a document signing request

SwaggerHub:

  1. Select POST /sign/signdocumentrequest.
  2. Click Try it out.
  3. In the body, enter the required parameters: documentInfo and signatories.
  4. Click Execute.
  5. Check the response code and message.
^^Request example^^
{
  "documentInfo": {
    "name": "Contract ABC",
    "description": "Please sign the contract"
  },
  "signatories": [
    {
      "name": "John Doo Smith",
      "email": "john.doo.smith@zynyo.com",
      "locale": "en_US",
      "authenticationMethods": [
        {
          "type": "mouse",
          "ordernumber": 0
        }
      ],
      "priority": "DEFAULT",
      "signatoryRole": "SIGN",
      "returnUrl": "http://link.to.yourportal/signatory1",
      "disableInvitation": true,
      "disableStatusChange": true,
      "disableEmail": true
    }
  ],
  "documentTemplate": {
    "documentTemplateUUID": "string"
  },
  "useTimeStamp": true,
  "enableLTV": true,
  "separateAuditlog": true,
  "disableEmail": true,
  "signatureLabel": {
    "xcoordinate": 20,
    "ycoordinate": 30,
    "height": 50,
    "width": 220,
    "pageIndex": 0
  },
  "reference": "Document_12345",
  "submitter": "john.smith@zynyo.com",
  "content": "JVBERi0xLjQNJeLjz9MNCjc4IDAgb2JqDTw8L0xp......E2DQolJUVPRg0K"
}

^^Response example^^
{
  "documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
  "signatoryLink": [
    {
      "sequence": 1,
      "email": "john.doo.smith@zynyo.com",
      "role": "SIGN",
      "signatoryUUID": "1eea3187-e62d-41e7-a5f7-7272c4f50f23",
      "documentLink": "https://signingservice.zynyo.com/webapp/sign/1eea3187-e62d-41e7-a5f7-7272c4f50f23"
    }
  ]
}

Send document signing requests for multiple documents at once

SwaggerHub:

  1. Select POST /sign/multi/signdocumentrequest.
  2. Click Try it out.
  3. In the body, enter the required parameters: documentInfo and signatories.
  4. Click Execute.
  5. Check the response code and message.
^^Request example^^
{
  "documentInfo": {
    "name": "Contract ABC",
    "description": "Please sign the contract"
    },
    "signatories": [
      {
        "name": "John Doo Smith",
        "email": "john.doo.smith@zynyo.com",
        "locale": "en_US",
        "authenticationMethods": [
          {
            "type: "mouse",
            "ordernumber": 0
          }
        ],
        "priority": "DEFAULT",
        "signatoryRole": "SIGN",
        "returnUrl": "http://link.to.yourportal/signatory1",
        "disableInvitation": true,
        "disableStatusChange": true,
        "disableEmail": true
       }
  ],
  "documentTemplate": {
     "documentTemplateUUID": "string"
  },
  "useTimeStamp": true,
  "enableLTV": true,
  "separateAuditlog": true,
  "disableEmail": true,
  "signatureLabel": {
    "xcoordinate": 20,
    "ycoordinate": 30,
    "height": 50,
    "width": 220,
    "pageIndex": 0
  },
  "reference": "Document_12345",
  "submitter": "john.smith@zynyo.com",
  "content": "JVBERi0xLjQNJeLjz9MNCjc4IDAgb2JqDTw8L0xp......E2DQolJUVPRg0K"
}

^^Response example^^
{
  "documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
  "signatoryLink": [
    {
      "sequence": 1,
      "email": "john.doo.smith@zynyo.com",
      "role": "SIGN",
      "signatoryUUID": "1eea3187-e62d-41e7-a5f7-7272c4f50f23",
      "documentLink": "https://signingservice.zynyo.com/webapp/sign/1eea3187-e62d-41e7-a5f7-7272c4f50f23"
    }
  ]
}

Retrieves the list of current documents

SwaggerHub:

  1. Select GET /documents/{states}/{startPosition}/{maxResults}.
  2. Click Try it out.
  3. In the body, enter the required path parameters: states, startPosition, and maxResults.
  4. Click Execute.
  5. Check the response code and message.
^^Response example^^
[
  {
    "documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
    "name": "Contract ABC",
    "description": "Please sign the contract",
    "documentState": "PARTIALLY_VALIDATED",
    "previousState": "NOT_VALIDATED",
    "stateChangedDate": "2020-02-20T13:38:45.314Z",
    "signRequest": {
      "apiAccountName": "testapikey",
      "signingRequested": "2020-02-20T13:38:45.314Z",
      "ipAddress": "127.0.0.1",
      "separateAuditlog": true,
      "disableEmail": true,
      "reference": "document 1234",
      "submitter": "john.doo.smith@zynyo.com"
    },
    "signatories": [
      {
        "name": "John Doo Smith",
        "email": "john.doo.smith@zynyo.com",
        "locale": "en_US",
        "": [
          {
            "ordernumber": 0
          }
        ],
        "priority": "DEFAULT",
        "signatoryRole": "SIGN",
        "returnUrl": "http://link.to.yourportal/signatory1",
        "disableInvitation": true,
        "disableStatusChange": true,
        "disableEmail": true
      }
    ],
    "ltvEnabled": true,
    "numberOfPages": 5,
    "certificateLabel": {
      "xcoordinate": 20,
      "ycoordinate": 30,
      "height": 50,
      "width": 220,
      "pageIndex": 0
    },
    "content": [
      "string"
    ],
    "documentTemplate": {
      "name": "Rental contract 123 template",
      "filename": "contract_123.pdf",
      "description": "string",
      "documentTemplateUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
      "maxSignatories": 2,
      "templateLabels": [
        {
          "identifier": "3bfbf6e6-4f28-11ea-b77f-2e728ce88125",
          "x": 20,
          "y": 30,
          "width": 220,
          "height": 50,
          "minWidth": 60,
          "minHeight": 12,
          "pageIndex": 0,
          "signatoryIndex": 1,
          "repeat": true,
          "notLastPage": true,
          "onlyLastPage": true,
          "required": true,
          "templateLabelType": "SIGNATURE",
          "defaultValue": "John Doo",
          "placeholder": "your name",
          "characterLimit": 100,
          "characterRegex": "[a-zA-Z0-9]",
          "listOptions": "Option 1,Option 2,Option 3",
          "options": [
            "string"
          ],
          "scrollStop": true
        }
      ],
      "documentTemplateSource": "BACKOFFICE",
      "activeDocumentsCount": 5
    },
    "auditlogContent": [
      "string"
    ],
    "useTimestamp": true,
    "rejectReason": "The contract is the wrong version"
  }
]

Send document reminder

SwaggerHub:

  1. Select POST /sign/sendreminder.
  2. Click Try it out.
  3. In the body, enter the required parameters: documentUUID, signatoryEmail, and reminderType.
  4. Click Execute.
  5. Check the response code and message.
^^Request example^^
{
  "documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
  "signatorye-mail": "john.doo.smith@zyny.com",
  "reminderType": "email"
}

^^Response example^^
{
  "timesSent": 2,
  "maxTimesAllowed": 3,
  "reminderType": "email"
}

Cancel document

SwaggerHub:

  1. Select PUT /sign/canceldocument.
  2. Click Try it out.
  3. Fill the model with your data.
  4. Click Execute.
  5. Check the response code and message.
^^Request example^^
{
  "documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23"
}

^^Response example^^
{
  "message": "Success message"
}

Get signed document

SwaggerHub:

  1. Select GET /sign/getsigned/{documentUUID}.
  2. Click Try it out.
  3. Fill the documentUUID parameter field with your documentUUID.
  4. Click Execute.
  5. Check the response code and message.
^^Response example^^
{
  "documentContent": "JVBERi0xLjQNJeLjz9MNCjc4IDAgb2JqDTw8L0xp......E2DQolJUVPRg0K",
  "auditlogContent": "JKJJIioju9khjKJjzKKLSDSIDDAgbJKAJKjlkjos......KOJihjlahsdIKL"
}

Query document templates

SwaggerHub:

  1. Select GET /documenttemplates.
  2. Click Try it out.
  3. Click Execute.
  4. Check the response code and message.
^^Response example^^
[
  {
    "name": "Rental contract 123 template",
    "filename": "contract_123.pdf",
    "description": "string",
    "documentTemplateUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
    "maxSignatories": 2,
    "templateLabels": [
      {
        "identifier": "3bfbf6e6-4f28-11ea-b77f-2e728ce88125",
        "x": 20,
        "y": 30,
        "width": 220,
        "height": 50,
        "minWidth": 60,
        "minHeight": 12,
        "pageIndex": 0,
        "signatoryIndex": 1,
        "repeat": true,
        "notLastPage": true,
        "onlyLastPage": true,
        "required": true,
        "templateLabelType": "SIGNATURE",
        "defaultValue": "John Doo",
        "placeholder": "your name",
        "characterLimit": 100,
        "characterRegex": "[a-zA-Z0-9]",
        "listOptions": "Option 1,Option 2,Option 3",
        "options": [
          "string"
        ],
        "scrollStop": true
      }
    ],
    "documentTemplateSource": "BACKOFFICE",
    "activeDocumentsCount": 5
  }
]

Query e-mails

SwaggerHub:

  1. Select GET /emails.
  2. Click Try it out.
  3. Click Execute.
  4. Check the response code and message.
^^Response example^^
[
  {
    "id": 1111,
    "externalId": "string",
    "added": "2020-02-20T13:46:05.931Z",
    "state": "NOT_SEND",
    "subject": "Invitation to sign the document",
    "to": [
      {
        "id": 0,
        "name": "John Doo Smith",
        "address": "john.doo.smith@zynyo.com"
      }
    ],
    "html": "<html>...</html>",
    "plainText": "Please sign the document, ...",
    "errorMessage": "Bounced address",
    "attachments": [
      {
        "id": 0,
        "filename": "contract.pdf",
        "type": "application/pdf",
        "disposition": "inline",
        "contents": "..."
      }
    ]
  }
]

Mark e-mails as sent

SwaggerHub:

  1. Select POST /emails/sent.
  2. Click Try it out.
  3. In the body, enter the id's of the e-mails you want to mark as sent.
  4. Click Execute.
  5. Check the response code and message.
^^Response example^^
[
  1111,1112,1113
]


Return codes

Code Description
200 Success.
201 Created.
202 Accepted.
302 Found. Link in location header.
400 Bad request.
401 Unauthorized.
403 Forbidden.
404 Not found.
405 Method not allowed.
412 Precondition failed.
429 Too many requests.
500 Internal server error.
502 Bad gateway.
503 Service unavailable.


HTTP response headers

The following tables display the standard response headers that are returned with each API response:

Standard response field name Description
sunset This field will be populated with the deprecation details. By default the value is n/a.
api-version Indicates the API version you have used.
quota-interval Used to specify an integer (for example, 1, 2, 5, 60, and so on) that will be paired with the quota-time-unit you specify (minute, hour, day, week, or month) to determine a time period during which the quota use is calculated.
For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours.
quota-limit Number of API calls an user can make within a given time period.
If this limit is exceeded, the user will be throttled and API requests will fail.
quota-reset-UTC All quota times are set to the Coordinated Universal Time (UTC) time zone.
quota-time-unit Used to specify the unit of time applicable to the quota.
For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours.
quota-used Number of API calls made within the quota.
strict-transport-security The HTTP Strict-Transport-Security (HSTS) response header lets a website tell browsers that it should only be accessed using HTTPS, instead of using HTTP. All present and future subdomains will be HTTPS for a maximum of 1 year and access is blocked to pages or sub domains that can only be served over HTTP including HSTS preload lists of web browsers.
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload.
Access control field name Description
access-control-allow-credentials Tells browsers whether to expose the response to frontend JavaScript when the request's credentials mode (Request.credentials) is include.
When a request's credentials mode (Request.credentials) is include, browsers will only expose the response to frontend JavaScript if the Access-Control-Allow-Credentials value is true. Boolean.
access-control-allow-origin Indicates whether the response can be shared with requesting code from the given origin.
access-control-allow-headers Used in response to a pre-flight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
access-control-max-age Indicates how long the results of a pre-flight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
access-control-allow-methods Indicates which HTTP methods are allowed on a particular endpoint for cross-origin requests.
For example: GET, PUT, POST, DELETE.
content-length The Content-Length entity header indicates the size of the entity-body, in bytes, sent to the recipient.
content-type The Content-Type entity header the client what the content type of the returned content actually is.

Mopinion feedback