Introduction
The Digital Signatures API allows you to:
Submit PDF documents to be signed by one or multiple signatories.
Query current documents.
Cancel documents.
Send reminders to signatories.
Retrieve the signed PDF document after the signing
authenticationMethodis complete.
The service supports multiple authentication methods for signatories.
With this API, signed documents are accompanied by an act of signature, the so-called audit trail. All steps of the signing process are recorded in this deed: who took what action and when. The deed and the signed document are irrefutably recorded by sealing it with Zynyo's eSeal. This gives parties the warranty that the document has not been changed in the meantime.
Base URL
https://api-prd.kpn.com/security/zynyo/digitalsignature
Conceptual model
Definitions
Authentication method
There are several possibilities for the validation of a signatory. These are called authentication methods. For example, if you want to validate a mobile phone number you can use the SMS-TAN authentication method. The SMS-TAN code is sent to the phone number of the signatory, who then has to enter this code when signing. Other options are the Mouse Signature (where the signatory has to draw a signature on the document) or the iDIN authentication method. With iDIN, the signatory data is validated with the data from a (Dutch) bank account shared by the signatory.
Digital Signature
A digital signature is a type of e-signature that includes a digital certificate, issued by a third-party for independent identity validation. The digital signature used in the Digital Signatures API is compliant with the ETSI PAdES standard for the European Union. Zynyo uses an EIDAS compliant timestamp for long term validation.
Digital Signatures API
This is the REST interface that connects your application and Zynyo's Signing Service.
Document signing request
To submit a document for signing to 1 or more signatories, you need to POST a document signing request. The signing request must contain at least 1 signatory with the following data: e-mail address, first and last name and authentication methods (i.e. SMS-TAN authentication, iDIN authentication or mouse signature authentication). You can also add parameters for messaging and for the digital signature.
Zynyo sends messages to signatories through e-mail. In case you rather want to send these from your own e-mail server, or if you have a different implementation for messaging, you can also process the e-mails yourself with an API implementation.
Invitation
The signatories receive an invitation via e-mail with the request to sign the document. Invitations are sent sequentially after each validation of the previous signatory. Suppression of e-mail invitations is possible. If you want to distribute the links in your own application, you can retrieve the signing link for a signatory in the response for a document signing request.
Reminder
Reminders for signing a document can be sent to a signatory by e-mail or by SMS. SMS is only possible when the SMS-TAN authentication method is added for that signatory.
Seal
After adding a digital signature to a document, the document is sealed and can no longer be altered without breaking the validity of the signature.
Signatory
A person that needs to sign a document and/or gets a copy of the signed document.
Signed document
The document with applied signatures (drawings) of the signatories, audit log (can also be kept separate), and a digital signature.
QuickSign request
With a QuickSign request, you can apply a digital signature to a document quickly. The signed document is returned immediately within the same API call, so you can process it right away.
UUID
A universally unique identifier (UUID) is a 128-bit number used to identify information in computer systems.
API workflow
Features
Send document signing request
You can invite one or more signatories to sign a PDF document. The signatory validation can be specified for each signatory by using authentication methods. These authentication methods are SMS-TAN, mouse signature, iDIN, and certificate. Authentication methods can be stacked for extra security.
Send multiple document signing requests at once
You can send multiple documents for a signing request at once, to the same signatories. You can choose to merge your documents into a single document or send them as separate requests.
Query documents
You can query a list of your current documents. It's possible to filter the list by document state and reference. You can also paginate the results with limits and a start index. The content of the documents is not submitted in the results.
Send reminder
When a signatory did not respond to the invitation to sign the document, you can send a reminder. In this reminder, the document name and link to the Zynyo Signing environment is added. When a signatory has SMS-TAN for authentication, you can also send a reminder via SMS.
Cancel document
When a document is not in a finite state, you can cancel the document signing request.
Query document templates
In the Zynyo portal, you can create document templates for signing. With these templates, you can add fields to your document. There are input fields for the signatory to fill, or label fields that are filled when the document is processed for the digital signature. You can use the results of the document templates query to add the document template UUID as a parameter for a document signing request.
Get signed document
You can retrieve the documents that are signed. The document is sealed with a digital signature and a eIDAS qualified timestamp. The signed document is available for 30 days. After 30 days the document expires and will not be available anymore.
Quicksign
If you want to seal a document with a digital signature without any other signatories to sign the document, you can use Quicksign. With Quicksign, you can submit a PDF document and get the sealed document in the response immediately.
Process e-mail
When you want to send e-mails through your own e-mail server or other messaging implementation, you can use Zynyo e-mail processing. Every message that is sent with the Digital Signatures API is temporarily stored in the database. You can query these messages to process them yourself. After processing, you can mark the e-mails as sent. The messages will then be deleted from the database.
How to...
Send a document signing request
SwaggerHub:
- Select
POST /sign/signdocumentrequest. - Click
Try it out. - In the body, enter the required parameters:
documentInfoandsignatories. - Click
Execute. - Check the response code and message.
^^Request example^^
{
"documentInfo": {
"name": "Contract ABC",
"description": "Please sign the contract"
},
"signatories": [
{
"name": "John Doo Smith",
"email": "john.doo.smith@zynyo.com",
"locale": "en_US",
"authenticationMethods": [
{
"type": "mouse",
"ordernumber": 0
}
],
"priority": "DEFAULT",
"signatoryRole": "SIGN",
"returnUrl": "http://link.to.yourportal/signatory1",
"disableInvitation": true,
"disableStatusChange": true,
"disableEmail": true
}
],
"documentTemplate": {
"documentTemplateUUID": "string"
},
"useTimeStamp": true,
"enableLTV": true,
"separateAuditlog": true,
"disableEmail": true,
"signatureLabel": {
"xcoordinate": 20,
"ycoordinate": 30,
"height": 50,
"width": 220,
"pageIndex": 0
},
"reference": "Document_12345",
"submitter": "john.smith@zynyo.com",
"content": "JVBERi0xLjQNJeLjz9MNCjc4IDAgb2JqDTw8L0xp......E2DQolJUVPRg0K"
}
^^Response example^^
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"signatoryLink": [
{
"sequence": 1,
"email": "john.doo.smith@zynyo.com",
"role": "SIGN",
"signatoryUUID": "1eea3187-e62d-41e7-a5f7-7272c4f50f23",
"documentLink": "https://signingservice.zynyo.com/webapp/sign/1eea3187-e62d-41e7-a5f7-7272c4f50f23"
}
]
}
Send document signing requests for multiple documents at once
SwaggerHub:
- Select
POST /sign/multi/signdocumentrequest. - Click
Try it out. - In the body, enter the required parameters:
documentInfoandsignatories. - Click
Execute. - Check the response code and message.
^^Request example^^
{
"documentInfo": {
"name": "Contract ABC",
"description": "Please sign the contract"
},
"signatories": [
{
"name": "John Doo Smith",
"email": "john.doo.smith@zynyo.com",
"locale": "en_US",
"authenticationMethods": [
{
"type: "mouse",
"ordernumber": 0
}
],
"priority": "DEFAULT",
"signatoryRole": "SIGN",
"returnUrl": "http://link.to.yourportal/signatory1",
"disableInvitation": true,
"disableStatusChange": true,
"disableEmail": true
}
],
"documentTemplate": {
"documentTemplateUUID": "string"
},
"useTimeStamp": true,
"enableLTV": true,
"separateAuditlog": true,
"disableEmail": true,
"signatureLabel": {
"xcoordinate": 20,
"ycoordinate": 30,
"height": 50,
"width": 220,
"pageIndex": 0
},
"reference": "Document_12345",
"submitter": "john.smith@zynyo.com",
"content": "JVBERi0xLjQNJeLjz9MNCjc4IDAgb2JqDTw8L0xp......E2DQolJUVPRg0K"
}
^^Response example^^
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"signatoryLink": [
{
"sequence": 1,
"email": "john.doo.smith@zynyo.com",
"role": "SIGN",
"signatoryUUID": "1eea3187-e62d-41e7-a5f7-7272c4f50f23",
"documentLink": "https://signingservice.zynyo.com/webapp/sign/1eea3187-e62d-41e7-a5f7-7272c4f50f23"
}
]
}
Retrieves the list of current documents
SwaggerHub:
- Select
GET /documents/{states}/{startPosition}/{maxResults}. - Click
Try it out. - In the body, enter the required path parameters:
states,startPosition, andmaxResults. - Click
Execute. - Check the response code and message.
^^Response example^^
[
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"name": "Contract ABC",
"description": "Please sign the contract",
"documentState": "PARTIALLY_VALIDATED",
"previousState": "NOT_VALIDATED",
"stateChangedDate": "2020-02-20T13:38:45.314Z",
"signRequest": {
"apiAccountName": "testapikey",
"signingRequested": "2020-02-20T13:38:45.314Z",
"ipAddress": "127.0.0.1",
"separateAuditlog": true,
"disableEmail": true,
"reference": "document 1234",
"submitter": "john.doo.smith@zynyo.com"
},
"signatories": [
{
"name": "John Doo Smith",
"email": "john.doo.smith@zynyo.com",
"locale": "en_US",
"": [
{
"ordernumber": 0
}
],
"priority": "DEFAULT",
"signatoryRole": "SIGN",
"returnUrl": "http://link.to.yourportal/signatory1",
"disableInvitation": true,
"disableStatusChange": true,
"disableEmail": true
}
],
"ltvEnabled": true,
"numberOfPages": 5,
"certificateLabel": {
"xcoordinate": 20,
"ycoordinate": 30,
"height": 50,
"width": 220,
"pageIndex": 0
},
"content": [
"string"
],
"documentTemplate": {
"name": "Rental contract 123 template",
"filename": "contract_123.pdf",
"description": "string",
"documentTemplateUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"maxSignatories": 2,
"templateLabels": [
{
"identifier": "3bfbf6e6-4f28-11ea-b77f-2e728ce88125",
"x": 20,
"y": 30,
"width": 220,
"height": 50,
"minWidth": 60,
"minHeight": 12,
"pageIndex": 0,
"signatoryIndex": 1,
"repeat": true,
"notLastPage": true,
"onlyLastPage": true,
"required": true,
"templateLabelType": "SIGNATURE",
"defaultValue": "John Doo",
"placeholder": "your name",
"characterLimit": 100,
"characterRegex": "[a-zA-Z0-9]",
"listOptions": "Option 1,Option 2,Option 3",
"options": [
"string"
],
"scrollStop": true
}
],
"documentTemplateSource": "BACKOFFICE",
"activeDocumentsCount": 5
},
"auditlogContent": [
"string"
],
"useTimestamp": true,
"rejectReason": "The contract is the wrong version"
}
]
Send document reminder
SwaggerHub:
- Select
POST /sign/sendreminder. - Click
Try it out. - In the body, enter the required parameters:
documentUUID,signatoryEmail, andreminderType. - Click
Execute. - Check the response code and message.
^^Request example^^
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"signatorye-mail": "john.doo.smith@zyny.com",
"reminderType": "email"
}
^^Response example^^
{
"timesSent": 2,
"maxTimesAllowed": 3,
"reminderType": "email"
}
Cancel document
SwaggerHub:
- Select
PUT /sign/canceldocument. - Click
Try it out. - Fill the model with your data.
- Click
Execute. - Check the response code and message.
^^Request example^^
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23"
}
^^Response example^^
{
"message": "Success message"
}
Get signed document
SwaggerHub:
- Select
GET /sign/getsigned/{documentUUID}. - Click
Try it out. - Fill the
documentUUIDparameter field with yourdocumentUUID. - Click
Execute. - Check the response code and message.
^^Response example^^
{
"documentContent": "JVBERi0xLjQNJeLjz9MNCjc4IDAgb2JqDTw8L0xp......E2DQolJUVPRg0K",
"auditlogContent": "JKJJIioju9khjKJjzKKLSDSIDDAgbJKAJKjlkjos......KOJihjlahsdIKL"
}
Query document templates
SwaggerHub:
- Select
GET /documenttemplates. - Click
Try it out. - Click
Execute. - Check the response code and message.
^^Response example^^
[
{
"name": "Rental contract 123 template",
"filename": "contract_123.pdf",
"description": "string",
"documentTemplateUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"maxSignatories": 2,
"templateLabels": [
{
"identifier": "3bfbf6e6-4f28-11ea-b77f-2e728ce88125",
"x": 20,
"y": 30,
"width": 220,
"height": 50,
"minWidth": 60,
"minHeight": 12,
"pageIndex": 0,
"signatoryIndex": 1,
"repeat": true,
"notLastPage": true,
"onlyLastPage": true,
"required": true,
"templateLabelType": "SIGNATURE",
"defaultValue": "John Doo",
"placeholder": "your name",
"characterLimit": 100,
"characterRegex": "[a-zA-Z0-9]",
"listOptions": "Option 1,Option 2,Option 3",
"options": [
"string"
],
"scrollStop": true
}
],
"documentTemplateSource": "BACKOFFICE",
"activeDocumentsCount": 5
}
]
Query e-mails
SwaggerHub:
- Select
GET /emails. - Click
Try it out. - Click
Execute. - Check the response code and message.
^^Response example^^
[
{
"id": 1111,
"externalId": "string",
"added": "2020-02-20T13:46:05.931Z",
"state": "NOT_SEND",
"subject": "Invitation to sign the document",
"to": [
{
"id": 0,
"name": "John Doo Smith",
"address": "john.doo.smith@zynyo.com"
}
],
"html": "<html>...</html>",
"plainText": "Please sign the document, ...",
"errorMessage": "Bounced address",
"attachments": [
{
"id": 0,
"filename": "contract.pdf",
"type": "application/pdf",
"disposition": "inline",
"contents": "..."
}
]
}
]
Mark e-mails as sent
SwaggerHub:
- Select
POST /emails/sent. - Click
Try it out. - In the body, enter the id's of the e-mails you want to mark as sent.
- Click
Execute. - Check the response code and message.
^^Response example^^
[
1111,1112,1113
]
Return codes
| Code | Description |
|---|---|
| 200 | Success. |
| 201 | Created. |
| 202 | Accepted. |
| 302 | Found. Link in location header. |
| 400 | Bad request. |
| 401 | Unauthorized. |
| 403 | Forbidden. |
| 404 | Not found. |
| 405 | Method not allowed. |
| 412 | Precondition failed. |
| 429 | Too many requests. |
| 500 | Internal server error. |
| 502 | Bad gateway. |
| 503 | Service unavailable. |