Introduction
The Digital Signatures API allows you to:
Submit PDF documents to be signed by one or multiple signatories.
Query current documents.
Cancel documents.
Send reminders to signatories.
Retrieve signed PDF documents.
The service supports multiple authentication methods for signatories.
With this API, signed documents are accompanied by an act of signature, the so-called audit trail
. All steps of the signing process are recorded in this deed: who took what action and when. The deed and the signed document are irrefutably recorded by sealing it with Zynyo's eSeal
. This gives parties the warranty that the document has not been changed in the meantime.
API specification
Base URL
https://api-prd.kpn.com/security/zynyo/digitalsignature
Conceptual model
Definitions
Authentication method
There are several possibilities for the validation of a signatory. These are called authentication methods. For example, if you want to validate a mobile phone number you can use the SMS-TAN authentication method. The SMS-TAN code is sent to the phone number of the signatory, who then has to enter this code when signing. Other options are the Mouse Signature (where the signatory has to draw a signature on the document) or the iDIN authentication method. With iDIN, the signatory data is validated with the data from a (Dutch) bank account shared by the signatory.
Digital Signature
A digital signature is a type of e-signature that includes a digital certificate, issued by a third-party for independent identity validation. The digital signature used in the Digital Signatures API is compliant with the ETSI PAdES standard for the European Union. Zynyo uses an EIDAS compliant timestamp for long term validation.
Digital Signatures API
This is the REST interface that connects your application and Zynyo's Signing Service.
Document signing request
To submit a document for signing to 1 or more signatories, you need to POST a document signing request. The signing request must contain at least 1 signatory with the following data: e-mail address, first and last name and authentication methods (i.e. SMS-TAN authentication, iDIN authentication or mouse signature authentication). You can also add parameters for messaging and for the digital signature.
Zynyo sends messages to signatories through e-mail. In case you rather want to send these from your own e-mail server, or if you have a different implementation for messaging, you can also process the e-mails yourself with an API implementation.
Invitation
The signatories receive an invitation via e-mail with the request to sign the document. Invitations are sent sequentially after each validation of the previous signatory. Suppression of e-mail invitations is possible. If you want to distribute the links in your own application, you can retrieve the signing link for a signatory in the response for a document signing request.
Reminder
Reminders for signing a document can be sent to a signatory by e-mail or by SMS. SMS is only possible when the SMS-TAN authentication method is added for that signatory.
Seal
After adding a digital signature to a document, the document is sealed and can no longer be altered without breaking the validity of the signature.
Signatory
A person that needs to sign a document and/or gets a copy of the signed document.
Signed document
The document with applied signatures (drawings) of the signatories, audit log (can also be kept separate), and a digital signature.
QuickSign request
With a QuickSign request, you can apply a digital signature to a document quickly. The signed document is returned immediately within the same API call, so you can process it right away.
UUID
A universally unique identifier (UUID) is a 128-bit number used to identify information in computer systems.
API workflow
Features
- Send document signing request: You can invite one or more signatories to sign a PDF document. The signatory validation can be specified for each signatory by using authentication methods. These authentication methods are SMS-TAN, mouse signature, iDIN, and certificate. Authentication methods can be stacked for extra security.
- Send multiple document signing requests at once: You can send multiple documents for a signing request at once, to the same signatories. You can choose to merge your documents into a single document or send them as separate requests.
- Query documents: You can query a list of your current documents. It's possible to filter the list by document state and reference. You can also paginate the results with limits and a start index. The content of the documents is not submitted in the results.
- Send reminder: When a signatory did not respond to the invitation to sign the document, you can send a reminder. In this reminder, the document name and link to the Zynyo Signing environment is added. When a signatory has SMS-TAN for authentication, you can also send a reminder via SMS.
- Cancel document: When a document is not in a finite state, you can cancel the document signing request.
- Query document templates: In the Zynyo portal, you can create document templates for signing. With these templates, you can add fields to your document. There are input fields for the signatory to fill, or label fields that are filled when the document is processed for the digital signature. You can use the results of the document templates query to add the document template UUID as a parameter for a document signing request.
- Get signed document: You can retrieve the documents that are signed. The document is sealed with a digital signature and a eIDAS qualified timestamp. The signed document is available for 30 days. After 30 days the document expires and will not be available anymore.
- Quicksign: If you want to seal a document with a digital signature without any other signatories to sign the document, you can use Quicksign. With Quicksign, you can submit a PDF document and get the sealed document in the response immediately.
- Process e-mail: When you want to send e-mails through your own e-mail server or other messaging implementation, you can use Zynyo e-mail processing. Every message that is sent with the Digital Signatures API is temporarily stored in the database. You can query these messages to process them yourself. After processing, you can mark the e-mails as sent. The messages will then be deleted from the database.
Getting started
Make sure you've read What's in it for you for more info on how to register and start testing APIs.
Authentication
The API follows the KPN Store API Authentication Standard to secure the API. It includes the use of OAuth 2.0 client_id and client_secret to receive an access token.
Go to the Authentication tab on top of this page to find out how to:
- Authenticate to an API using cURL.
- Authenticate to an API on Swaggerhub.
- Import Open API Specifications (OAS), also called Swagger files into Postman.
How to...
Send a document signing request
SwaggerHub:
- Select
POST /sign/signdocumentrequest
. - Click
Try it out
. - In the body, enter the required parameters:
documentInfo
andsignatories
. - Click
Execute
. - Check the response code and message.
^^Request example^^
{
"documentInfo": {
"name": "Contract ABC",
"description": "Please sign the contract"
},
"signatories": [
{
"name": "John Doo Smith",
"email": "john.doo.smith@zynyo.com",
"locale": "en_US",
"authenticationMethods": [
{
"type": "mouse",
"ordernumber": 0
}
],
"priority": "DEFAULT",
"signatoryRole": "SIGN",
"returnUrl": "http://link.to.yourportal/signatory1",
"disableInvitation": true,
"disableStatusChange": true,
"disableEmail": true
}
],
"documentTemplate": {
"documentTemplateUUID": "string"
},
"useTimeStamp": true,
"enableLTV": true,
"separateAuditlog": true,
"disableEmail": true,
"signatureLabel": {
"xcoordinate": 20,
"ycoordinate": 30,
"height": 50,
"width": 220,
"pageIndex": 0
},
"reference": "Document_12345",
"submitter": "john.smith@zynyo.com",
"content": "JVBERi0xLjQNJeLjz9MNCjc4IDAgb2JqDTw8L0xp......E2DQolJUVPRg0K"
}
^^Response example^^
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"signatoryLink": [
{
"sequence": 1,
"email": "john.doo.smith@zynyo.com",
"role": "SIGN",
"signatoryUUID": "1eea3187-e62d-41e7-a5f7-7272c4f50f23",
"documentLink": "https://signingservice.zynyo.com/webapp/sign/1eea3187-e62d-41e7-a5f7-7272c4f50f23"
}
]
}
Send document signing requests for multiple documents at once
SwaggerHub:
- Select
POST /sign/multi/signdocumentrequest
. - Click
Try it out
. - In the body, enter the required parameters:
documentInfo
andsignatories
. - Click
Execute
. - Check the response code and message.
^^Request example^^
{
"documentInfo": {
"name": "Contract ABC",
"description": "Please sign the contract"
},
"signatories": [
{
"name": "John Doo Smith",
"email": "john.doo.smith@zynyo.com",
"locale": "en_US",
"authenticationMethods": [
{
"type: "mouse",
"ordernumber": 0
}
],
"priority": "DEFAULT",
"signatoryRole": "SIGN",
"returnUrl": "http://link.to.yourportal/signatory1",
"disableInvitation": true,
"disableStatusChange": true,
"disableEmail": true
}
],
"documentTemplate": {
"documentTemplateUUID": "string"
},
"useTimeStamp": true,
"enableLTV": true,
"separateAuditlog": true,
"disableEmail": true,
"signatureLabel": {
"xcoordinate": 20,
"ycoordinate": 30,
"height": 50,
"width": 220,
"pageIndex": 0
},
"reference": "Document_12345",
"submitter": "john.smith@zynyo.com",
"content": "JVBERi0xLjQNJeLjz9MNCjc4IDAgb2JqDTw8L0xp......E2DQolJUVPRg0K"
}
^^Response example^^
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"signatoryLink": [
{
"sequence": 1,
"email": "john.doo.smith@zynyo.com",
"role": "SIGN",
"signatoryUUID": "1eea3187-e62d-41e7-a5f7-7272c4f50f23",
"documentLink": "https://signingservice.zynyo.com/webapp/sign/1eea3187-e62d-41e7-a5f7-7272c4f50f23"
}
]
}
Retrieves the list of current documents
SwaggerHub:
- Select
GET /documents/{states}/{startPosition}/{maxResults}
. - Click
Try it out
. - In the body, enter the required path parameters:
states
,startPosition
, andmaxResults
. - Click
Execute
. - Check the response code and message.
^^Response example^^
[
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"name": "Contract ABC",
"description": "Please sign the contract",
"documentState": "PARTIALLY_VALIDATED",
"previousState": "NOT_VALIDATED",
"stateChangedDate": "2020-02-20T13:38:45.314Z",
"signRequest": {
"apiAccountName": "testapikey",
"signingRequested": "2020-02-20T13:38:45.314Z",
"ipAddress": "127.0.0.1",
"separateAuditlog": true,
"disableEmail": true,
"reference": "document 1234",
"submitter": "john.doo.smith@zynyo.com"
},
"signatories": [
{
"name": "John Doo Smith",
"email": "john.doo.smith@zynyo.com",
"locale": "en_US",
"": [
{
"ordernumber": 0
}
],
"priority": "DEFAULT",
"signatoryRole": "SIGN",
"returnUrl": "http://link.to.yourportal/signatory1",
"disableInvitation": true,
"disableStatusChange": true,
"disableEmail": true
}
],
"ltvEnabled": true,
"numberOfPages": 5,
"certificateLabel": {
"xcoordinate": 20,
"ycoordinate": 30,
"height": 50,
"width": 220,
"pageIndex": 0
},
"content": [
"string"
],
"documentTemplate": {
"name": "Rental contract 123 template",
"filename": "contract_123.pdf",
"description": "string",
"documentTemplateUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"maxSignatories": 2,
"templateLabels": [
{
"identifier": "3bfbf6e6-4f28-11ea-b77f-2e728ce88125",
"x": 20,
"y": 30,
"width": 220,
"height": 50,
"minWidth": 60,
"minHeight": 12,
"pageIndex": 0,
"signatoryIndex": 1,
"repeat": true,
"notLastPage": true,
"onlyLastPage": true,
"required": true,
"templateLabelType": "SIGNATURE",
"defaultValue": "John Doo",
"placeholder": "your name",
"characterLimit": 100,
"characterRegex": "[a-zA-Z0-9]",
"listOptions": "Option 1,Option 2,Option 3",
"options": [
"string"
],
"scrollStop": true
}
],
"documentTemplateSource": "BACKOFFICE",
"activeDocumentsCount": 5
},
"auditlogContent": [
"string"
],
"useTimestamp": true,
"rejectReason": "The contract is the wrong version"
}
]
Send document reminder
SwaggerHub:
- Select
POST /sign/sendreminder
. - Click
Try it out
. - In the body, enter the required parameters:
documentUUID
,signatoryEmail
, andreminderType
. - Click
Execute
. - Check the response code and message.
^^Request example^^
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"signatorye-mail": "john.doo.smith@zyny.com",
"reminderType": "email"
}
^^Response example^^
{
"timesSent": 2,
"maxTimesAllowed": 3,
"reminderType": "email"
}
Cancel document
SwaggerHub:
- Select
PUT /sign/canceldocument
. - Click
Try it out
. - Fill the model with your data.
- Click
Execute
. - Check the response code and message.
^^Request example^^
{
"documentUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23"
}
^^Response example^^
{
"message": "Success message"
}
Get signed document
SwaggerHub:
- Select
GET /sign/getsigned/{documentUUID}
. - Click
Try it out
. - Fill the
documentUUID
parameter field with yourdocumentUUID
. - Click
Execute
. - Check the response code and message.
^^Response example^^
{
"documentContent": "JVBERi0xLjQNJeLjz9MNCjc4IDAgb2JqDTw8L0xp......E2DQolJUVPRg0K",
"auditlogContent": "JKJJIioju9khjKJjzKKLSDSIDDAgbJKAJKjlkjos......KOJihjlahsdIKL"
}
Query document templates
SwaggerHub:
- Select
GET /documenttemplates
. - Click
Try it out
. - Click
Execute
. - Check the response code and message.
^^Response example^^
[
{
"name": "Rental contract 123 template",
"filename": "contract_123.pdf",
"description": "string",
"documentTemplateUUID": "3eea8187-e63d-43e7-a1f7-7272c4f50f23",
"maxSignatories": 2,
"templateLabels": [
{
"identifier": "3bfbf6e6-4f28-11ea-b77f-2e728ce88125",
"x": 20,
"y": 30,
"width": 220,
"height": 50,
"minWidth": 60,
"minHeight": 12,
"pageIndex": 0,
"signatoryIndex": 1,
"repeat": true,
"notLastPage": true,
"onlyLastPage": true,
"required": true,
"templateLabelType": "SIGNATURE",
"defaultValue": "John Doo",
"placeholder": "your name",
"characterLimit": 100,
"characterRegex": "[a-zA-Z0-9]",
"listOptions": "Option 1,Option 2,Option 3",
"options": [
"string"
],
"scrollStop": true
}
],
"documentTemplateSource": "BACKOFFICE",
"activeDocumentsCount": 5
}
]
Query e-mails
SwaggerHub:
- Select
GET /emails
. - Click
Try it out
. - Click
Execute
. - Check the response code and message.
^^Response example^^
[
{
"id": 1111,
"externalId": "string",
"added": "2020-02-20T13:46:05.931Z",
"state": "NOT_SEND",
"subject": "Invitation to sign the document",
"to": [
{
"id": 0,
"name": "John Doo Smith",
"address": "john.doo.smith@zynyo.com"
}
],
"html": "<html>...</html>",
"plainText": "Please sign the document, ...",
"errorMessage": "Bounced address",
"attachments": [
{
"id": 0,
"filename": "contract.pdf",
"type": "application/pdf",
"disposition": "inline",
"contents": "..."
}
]
}
]
Mark e-mails as sent
SwaggerHub:
- Select
POST /emails/sent
. - Click
Try it out
. - In the body, enter the id's of the e-mails you want to mark as sent.
- Click
Execute
. - Check the response code and message.
^^Response example^^
[
1111,1112,1113
]
Return codes
Code | Description |
---|---|
200 | Success. |
201 | Created. |
202 | Accepted. |
302 | Found. Link in location header. |
400 | Bad request. |
401 | Unauthorized. |
403 | Forbidden. |
404 | Not found. |
405 | Method not allowed. |
412 | Precondition failed. |
429 | Too many requests. |
500 | Internal server error. |
502 | Bad gateway. |
503 | Service unavailable. |
HTTP response headers
The following tables display the standard response headers that are returned with each API response:
Standard response field name | Description |
---|---|
sunset | This field will be populated with the deprecation details. By default the value is n/a. |
api-version | Indicates the API version you have used. |
quota-interval | Used to specify an integer (for example, 1, 2, 5, 60, and so on) that will be paired with the quota-time-unit you specify (minute, hour, day, week, or month) to determine a time period during which the quota use is calculated. For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours. |
quota-limit | Number of API calls an user can make within a given time period. If this limit is exceeded, the user will be throttled and API requests will fail. |
quota-reset-UTC | All quota times are set to the Coordinated Universal Time (UTC) time zone. |
quota-time-unit | Used to specify the unit of time applicable to the quota. For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours. |
quota-used | Number of API calls made within the quota. |
strict-transport-security | The HTTP Strict-Transport-Security (HSTS) response header lets a website tell browsers that it should only be accessed using HTTPS, instead of using HTTP. All present and future subdomains will be HTTPS for a maximum of 1 year and access is blocked to pages or sub domains that can only be served over HTTP including HSTS preload lists of web browsers. Strict-Transport-Security: max-age=31536000; includeSubDomains; preload. |
Access control field name | Description |
access-control-allow-credentials | Tells browsers whether to expose the response to frontend JavaScript when the request's credentials mode (Request.credentials) is include. When a request's credentials mode (Request.credentials) is include, browsers will only expose the response to frontend JavaScript if the Access-Control-Allow-Credentials value is true. Boolean. |
access-control-allow-origin | Indicates whether the response can be shared with requesting code from the given origin. |
access-control-allow-headers | Used in response to a pre-flight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request. |
access-control-max-age | Indicates how long the results of a pre-flight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached. |
access-control-allow-methods | Indicates which HTTP methods are allowed on a particular endpoint for cross-origin requests.For example: GET, PUT, POST, DELETE. |
content-length | The Content-Length entity header indicates the size of the entity-body, in bytes, sent to the recipient. |
content-type | The Content-Type entity header the client what the content type of the returned content actually is. |