eSignature solutions with European validity, all available in one API
eSignature is the API to automate digital document signing, compliant with the eIDAS regulation and without fixed costs: you only pay for actual usage.
All the knowledge you need
Here you can find some advice to consider to approach this API. If you prefer, we provide code samples, OAS3 documentation, the ability to try the API live via the Swagger UI or import the entire collection into Postman. We also offer a Sandbox environment where you can experiment with all kinds of requests completely free of charge.
Get the token in the appropriate section before you start.
Get your Certificate
Get you first certificate
POST /certificates/namirial-automaticThis endpoint allows you to obtain a new certificate.
The respone will contains a link by the registration authority to verify the identity and generate the certificate.
Once the procedure is complete the user will receive the credentials to sign using the certificate.
Since this could be a one-time operation you may prefer contact our team to get more information or to obtain the certificate manually.
Get a list of owned certificates
GET /certificatesThis endpoint returns a list of certificates. The list can be filtered by state and certificate type.
Get certificate details
GET /certificates/{id}This endpoint returns the details about a certificate.
Make your first E-Signature
Create your first QES Signature
POST /EU-QES_automaticThis endpoint allows you to create a QES Signature using a Massive Automatic Certificate.
Input your document and the certificate credentials to sign the document.
The response will contain the signature details. Take the {id} and...
Download the signed document
GET /signatures/{id}/signedDocumentThe output will be the signed document.
Get a list of signatures
GET /signatures
This endpoint returns a list of signatures. The list can be filtered by state, certificate type, and signature type.
Get signature details
GET /signatures/{id}/{actionType}
This endpoint returns the detail, audit, the signedDocument or the validatedDocument of a signature.
- Oas file url https://console.openapi.com/oas/en/esignature.openapi.json
- Production domain esignature.openapi.com
- Sandbox domain test.esignature.openapi.com
-
Production Scopes 8
- GET esignature.openapi.com/signatures
- POST esignature.openapi.com/EU-QES_automatic
- POST esignature.openapi.com/certificates
- GET esignature.openapi.com/certificates
- POST esignature.openapi.com/EU-QES_otp
- POST esignature.openapi.com/verify
- POST esignature.openapi.com/EU-QES_eseal
- DELETE esignature.openapi.com/signatures
-
Sandbox Scopes 8
- GET test.esignature.openapi.com/signatures
- POST test.esignature.openapi.com/EU-QES_automatic
- POST test.esignature.openapi.com/certificates
- GET test.esignature.openapi.com/certificates
- POST test.esignature.openapi.com/verify
- POST test.esignature.openapi.com/EU-QES_otp
- POST test.esignature.openapi.com/EU-QES_eseal
- DELETE test.esignature.openapi.com/signatures
E-Signature API (1.0.16)
This API is designed to provide a complete set of tools to integrate electronic signature processes into any application.
What you can do with this API:
- purchase and renew physical, remote, otp, or automatic signature certificates
- electronically sign documents according to the main eIDAS standards
- QES (CAdES, PAdES, XAdES, PKCS#1, QTimestamp)
- Remote OTP
- Massive Automatic
- Massive Automatic E-seal
- QES (CAdES, PAdES, XAdES, PKCS#1, QTimestamp)
- verify the validity of a signed document
Get a list of certificates
Get a list of certificates. The list can be filtered by certificateType and state. The available types are: EU-QES_automaticm EU-QES_otp. The available states are: NEW, EXPIRED, and SUSPENDED.
Authorizations:
query Parameters
| certificateType | string Enum: "EU-QES_automatic" "EU-QES_otp" "EU-QES_eseal" Example: certificateType=EU-QES_automatic Type of certificate |
| state | string Enum: "NEW" "EXPIRED" "SUSPENDED" Example: state=NEW State of the certificate |
| skip | integer >= 0 Default: 0 Number of items to skip |
| limit | integer [ 1 .. 100 ] Default: 100 Example: limit=100 Maximum number of items to return (min 1 max 100) |
Responses
Response Schema: application/json
| id | string ID of the certificate |
| certificateOwner | string Name of the certificate owner |
| customReference | string Custom reference for the certificate |
| certificateType | string Enum: "EU-QES_automatic" "EU-QES_otp" Type of certificate |
| createdAt | string Date and time of creation |
| expireAt | string Date and time of certificate expiration |
| state | string Enum: "NEW" "EXPIRED" "SUSPENDED" State of the certificate |
| certificateLink | string <uri> URL to start the certificate attribution procedure |
Request samples
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET"); curl_easy_setopt(hnd, CURLOPT_URL, "https://esignature.openapi.com/certificates?certificateType=SOME_STRING_VALUE&state=SOME_STRING_VALUE&skip=SOME_INTEGER_VALUE&limit=SOME_INTEGER_VALUE"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: Bearer REPLACE_BEARER_TOKEN"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);
Response samples
- 200
- {
- "id": "67af24c5af9b55291406e946",
- "certificateOwner": "John Doe",
- "customReference": "MyCustomReference#123",
- "certificateType": "EU-QES_automatic",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "expireAt": "2025-02-14 11:11:01.892+00:00",
- "state": "NEW",
Get a certificate
Get a certificate by ID. The certificate ID is required to access the service.
Authorizations:
path Parameters
| id required | string Example: 67af24c5af9b55291406e946 ID of the certificate |
Responses
Response Schema: application/json
| id | string ID of the certificate |
| certificateOwner | string Name of the certificate owner |
| customReference | string Custom reference for the certificate |
| certificateType | string Enum: "EU-QES_automatic" "EU-QES_otp" Type of certificate |
| createdAt | string Date and time of creation |
| expireAt | string Date and time of certificate expiration |
| state | string Enum: "NEW" "EXPIRED" "SUSPENDED" State of the certificate |
| certificateLink | string <uri> URL to start the certificate attribution procedure |
object (Callback) This is our standardized OpenAPI callback system. It enables the configuration of parameters for receiving notifications about status updates of asynchronous requests to this endpoint. |
Request samples
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET"); curl_easy_setopt(hnd, CURLOPT_URL, "https://esignature.openapi.com/certificates/67af24c5af9b55291406e946"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: Bearer REPLACE_BEARER_TOKEN"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);
Response samples
- 200
- "id": "67af24c5af9b55291406e946",
- "certificateOwner": "John Doe",
- "customReference": "MyCustomReference#123",
- "certificateType": "EU-QES_automatic",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "expireAt": "2025-02-14 11:11:01.892+00:00",
- "state": "NEW",
- "callback": {
- "method": "POST",
- "field": "data",
- "retry": 3,
- "headers": {
- "session_id": "9834r5fh589494"
- "custom": {
- "my_custom_id": "123456789"
Purchase a Namirial Automatic Certificate
Purchase a Namirial Automatic Certificate. The certificate is valid for one year and can be used to sign documents in CAdES, PAdES, XAdES, and PKCS#1 formats. The procedure returns a certificateLink. It is a one time procedure from the certification autority to qualify the owner of the certificate. Once the procedure is complete the signer will receive
Authorizations:
Request Body schema: application/json
Create a new Namirial Automatic Certificate request by specifying the certificate details.
| certificateOwner | string Name of the certificate owner |
| customReference | string Custom reference for the certificate, usefull for internal tracking |
object (Callback) This is our standardized OpenAPI callback system. It enables the configuration of parameters for receiving notifications about status updates of asynchronous requests to this endpoint. |
Responses
Response Schema: application/json
object | |
| success | boolean Operation success |
| message | string Message |
| error | string or null Error code |
Request samples
- Payload
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
- "certificateOwner": "John Doe",
- "customReference": "MyCustomReference#123",
- "callback": {
- "method": "POST",
- "field": "data",
- "retry": 3,
- "headers": {
- "session_id": "9834r5fh589494"
- "custom": {
- "my_custom_id": "123456789"
Response samples
- 200
- 404
- "data": {
- "id": "67af24c5af9b55291406e946",
- "certificateOwner": "John Doe",
- "customReference": "MyCustomReference#123",
- "certificateType": "EU-QES_automatic",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "success": true,
- "message": "Certificate purchased successfully",
- "error": ""
Purchase a Namirial OTP Certificate
Purchase a Namirial OTP Certificate. The certificate is valid for one year and can be used to sign documents in CAdES, PAdES, XAdES, and PKCS#1 formats.
Authorizations:
Request Body schema: application/json
Create a new Namirial Automatic Certificate request by specifying the certificate details.
| certificateOwner | string Name of the certificate owner |
| customReference | string Custom reference for the certificate, usefull for internal tracking |
object (Callback) This is our standardized OpenAPI callback system. It enables the configuration of parameters for receiving notifications about status updates of asynchronous requests to this endpoint. |
Responses
Response Schema: application/json
object | |
| success | boolean Operation success |
| message | string Message |
| error | string or null Error code |
Request samples
- Payload
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
- "certificateOwner": "John Doe",
- "customReference": "MyCustomReference#123",
- "callback": {
- "method": "POST",
- "field": "data",
- "retry": 3,
- "headers": {
- "session_id": "9834r5fh589494"
- "custom": {
- "my_custom_id": "123456789"
Response samples
- 200
- 404
- "data": {
- "id": "67af24c5af9b55291406e946",
- "certificateOwner": "John Doe",
- "customReference": "MyCustomReference#123",
- "certificateType": "EU-QES_otp",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "success": true,
- "message": "Certificate purchased successfully",
- "error": ""
Get a list of signatures
Get a list of signatures. The list can be filtered by state, certificate type, and signature type. The available states are: WAIT_VALIDATION, WAIT_SIGN, DONE, and ERROR. The available certificate types are: EU-QES_automatic, EU-QES_remote_otp, EU-QES_remote_eseal, EU-QES_disposable_recognition, EU-QES_disposable_spid, EU-QES_mail_otp, and EU-QES_sms_otp. The available signature types are: cades, pades, xades and pkcs1.
Authorizations:
query Parameters
| state | string Enum: "WAIT_VALIDATION" "WAIT_SIGN" "DONE" "ERROR" Example: state=DONE State of the signature |
| certificateType | string Enum: "EU-QES_automatic" "EU-QES_otp" Example: certificateType=EU-QES_automatic Type of certificate |
| signatureType | string Enum: "cades" "pades" "xades" "pkcs1" Example: signatureType=pades Type of the signature |
| skip | integer >= 0 Default: 0 Number of items to skip |
| limit | integer [ 1 .. 100 ] Default: 100 Example: limit=100 Maximum number of items to return (min 1 max 100) |
Responses
Response Schema: application/json
| id | string ID of the signature |
| updatedAt | string Date and time of the last update |
| createdAt | string Date and time of creation |
| documentTitle | string Title of the document |
| certificateType | string Enum: "EU-QES_automatic" "EU-QES_remote_otp" Type of certificate |
| signatureType | string Enum: "cades" "pades" "xades" "pkcs1" Type of the signature |
| state | string Enum: "WAIT_VALIDATION" "WAIT_SIGN" "DONE" "ERROR" State of the signature |
| errorNumber | integer or null Error number |
| errorMessage | string or null Error message |
Request samples
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET"); curl_easy_setopt(hnd, CURLOPT_URL, "https://esignature.openapi.com/signatures?state=SOME_STRING_VALUE&certificateType=SOME_STRING_VALUE&signatureType=SOME_STRING_VALUE&skip=SOME_INTEGER_VALUE&limit=SOME_INTEGER_VALUE"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: Bearer REPLACE_BEARER_TOKEN"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);
Response samples
- 200
- "data": [
- {
- "id": "67af252164f60538280f70f9",
- "errorNumber": null,
- "errorMessage": null,
- "updatedAt": "2025-02-14 11:12:53.699+00:00",
- "createdAt": "2025-02-14 11:12:34.218+00:00",
- "certificateType": "EU-QES_automatic",
- "state": "DONE",
- "signatureType": "pades",
- "documentTitle": "MyDocument Title"
- {
- "id": "67af24c5af9b55291406e946",
- "errorNumber": null,
- "errorMessage": null,
- "updatedAt": "2025-02-14 11:11:01.892+00:00",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "certificateType": "EU-QES_automatic",
- "state": "WAIT_VALIDATION",
- "documentTitle": "MyDocument Title"
- {
- "id": "67af238164f60538280f70f2",
- "errorNumber": null,
- "errorMessage": null,
- "updatedAt": "2025-02-14 11:05:37.691+00:00",
- "createdAt": "2025-02-14 11:05:37.691+00:00",
- "certificateType": "EU-QES_automatic",
- "state": "WAIT_SIGN",
- "signatureType": "pades",
- "documentTitle": "MyDocument Title"
- "success": true,
- "message": "",
- "error": null
Download the signed Document, get the details, audit Trail or the validatedDocument of a signature
Get the detail, audit, the signedDocument or the validatedDocument of a signature.
The signature ID is required to access the service.
The actionType parameter can be used to specify the type of information to retrieve.
The available options are: signedDocument, validatedDocument, audit and detail.
The signedDocument and validatedDocument returns the binary content of the file ready to be donwloaded.
The audit trail is available in multiple format based on the request header Accept value.
The available formats are: application/json, text/plain, text/html, application/pdf.
Authorizations:
path Parameters
| id required | string Example: 67af24c5af9b55291406e946 ID of the signature |
| actionType required | string Default: "" Enum: "detail" "audit" "signedDocument" "validatedDocument" "" Example: detail Type of action to perform, "detail" or leave empty for the signed document info, "signedDocument", "audit" for the audit trail or "validatedDocument" |
Responses
Response Schema:
Request samples
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET"); curl_easy_setopt(hnd, CURLOPT_URL, "https://esignature.openapi.com/signatures/67af24c5af9b55291406e946/detail"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: Bearer REPLACE_BEARER_TOKEN"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);
Response samples
- 200
Create QES Signature using Massive Automatic Certificate
Create a signature procedure from one or more files.
Obtaining the certificate:
To access the service, you need an automatic certificate that can be purchased through the appropriate endpoint "/certificates/namirial-automatic".
Available formats:
The system can sign in CAdES, PAdES, XAdES, and PKCS#1 formats.
If not specified, the system will look for the most suitable format based on the mimeType of the uploaded file.
Input files:
It is possible to upload single and multiple input files both in base64 format and by specifying the resource URL and any authentication parameters.
In the case of uploading multiple files with PAdES signature, they will be merged into a single signed pdf document.
In the case of signing multiple files in CAdES format, a zip file will be generated and signed.
Asynchronous mode, batch processing, callback and detached signature:
For massive signing of large quantities of files, it is possible to upload and sign in asynchronous mode. An authenticated callback system is available to receive updates.
It is also possible to sign the hash of the original file directly and obtain only the "detached" signature file.
Document and data retention in the system:
Signature structured data details and audit trail will be stored in the system for a maximum of 1 year. Signed documents, uploaded documents and validated documents will remain in the system for a maximum of 30 days to allow for downloading. After this period, the documents will be automatically deleted.
Qualified Timestamping available:
A qualified timestamping option is available. There is also an option to use qualified timestamping credentials already in your possession. In this case, the system allows you to specify the authentication URL of the relevant certification authority.
Sandbox:
For testing purposes, you can use the following credentials:
- certificateUsername: "openapiSandboxUsername"
- certificatePassword: "openapiSandboxPassword"
Authorizations:
Request Body schema: application/json
Create a new massive automaitc signature request by specifying the input files and the certificate credentials.
The system can sign in CAdES, PAdES, XAdES, and PKCS#1 formats. If not specified, the system will look for the most suitable format based on the mimeType of the uploaded file.
required | string or string or InputDocumentObject (object) or (Array of strings or strings or InputDocumentObject (object)) (InputDocuments) The input documents to sign, you can specify:
Notes on the hash of the file: This example show how create the hash of the file and encoding it in base64: bash openssl dgst -sha256 -binary FILE_TO_BE_SIGN | openssl enc -a The output will be something like this: "msj3f4hJCSELbMkWjkFwNrf0XhkebTnAKaKhx4686DY=" The system will guess if the base64 string is a hash or a file, if the string is a hash (SHA256==CHAR(32)) the system will sign the hash of the original file. To override this guessing beaviour you can use the sourceType field in the InputDocumentObject schema. |
| certificateUsername required | string Username for the certificate, must be used the Device name you received. It starts with: RHI (/EU-QES_otp), SHI (/EU-QES_eseal) or AHI (/EU-QES_automatic) |
| certificatePassword required | string Password for the certificate, must be used the PIN associated to device name (can be set by the customer or read into blind envelope) |
| certificateOtp | string VALID ONLY FOR /EU-QES_otp endpoint, is REQUIRED and is obtainable using the relative otp app from the certification authority |
| certificateIdOtp | integer VALID ONLY FOR /EU-QES_otp endpoint, is Optional and is used in the case more than one otp is set on the certification authority app. You can find it on the top right section of the otp app |
| title | string Title of the signature |
| description | string Description of the signature |
| signatureType | string Enum: "cades" "pades" "xades" "pkcs1" Type of the signature. Could be cades, pades, xades, pkcs1 |
object Additional options for the signature. The available options depend on the signatureType:
| |
object (Callback) This is our standardized OpenAPI callback system. It enables the configuration of parameters for receiving notifications about status updates of asynchronous requests to this endpoint. |
Responses
Response Schema: application/json
required | string or string or InputDocumentObject (object) or (Array of strings or strings or InputDocumentObject (object)) (InputDocuments) The input documents to sign, you can specify:
Notes on the hash of the file: This example show how create the hash of the file and encoding it in base64: bash openssl dgst -sha256 -binary FILE_TO_BE_SIGN | openssl enc -a The output will be something like this: "msj3f4hJCSELbMkWjkFwNrf0XhkebTnAKaKhx4686DY=" The system will guess if the base64 string is a hash or a file, if the string is a hash (SHA256==CHAR(32)) the system will sign the hash of the original file. To override this guessing beaviour you can use the sourceType field in the InputDocumentObject schema. |
| certificateUsername required | string Username for the certificate, must be used the Device name you received. It starts with: RHI (/EU-QES_otp), SHI (/EU-QES_eseal) or AHI (/EU-QES_automatic) |
| certificatePassword required | string Password for the certificate, must be used the PIN associated to device name (can be set by the customer or read into blind envelope) |
| certificateOtp | string VALID ONLY FOR /EU-QES_otp endpoint, is REQUIRED and is obtainable using the relative otp app from the certification authority |
| certificateIdOtp | integer VALID ONLY FOR /EU-QES_otp endpoint, is Optional and is used in the case more than one otp is set on the certification authority app. You can find it on the top right section of the otp app |
| title | string Title of the signature |
| description | string Description of the signature |
| signatureType | string Enum: "cades" "pades" "xades" "pkcs1" Type of the signature. Could be cades, pades, xades, pkcs1 |
object Additional options for the signature. The available options depend on the signatureType:
| |
object (Callback) This is our standardized OpenAPI callback system. It enables the configuration of parameters for receiving notifications about status updates of asynchronous requests to this endpoint. |
Callbacks
Request samples
- Payload
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
- "inputDocuments": [
- {
- "sourceType": "base64",
- "payload": "BASE64string"
- "certificateUsername": "openapiSandboxUsername",
- "certificatePassword": "openapiSandboxPassword",
- "title": "CAdES Signature",
- "description": "CAdES signature of a base64 file",
- "signatureType": "cades"
Response samples
- 200
- "data": {
- "id": "67af24c5af9b55291406e946",
- "updatedAt": "2025-02-14 11:11:01.892+00:00",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "certificateType": "EU-QES_automatic",
- "state": "WAIT_VALIDATION",
- "options": {
- "asyncDocumentsValidation": true,
- "asyncSignature": false
- "document": { }
- "message": "Created",
- "success": true,
- "error": null
Callback payload samples
- "data": {
- "id": "67af24c5af9b55291406e946",
- "updatedAt": "2025-02-14 11:11:01.892+00:00",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "certificateType": "EU-QES_automatic",
- "signatureType": "pades",
- "state": "DONE",
- "options": {
- "asyncDocumentsValidation": true,
- "asyncSignature": false,
- "level": "B",
- "hashAlgorithm": "SHA256",
- "encryptInAnyCase": false,
- "page": 1,
- "withSignatureField": false
- "errorNumber": 0,
- "errorMessage": "Wrong Certificate Credentials",
- "document": {
- "title": "MyDocument Title",
- "description": "",
- "inputDocuments": [
- {
- "sourceType": "base64",
- "createdAt": "2025-02-14 11:12:33.819+00:00",
- "mimetype": "application/pdf",
- "extension": "pdf",
- "size": 339,
- "id": "67af252164f60538280f70fb",
- "md5": "694be78a9eaa52d602bec92e211fa5dc",
- "name": "694be78a9eaa52d602bec92e211fa5dc.pdf"
- "validatedDocument": {
- "mimetype": "application/pdf",
- "extension": "pdf",
- "size": 339,
- "createdAt": "2025-02-14 11:12:33.819+00:00",
- "id": "67af252164f60538280f70fb",
- "md5": "694be78a9eaa52d602bec92e211fa5dc",
- "name": "694be78a9eaa52d602bec92e211fa5dc.pdf"
- "signedDocument": {
- "createdAt": "2025-02-14 11:12:34.229+00:00",
- "mimetype": "application/pdf",
- "extension": "pdf",
- "size": 50133,
- "id": "67af252264f60538280f70fe",
- "md5": "363cfdb141fe0e1a3f598e1d6377a4f5",
- "name": "67af252164f60538280f70f9.pdf"
- "custom": {
- "key": "value"
Create QES Signature using Remote OTP Certificate
Create a signature procedure from one or more files.
Obtaining the certificate:
To access the service, you need an automatic certificate that can be purchased through the appropriate endpoint /certificates/namirial-otp.
Available formats:
The system can sign in CAdES, PAdES, XAdES, and PKCS#1 formats.
If not specified, the system will look for the most suitable format based on the mimeType of the uploaded file.
Input files:
It is possible to upload single and multiple input files both in base64 format and by specifying the resource URL and any authentication parameters.
In the case of uploading multiple files with PAdES signature, they will be merged into a single signed pdf document.
In the case of signing multiple files in CAdES format, a zip file will be generated and signed.
Asynchronous mode, batch processing, callback and detached signature:
For massive signing of large quantities of files, it is possible to upload and sign in asynchronous mode. An authenticated callback system is available to receive updates.
It is also possible to sign the hash of the original file directly and obtain only the "detached" signature file.
Document and data retention in the system:
Signature structured data details and audit trail will be stored in the system for a maximum of 1 year. Signed documents, uploaded documents and validated documents will remain in the system for a maximum of 30 days to allow for downloading. After this period, the documents will be automatically deleted.
Qualified Timestamping available:
A qualified timestamping option is available. There is also an option to use qualified timestamping credentials already in your possession. In this case, the system allows you to specify the authentication URL of the relevant certification authority.
Sandbox:
For testing purposes, you can use the following credentials:
- certificateUsername: "openapiSandboxUsername"
- certificatePassword: "openapiSandboxPassword"
Authorizations:
Request Body schema: application/json
Create a new massive automaitc signature request by specifying the input files and the certificate credentials.
The system can sign in CAdES, PAdES, XAdES, and PKCS#1 formats. If not specified, the system will look for the most suitable format based on the mimeType of the uploaded file.
required | string or string or InputDocumentObject (object) or (Array of strings or strings or InputDocumentObject (object)) (InputDocuments) The input documents to sign, you can specify:
Notes on the hash of the file: This example show how create the hash of the file and encoding it in base64: bash openssl dgst -sha256 -binary FILE_TO_BE_SIGN | openssl enc -a The output will be something like this: "msj3f4hJCSELbMkWjkFwNrf0XhkebTnAKaKhx4686DY=" The system will guess if the base64 string is a hash or a file, if the string is a hash (SHA256==CHAR(32)) the system will sign the hash of the original file. To override this guessing beaviour you can use the sourceType field in the InputDocumentObject schema. |
| certificateUsername required | string Username for the certificate, must be used the Device name you received. It starts with: RHI (/EU-QES_otp), SHI (/EU-QES_eseal) or AHI (/EU-QES_automatic) |
| certificatePassword required | string Password for the certificate, must be used the PIN associated to device name (can be set by the customer or read into blind envelope) |
| certificateOtp | string VALID ONLY FOR /EU-QES_otp endpoint, is REQUIRED and is obtainable using the relative otp app from the certification authority |
| certificateIdOtp | integer VALID ONLY FOR /EU-QES_otp endpoint, is Optional and is used in the case more than one otp is set on the certification authority app. You can find it on the top right section of the otp app |
| title | string Title of the signature |
| description | string Description of the signature |
| signatureType | string Enum: "cades" "pades" "xades" "pkcs1" Type of the signature. Could be cades, pades, xades, pkcs1 |
object Additional options for the signature. The available options depend on the signatureType:
| |
object (Callback) This is our standardized OpenAPI callback system. It enables the configuration of parameters for receiving notifications about status updates of asynchronous requests to this endpoint. |
Responses
Response Schema: application/json
required | string or string or InputDocumentObject (object) or (Array of strings or strings or InputDocumentObject (object)) (InputDocuments) The input documents to sign, you can specify:
Notes on the hash of the file: This example show how create the hash of the file and encoding it in base64: bash openssl dgst -sha256 -binary FILE_TO_BE_SIGN | openssl enc -a The output will be something like this: "msj3f4hJCSELbMkWjkFwNrf0XhkebTnAKaKhx4686DY=" The system will guess if the base64 string is a hash or a file, if the string is a hash (SHA256==CHAR(32)) the system will sign the hash of the original file. To override this guessing beaviour you can use the sourceType field in the InputDocumentObject schema. |
| certificateUsername required | string Username for the certificate, must be used the Device name you received. It starts with: RHI (/EU-QES_otp), SHI (/EU-QES_eseal) or AHI (/EU-QES_automatic) |
| certificatePassword required | string Password for the certificate, must be used the PIN associated to device name (can be set by the customer or read into blind envelope) |
| certificateOtp | string VALID ONLY FOR /EU-QES_otp endpoint, is REQUIRED and is obtainable using the relative otp app from the certification authority |
| certificateIdOtp | integer VALID ONLY FOR /EU-QES_otp endpoint, is Optional and is used in the case more than one otp is set on the certification authority app. You can find it on the top right section of the otp app |
| title | string Title of the signature |
| description | string Description of the signature |
| signatureType | string Enum: "cades" "pades" "xades" "pkcs1" Type of the signature. Could be cades, pades, xades, pkcs1 |
object Additional options for the signature. The available options depend on the signatureType:
| |
object (Callback) This is our standardized OpenAPI callback system. It enables the configuration of parameters for receiving notifications about status updates of asynchronous requests to this endpoint. |
Callbacks
Request samples
- Payload
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
- "inputDocuments": [
- {
- "sourceType": "base64",
- "payload": "BASE64string"
- "certificateUsername": "openapiSandboxUsername",
- "certificatePassword": "openapiSandboxPassword",
- "certificateOtp": "123456",
- "certificateIdOtp": -1,
- "title": "CAdES Signature",
- "description": "CAdES signature of a base64 file",
- "signatureType": "cades"
Response samples
- 200
- "data": {
- "id": "67af24c5af9b55291406e946",
- "updatedAt": "2025-02-14 11:11:01.892+00:00",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "certificateType": "EU-QES_automatic",
- "state": "WAIT_VALIDATION",
- "options": {
- "asyncDocumentsValidation": true,
- "asyncSignature": false
- "document": { }
- "message": "Created",
- "success": true,
- "error": null
Callback payload samples
- "data": {
- "id": "67af24c5af9b55291406e946",
- "updatedAt": "2025-02-14 11:11:01.892+00:00",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "certificateType": "EU-QES_automatic",
- "signatureType": "pades",
- "state": "DONE",
- "options": {
- "asyncDocumentsValidation": true,
- "asyncSignature": false,
- "level": "B",
- "hashAlgorithm": "SHA256",
- "encryptInAnyCase": false,
- "page": 1,
- "withSignatureField": false
- "errorNumber": 0,
- "errorMessage": "Wrong Certificate Credentials",
- "document": {
- "title": "MyDocument Title",
- "description": "",
- "inputDocuments": [
- {
- "sourceType": "base64",
- "createdAt": "2025-02-14 11:12:33.819+00:00",
- "mimetype": "application/pdf",
- "extension": "pdf",
- "size": 339,
- "id": "67af252164f60538280f70fb",
- "md5": "694be78a9eaa52d602bec92e211fa5dc",
- "name": "694be78a9eaa52d602bec92e211fa5dc.pdf"
- "validatedDocument": {
- "mimetype": "application/pdf",
- "extension": "pdf",
- "size": 339,
- "createdAt": "2025-02-14 11:12:33.819+00:00",
- "id": "67af252164f60538280f70fb",
- "md5": "694be78a9eaa52d602bec92e211fa5dc",
- "name": "694be78a9eaa52d602bec92e211fa5dc.pdf"
- "signedDocument": {
- "createdAt": "2025-02-14 11:12:34.229+00:00",
- "mimetype": "application/pdf",
- "extension": "pdf",
- "size": 50133,
- "id": "67af252264f60538280f70fe",
- "md5": "363cfdb141fe0e1a3f598e1d6377a4f5",
- "name": "67af252164f60538280f70f9.pdf"
- "custom": {
- "key": "value"
Create QES Signature using Remote E-seal Certificate
Create a signature procedure from one or more files.
Obtaining the certificate:
To access the service, you need an automatic certificate that can be purchased through Our Customer Support.
Available formats:
The system can sign in CAdES, PAdES, XAdES, and PKCS#1 formats.
If not specified, the system will look for the most suitable format based on the mimeType of the uploaded file.
Input files:
It is possible to upload single and multiple input files both in base64 format and by specifying the resource URL and any authentication parameters.
In the case of uploading multiple files with PAdES signature, they will be merged into a single signed pdf document.
In the case of signing multiple files in CAdES format, a zip file will be generated and signed.
Asynchronous mode, batch processing, callback and detached signature:
For massive signing of large quantities of files, it is possible to upload and sign in asynchronous mode. An authenticated callback system is available to receive updates.
It is also possible to sign the hash of the original file directly and obtain only the "detached" signature file.
Document and data retention in the system:
Signature structured data details and audit trail will be stored in the system for a maximum of 1 year. Signed documents, uploaded documents and validated documents will remain in the system for a maximum of 30 days to allow for downloading. After this period, the documents will be automatically deleted.
Qualified Timestamping available:
A qualified timestamping option is available. There is also an option to use qualified timestamping credentials already in your possession. In this case, the system allows you to specify the authentication URL of the relevant certification authority.
Sandbox:
For testing purposes, you can use the following credentials:
- certificateUsername: "openapiSandboxUsername"
- certificatePassword: "openapiSandboxPassword"
Authorizations:
Request Body schema: application/json
Create a new massive automaitc signature request by specifying the input files and the certificate credentials.
The system can sign in CAdES, PAdES, XAdES, and PKCS#1 formats. If not specified, the system will look for the most suitable format based on the mimeType of the uploaded file.
required | string or string or InputDocumentObject (object) or (Array of strings or strings or InputDocumentObject (object)) (InputDocuments) The input documents to sign, you can specify:
Notes on the hash of the file: This example show how create the hash of the file and encoding it in base64: bash openssl dgst -sha256 -binary FILE_TO_BE_SIGN | openssl enc -a The output will be something like this: "msj3f4hJCSELbMkWjkFwNrf0XhkebTnAKaKhx4686DY=" The system will guess if the base64 string is a hash or a file, if the string is a hash (SHA256==CHAR(32)) the system will sign the hash of the original file. To override this guessing beaviour you can use the sourceType field in the InputDocumentObject schema. |
| certificateUsername required | string Username for the certificate, must be used the Device name you received. It starts with: RHI (/EU-QES_otp), SHI (/EU-QES_eseal) or AHI (/EU-QES_automatic) |
| certificatePassword required | string Password for the certificate, must be used the PIN associated to device name (can be set by the customer or read into blind envelope) |
| certificateOtp | string VALID ONLY FOR /EU-QES_otp endpoint, is REQUIRED and is obtainable using the relative otp app from the certification authority |
| certificateIdOtp | integer VALID ONLY FOR /EU-QES_otp endpoint, is Optional and is used in the case more than one otp is set on the certification authority app. You can find it on the top right section of the otp app |
| title | string Title of the signature |
| description | string Description of the signature |
| signatureType | string Enum: "cades" "pades" "xades" "pkcs1" Type of the signature. Could be cades, pades, xades, pkcs1 |
object Additional options for the signature. The available options depend on the signatureType:
| |
object (Callback) This is our standardized OpenAPI callback system. It enables the configuration of parameters for receiving notifications about status updates of asynchronous requests to this endpoint. |
Responses
Response Schema: application/json
required | string or string or InputDocumentObject (object) or (Array of strings or strings or InputDocumentObject (object)) (InputDocuments) The input documents to sign, you can specify:
Notes on the hash of the file: This example show how create the hash of the file and encoding it in base64: bash openssl dgst -sha256 -binary FILE_TO_BE_SIGN | openssl enc -a The output will be something like this: "msj3f4hJCSELbMkWjkFwNrf0XhkebTnAKaKhx4686DY=" The system will guess if the base64 string is a hash or a file, if the string is a hash (SHA256==CHAR(32)) the system will sign the hash of the original file. To override this guessing beaviour you can use the sourceType field in the InputDocumentObject schema. |
| certificateUsername required | string Username for the certificate, must be used the Device name you received. It starts with: RHI (/EU-QES_otp), SHI (/EU-QES_eseal) or AHI (/EU-QES_automatic) |
| certificatePassword required | string Password for the certificate, must be used the PIN associated to device name (can be set by the customer or read into blind envelope) |
| certificateOtp | string VALID ONLY FOR /EU-QES_otp endpoint, is REQUIRED and is obtainable using the relative otp app from the certification authority |
| certificateIdOtp | integer VALID ONLY FOR /EU-QES_otp endpoint, is Optional and is used in the case more than one otp is set on the certification authority app. You can find it on the top right section of the otp app |
| title | string Title of the signature |
| description | string Description of the signature |
| signatureType | string Enum: "cades" "pades" "xades" "pkcs1" Type of the signature. Could be cades, pades, xades, pkcs1 |
object Additional options for the signature. The available options depend on the signatureType:
| |
object (Callback) This is our standardized OpenAPI callback system. It enables the configuration of parameters for receiving notifications about status updates of asynchronous requests to this endpoint. |
Callbacks
Request samples
- Payload
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
- "inputDocuments": [
- {
- "sourceType": "base64",
- "payload": "BASE64string"
- "certificateUsername": "openapiSandboxUsername",
- "certificatePassword": "openapiSandboxPassword",
- "title": "CAdES Signature",
- "description": "CAdES signature of a base64 file",
- "signatureType": "cades"
Response samples
- 200
- "data": {
- "id": "67af24c5af9b55291406e946",
- "updatedAt": "2025-02-14 11:11:01.892+00:00",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "certificateType": "EU-QES_automatic",
- "state": "WAIT_VALIDATION",
- "options": {
- "asyncDocumentsValidation": true,
- "asyncSignature": false
- "document": { }
- "message": "Created",
- "success": true,
- "error": null
Callback payload samples
- "data": {
- "id": "67af24c5af9b55291406e946",
- "updatedAt": "2025-02-14 11:11:01.892+00:00",
- "createdAt": "2025-02-14 11:11:01.892+00:00",
- "certificateType": "EU-QES_automatic",
- "signatureType": "pades",
- "state": "DONE",
- "options": {
- "asyncDocumentsValidation": true,
- "asyncSignature": false,
- "level": "B",
- "hashAlgorithm": "SHA256",
- "encryptInAnyCase": false,
- "page": 1,
- "withSignatureField": false
- "errorNumber": 0,
- "errorMessage": "Wrong Certificate Credentials",
- "document": {
- "title": "MyDocument Title",
- "description": "",
- "inputDocuments": [
- {
- "sourceType": "base64",
- "createdAt": "2025-02-14 11:12:33.819+00:00",
- "mimetype": "application/pdf",
- "extension": "pdf",
- "size": 339,
- "id": "67af252164f60538280f70fb",
- "md5": "694be78a9eaa52d602bec92e211fa5dc",
- "name": "694be78a9eaa52d602bec92e211fa5dc.pdf"
- "validatedDocument": {
- "mimetype": "application/pdf",
- "extension": "pdf",
- "size": 339,
- "createdAt": "2025-02-14 11:12:33.819+00:00",
- "id": "67af252164f60538280f70fb",
- "md5": "694be78a9eaa52d602bec92e211fa5dc",
- "name": "694be78a9eaa52d602bec92e211fa5dc.pdf"
- "signedDocument": {
- "createdAt": "2025-02-14 11:12:34.229+00:00",
- "mimetype": "application/pdf",
- "extension": "pdf",
- "size": 50133,
- "id": "67af252264f60538280f70fe",
- "md5": "363cfdb141fe0e1a3f598e1d6377a4f5",
- "name": "67af252164f60538280f70f9.pdf"
- "custom": {
- "key": "value"
Verify a signature
Verify a signature by uploading the signed document. The system will return the verification result.
Authorizations:
Request Body schema: application/json
Verify a signature by uploading the signed document.
| inputDocument required | string <base64> Signed document |
| detachedContent | string <base64> Detached content |
| pdfEncryptionPassword | string Password for pdf encryption |
| recursive | boolean Recursive verification |
| verifyOnDate | string <date> Date to verify the signature |
Responses
Response Schema: application/json
object Verification result | |
| message | string Message |
| error | string or null Error code |
| success | boolean Operation success |
Request samples
- Payload
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
- "inputDocument": "BASE64string",
- "detachedContent": "BASE64string",
- "pdfEncryptionPassword": "password123",
- "recursive": true,
- "verifyOnDate": "2025-02-14"
Response samples
- 200
- "data": {
- "checkDate": "2025-02-14 11:11:01.892+00:00",
- "verificationDate": "2025-02-14 11:11:01.892+00:00",
- "signatureFormat": "PAdES",
- "nrOfSignatures": 1,
- "overallVerified": true,
- "signatureReportList": [
- {
- "id": "0",
- "integrity": true,
- "signatureAlgorithmName": "SHA256withRSA",
- "subjectDN": "C=IT,SURNAME=ROSSI,GIVENNAME=MARIO,SERIALNUMBER=TINIT-RSSMRA73R02H501H,CN=ROSSI MARIO,DNQ=AUSL2023021972028357",
- "issuerDN": "C=IT,O=Namirial S.p.A./02046570426,OU=Certification Authority,CN=Namirial CA Firma Qualificata",
- "subjectCN": "ROSSI MARIO",
- "issuerCN": "Namirial CA Firma Qualificata",
- "serialNumber": "5557601230250214000",
- "signerCertificateStatus": "VALID",
- "signerCertificateNotBefore": "2025-02-14 11:11:01.892+00:00",
- "signerCertificateNotAfter": "2025-02-14 11:11:01.892+00:00",
- "signerCertificateRevocationDate": "2025-02-14 11:11:01.892+00:00",
- "issuerCertificateStatus": "VALID",
- "issuerCertificateRevocationDate": "2025-02-14 11:11:01.892+00:00",
- "trustedSignatureDate": false,
- "signatureDate": "2025-02-14 11:11:01.892+00:00",
- "issuerTrustedList": true,
- "keySize": 2048,
- "qcComplianceStatus": "VALID",
- "qcSSCDStatus": "VALID",
- "derEncodedSignerCert": "BASE64string"
- "noteReportList": [
- {
- "policy": 3,
- "about": 2,
- "type": 1,
- "synopsis": "Certified qualified in conformity",
- "description": "The qualified certificate of ROSSI MARIO complies with European Directive 1999/93/EC"
- "plainDocument": "BASE64string"
- "message": "Signature is valid",
- "error": "",
- "success": true
Delete the signed Document, the details, audit Trail and the validatedDocument of a signature
Authorizations:
path Parameters
| id required | string Example: 67af24c5af9b55291406e946 ID of the signature |
Responses
Request samples
- C + Libcurl
- Csharp + Restsharp
- Go + Native
- Java + Okhttp
- Java + Unirest
- Javascript + Jquery
- Javascript + Xhr
- Node + Native
- Node + Request
- Node + Unirest
- Objc + Nsurlsession
- Ocaml + Cohttp
- Php + Curl
- Php + Http1
- Php + Http2
- Python + Python3
- Python + Requests
- Ruby + Native
- Shell + Curl
- Shell + Httpie
- Shell + Wget
- Swift + Nsurlsession
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "DELETE"); curl_easy_setopt(hnd, CURLOPT_URL, "https://esignature.openapi.com/signatures/67af24c5af9b55291406e946"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: Bearer REPLACE_BEARER_TOKEN"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);