Digital Signature

You can request the following types of signatures:

• InfoCert Digital and Remote Signatures and respective renewals
• Digital and Remote Aruba Signatures and respective renewals
• Simplified Electronic Signature

Through the Digital Signature API you can also request the activation of the SPID Digital Identity for Private Individuals.

You can check all available signature types and their respective costs via the GET /prodotti endpoint. The product code required to proceed to purchase will also be available in the response.

In order to purchase a digital signature, first locate the code of the device you are interested in via the GET /products endpoint.
Then you can proceed with a request to POST /request/{product_code}.

The parameters to be passed within the body of the request are indicated within the examples in the documentation. For example, for a request for an InfoCert Business Key, the requester's data (first name, last name, email, mobile phone, social security number, date and place of birth and resident address), shipping data and ID data are required.

The response to the request at POST /richiesta/{codice_prodotto} will include all the data indicated, the product and options selected, and above all the request id.

Once this request has been completed, it will be necessary to download the form via the GET /richiesta/{id}/module endpoint and send it filled in together with the identity document. This procedure is not necessary for InfoCert signature renewals.

Simple electronic signatures allow signatures to be placed on any pdf document remotely. It is also possible to allow several parties to sign the same document, either on one page or on several pages.

The signature procedure has legal validity (eIDAS) and is reinforced by sending signatory verification OTPs. At the end of the signing procedure, it will also be possible to request via API both the signed document and the copy of the audit trail. The audit trail is the document that contains all the information that led to the successful signature. In the event of disputes, this file will make it possible to technically reproduce each step of the procedure.  The audit trail contains data on the procedure (id, creation date, sending and expiry), on signatories (name, surname, email, telephone number, IP address) signatory authentication mode (authentication method, message sent and time of validation). The audit trail as per regulations is kept in original for 10 years.

EDF is used for signing e.g. sales contracts, business documents, employment contracts, terms and conditions.

Yes, via the POST /firma_elettronica_ui endpoint you can customise the signature interface, e.g. change colours, add your logo, hide other signatories or allow or disallow downloading of the document. In addition, to complete the signature, you can also set up a redirect link to a web page.

The cost is as low as €0.14 per subscription and €0.70 per individual call.

The cost is calculated not per individual signature, but per number of signatories. In practice, if several signatures need to be affixed to the same document, the total amount is not multiplied by the number of signatures affixed, but by the number of signatories.

The activation and usage data of the signature will be managed differently by the two current Certification Authorities:

• InfoCert: will send the PIN, PUK, and emergency code directly to the applicant completely and through a virtual envelope via email.
• Aruba: the first 4 letters of the PIN and PUK will be available via API when the request is fulfilled in the response to the GET /request/{id} call. The remaining part of the PIN and PUK codes will be sent directly by Aruba to the applicant.

Yes, when the device request is in the 'fulfilled' status, it is possible to access the shipment tracking code (shipping_code) through the GET /request/{id} endpoint, along with many other details.

Identification is required by current regulations under Article 32 of Legislative Decree No. 179 of August 26, 2016. It stipulates that the qualified electronic signature service provider issuing qualified certificates must ensure the identification of the person requesting the certification.

The form available at the GET /richiesta/{id}/modulo endpoint is the certificate issuance request document and is closely linked to the identification process of the applicant required by law for the issuance of the signature.

Indeed, the identification of the individual can be done through:

• Signing the form with authentication by a Public Official
• Digitally signing the form by the applicant with another valid signature registered to them
• Video Recognition (purchasable option)

The PATCH /richiesta/{id} endpoint can be used to send the digitally signed form, which does not need to be sent in paper format as well.

The documentation, in case of authentication by a Italian Public Official, must be sent in original along with a copy of the applicant's ID to the provider's address available in the response to the request made via the GET /richiesta/{id} endpoint.

The Aruba video recognition can only be requested for signatures purchased from the same Openapi account.

The InfoCert foreign remote signature can be requested in the following countries: Austria, Belgium, Czech Republic, Germany, Spain, France, Croatia, Hungary, Italy, Netherlands, Poland, Portugal, Romania, San Marino, Slovakia, Slovenia.

The SPID service makes it possible to request activation of the 1st and 2nd level Personal SPID with OTP via Video Recognition. Service active every day, 24 hours a day.

The response will return a link to the page for the identification and video recognition procedure. Within a few hours, sometimes minutes, of completing the procedure the user will receive an email confirming SPID activation.

You can request SPID activation via a call directly to the GET /spid_personale endpoint.

SPID is valid for two years but does not need to be renewed by the user since, once it has expired, the service is automatically renewed year by year.
Please note that SPID is independently revoked in the event of total inactivity for one year.

The cost is from €9.90 on a subscription basis, €14.20 for single calls.

For all subscription solutions, we suggest you consult the Subscription section.

In the Usage section, at the API level, you can monitor your free and subscription or top-up requests. They are available both graphically (period month and year) and with a textual summary.