OTP logo
Powered by Redocly

UANATACA OTP SIGNATURE API DOCUMENTATION (v1)

What it is

OTP signature is a solution to perform remote electronic signatures based on a Uanataca seal. These signatures come alongside with an evidences report available for each process.
Cryptographic operations are done in Uanataca Trusted Service Center side.

How it works

An HTTP RESTful API is exposed directly from Uanataca Trusted Service Center by means of which, business applications are enabled to perform electronic advanced signatures making use of this tool.

For the execution of signature requests, all the data has to be sent along the credentials of the Billing account which will be used to authenticate the user. All the operations are performed in our side and the result will be a document signed by Uanataca which is a Qualified Trusted Service Provider.

OTP Signature generates an audit trail evidence report which reflects every step performed with his belonging information. This audit trail will be obtanaible retrieving the document through an API call or scanning a QR code, this code is directly linked to the evidences and it can be found into the signed document.

Test environment

For testing purposes, Uanataca provides integrators of a pre-configured test-mode accessible at the following URL:


https://otponeshot.demo.bit4id.org

When using our test-mode, you must consider that Billing credentials are required.

Webhook configuration

OTP API has the option of using a Webhook implemented on customer business side to manage its service callbacks. Every request status change will trigger a simple event-notification via HTTP POST, consisting on a JSON object to an URL that must be explicitly included as an optional parameter in the Sign call.

The following is a sample view of the JSON object that is sent as a callback at every status change:

{
    "status": "incomplete",
    "upload_date": "28/06/2022 12:56:20 UTC",
    "returnmethod": "api",
    "signaturetext": "CONTRACT SIGNATURE",
    "graphometric": false,
    "callbackaction": "view_document_by_signer_0",
    "signers": {
        "1": {
            "name": "Second Signer",
            "mobile": "+34666778406",
            "horizontal_position": true,
            "position": "50, 100, 350,165",
            "page": 0,
            "complete": false
        },
        "0": {      
            "name": "First Signer",
            "view_from_mobile": false,
            "mobile": "+34666778406",
            "view_ipaddress": "34.241.214.147",
            "view_date": "28/06/2022 12:56:45 UTC",
            "view_useragent": "Firefox 101.0 / Windows 10",
            "horizontal_position": false,
            "position": "45, 100, 100,350",
            "page": 0,
            "complete": false
        }
    },
    "job": "5e2bec1f-01f5-4fec-9ba6-0e68a4154b7c",
    "sendersms": "ProvSMS",
    "mime": "application/pdf",
    "partner": "Partner SPA",
    "enablehardware": false,
    "size": 129433,
    "enableotp": true,
    "filename": "salida (2).pdf",
    "ext": ".pdf",
    "current_signer": 0,
    "document": "1daeca0437824b09867881c70097e4ac"
}

Where: callbackaction is the step of the request which triggered the information shown.
signers will contain json objects named by numbers as signers in the request
status is the overall status of the request
job is the request unique id.


Sample code

In this sample, every JSON object is stored in a file named 'otp'.

The webhook parameter used in the Sign call is defined as:

{host}/otp

where {host} is the IP or domain from the server exposing the webhook.


Python

import web
import datetime

urls = (
        '/otp, 'otp',
        )

app = web.application(urls, globals())
app = app.wsgifunc()

class video:
    def POST(self):
        data = web.data()
        f = open("status.json",'a+')
        f.write(data)
        f.close()
        return ''

if __name__ == "__main__":
    app.run()

PHP

<?php

//otp.json

$post = file_get_contents('php://input',true);
$file_handle = fopen('/otp/status.json', 'w');
fwrite($file_handle, $post);
fclose($file_handle);

?>

Postman Collection

A postman collection is available as a support for a quick start.
OTP Postman collection download

API Reference

OTP API

A digital signature request contains user identification data and associated documents to be signed.

MethodEndpointAction
GET/helloChecks for server UP status
POST/signCreate a signature process
GET/status/{id}Check information about signature process status
DEL/status/{id}Delete information relative to a process
GET/retrieve/{id}Retrieve the signed file through the id of the process
GET/retrieve/{id}/evidencesRetrieve the evidences document of the process
GET/retrieve/additionals/{id}Retrieve the list of additional documents loaded in the process
GET/retrieve/additional/{id}/{additional}Retrieve an additional document through his id

HELLO

Returns server availability status.

Responses
200

OTP Server is UP

get/api/v1/hello
Request samples 
curl -i -X GET \
  https://otponeshot.demo.bit4id.org/api/v1/hello
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Hello"
}

SIGN

Signature request. Activates file signature for one or more signers.

Request
Request Body schema: multipart/form-data
file
required
string <binary>

Local path of the file to be signed.

⚠ File type in base64 is not accepted
required
object

JSON string object containing signature parameters. One JSON object for each signer is needed.

callback
string

Webhook where signing process log is going to be sent. See description and sample code in Webhooks configuration

graphometric
boolean

Graphic signature activation / deactivation

Enum: true false
enablehardware
boolean

Combined with graphometric, signature through Wacom tablet device is enabled when this parameter is set to true

Enum: true false
returnmethod
string
  • API value returns the document signature link via API
  • SMS value returns an SMS with the signature request link
Enum: "API" "SMS"
enableotp
boolean

OTP verification activation / deactivation

Enum: true false
signaturetext
string

Text line below the signature area

sendersms
string

Name of the SMS sender that will appear as header

billing_username
required
string

Billing account username

billing_password
required
string

Billing account password

Responses
201

The sign request was executed successfully

400

JSON syntax error | Mismatching parameter settings | Invalid billing credentials

post/api/v1/sign
Request samples 
curl --location --request POST 'https://otponeshot.demo.bit4id.org/api/v1/sign' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--form 'file=@"sample_folder/document.pdf"' \
--form 'data="[
{\"name\": \"First Signer\", 
\"mobile\": \"+34888888888\",
\"documents\": [{\"tag\": \"ID Front\", \"format\": \"image\"}, {\"tag\": \"ID Rear\", \"format\": \"image\"}],
\"position\": \"65, 100, 30, 250\",
\"horizontal_position\": true,
\"page\":0
},
{\"name\": \"Second Signer\", 
\"mobile\": \"+34999999999\",
\"documents\": [{\"tag\": \"POA\", \"format\": \"PDF\"}],
\"position\": \"65, 100, 30, 250\",
\"horizontal_position\": true,
\"page\":0
}
]"' \
--form 'callback="http://fse:7777/callback"' \
--form 'graphometric="True"' \
--form 'billing_username="billing_user@domain"' \
--form 'billing_password="z5qNqkfB"' \
--form 'partner="Sample Corp."' \
--form 'returnmethod="API"' \
--form 'enablehardware="False"' \
--form 'enableotp="True"' \
--form 'signaturetext="Signature Test"' \
--form 'sendersms="MySender"'
Response samples
application/json
{
  • "status": "201 Created",
  • "details": {
    }
}

SIGNATURE STATUS

Returns the document signature status in detail for each signer.

Request
path Parameters
id
required
string

The signature request id.

Responses
200

Successful Response

404

Job ID not found

get/api/v1/sign/{id}
Request samples 
curl -i -X GET \
  https://otponeshot.demo.bit4id.org/api/v1/sign/ce5b1044-62d8-4126-a8e0-f499ecdef3df
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

DELETE DATA

Deletes all data associated to a signature process.

Request
path Parameters
id
required
string

The signature request id.

Responses
205

Data deleted successfully

404

Job ID not found

delete/api/v1/sign/{id}
Request samples 
curl -i -X DELETE \
  https://otponeshot.demo.bit4id.org/api/v1/sign/ce5b1044-62d8-4126-a8e0-f499ecdef3df
Response samples
application/json
{
  • "status": "205 Reset Content",
  • "details": "Data deleted"
}

RETRIEVE DOCUMENT

Retrieves the signed document.

Request
path Parameters
id
required
string

The signature request id.

Responses
200

Successful Response

404

Invalid job ID

get/api/v1/retrieve/{id}
Request samples 
curl -i -X GET \
  https://otponeshot.demo.bit4id.org/api/v1/retrieve/ce5b1044-62d8-4126-a8e0-f499ecdef3df
Response samples
text/plain
 %PDF-1.7
 %����
 1 0 obj
 <</Type/Catalog/Pages 2 0 R/Lang(es-ES) /StructTreeRoot 10 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>
 endobj


2 0 obj
 <</Type/Pages/Count 1/Kids[ 3 0 R] >>
 endobj


3 0 obj
 <</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>
 endobj
 (...)

RETRIEVE EVIDENCES

Retrieves the document of evidences associated to a signature.

Request
path Parameters
id
required
string

The signature request id.

Responses
200

Successful Response

404

Job ID not found

412

Incomplete signature

get/api/v1/retrieve/{id}/evidences
Request samples 
curl -i -X GET \
  https://otponeshot.demo.bit4id.org/api/v1/retrieve/ce5b1044-62d8-4126-a8e0-f499ecdef3df/evidences
Response samples
text/plain
 %PDF-1.7
 %����
 1 0 obj
 <</Type/Catalog/Pages 2 0 R/Lang(es-ES) /StructTreeRoot 10 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>
 endobj


2 0 obj
 <</Type/Pages/Count 1/Kids[ 3 0 R] >>
 endobj


3 0 obj
 <</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>
 endobj
 (...)

RETRIEVE ADDITIONALS

Returns a list of all associated documents uploaded in the signature process.

Request
path Parameters
id
required
string

The signature request id.

Responses
404

Additional documents not found

get/api/v1/retrieve/additionals/{id}
Request samples 
curl -i -X GET \
  https://otponeshot.demo.bit4id.org/api/v1/retrieve/additionals/ce5b1044-62d8-4126-a8e0-f499ecdef3df
Response samples
application/json
{
  • "status": "404 Not Found",
  • "details": "No additional documents found"
}

RETRIEVE ADDITIONAL DOCUMENT

Retrieves a specific additional file uploaded for signature.

Request
path Parameters
id
required
string

The signature request id.

Responses
200

Successful Response

404

Job ID not found | Additional document not found

get/api/v1/retrieve/additional/{id}
Request samples 
curl -i -X GET \
  https://otponeshot.demo.bit4id.org/api/v1/retrieve/additional/ce5b1044-62d8-4126-a8e0-f499ecdef3df
Response samples
text/plain
 %PDF-1.7
 %����
 1 0 obj
 <</Type/Catalog/Pages 2 0 R/Lang(es-ES) /StructTreeRoot 10 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>
 endobj


2 0 obj
 <</Type/Pages/Count 1/Kids[ 3 0 R] >>
 endobj


3 0 obj
 <</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>
 endobj
 (...)