Headless signing (without UI)

Owned by Wim Zoet
Last updated: apr. 16, 2024

Another part of the PKIsigning API is signing without any user interaction, so called headless
signing. Using this API one or more documents can be send to the PKIsigning API which are
then directly signed and returned. This functionality is really convenient for bulk-signing pdf
or XML documents (e.g. UBL) using an eSeal.

It is not possible to use USB-tokens or any user-related certificates for signing when using
this API call as the login is not linked to a user. Headless signing is normally used with a dedicated
eSeal. This can be configured by the PKIsigning technical team.

For headless signing the authentication flow differs a little from the normal flow for
interactive signing. This is because only client-authentication is necessary. Authentication is
done using the ClientCredential flow of identity server. Based on the supplied clientId and
clientSecret an accesstoken is supplied specifically for the calling application.

Headless signing begins by posting a request as can be found in example 1 to the
/api/signing/signheadless url.

POST /api/signing/signheadless HTTP/1.1 Host: https://api.pkisigning.io Authentication: Bearer kjhafd22323…094alskdfasjasf Content-Type: application/json { "documentsToSign": [ { "filename": "document1.pdf", "contents": "<<base64>>", "placeholders":["Signer1","Signer2"] }, [...] ], "assuranceLevel":"substantial", "signatureFormat":"PadES" }

Code example 1: Initiating headless signing session

The result will be equal to example 2.

HTTP/1.1 200 OK { "id": "<<sessionId>>", "password": "<<encryptionkey>>" }

Code example 2: Start session response

 

Please note:

  • a call may consist of multiple pdf documents to be separately signed.

  • Due to communication with external services for signing, timestamping, validation
    and acquiring LTV data, performing a signature can take up to two seconds per
    document.

  • Please post to the PKIsigning service on a sequential basis. Setting up multiple threads
    to send documents will result in severe performance degradation.

Please find a complete swagger definition of our API at https://accengine.pkisigning.io/swagger/index.html?urls.primaryName=Headless

© 2020 PKIsigning, SBRS B.V.