Another part of the PKIsigning API is signing without any user interaction, so called headless
signing. Using this API one or more documents can be send to the PKIsigning API which are
then directly signed and returned. This functionality is really convenient for bulk-signing pdf
or XML documents (e.g. UBL) using an eSeal.
It is not possible to use USB-tokens or any user-related certificates for signing when using
this API call as the login is not linked to a user. The possibility does exist to use a dedicatte
eSeal. This can be configured by the PKIsigning technical team.
For headless signing the authentication flow differs a little from the normal flow for
interactive signing. This is because only client-authentication is necessary. Authentication is
done using the ClientCredential flow of identity server. Based on the supplied clientId and
clientSecret an accesstoken is supplied specifically for the calling application.
Headless signing begins by posting a request as can be found in example 1 to the
/api/signing/signheadless url. The result will be equal to example 4.
Based on the documenttypes and mimetypes, the PKIsigning service will determine the type
of signing to perform.
Please note:
in addition to what is written for interactive signing, a call may consist of multiple pdf
documents to be separately signed.Due to communication with external services for signing, timestamping, validation
and acquiring LTV data, performing a signature can take up to two seconds per
document.Please post to the PKIsigning service on a sequential basis. Setting up multiple threads
to send documents will result in severe performance degradation.