Another part of the PKIsigning API is signing without any user interaction, so called headless
signing. Using this API one or more documents can be send to the PKIsigning API which are
then directly signed and returned. This functionality is really convenient for bulk-signing pdf
or XML documents (e.g. UBL) using an eSeal.
It is not possible to use USB-tokens or any user-related certificates for signing when using
this API call as the login is not linked to a user. Headless signing is normally used with a dedicated
eSeal. This can be configured by the PKIsigning technical team.
For headless signing the authentication flow differs a little from the normal flow for
interactive signing. This is because only client-authentication is necessary. Authentication is
done using the ClientCredential flow of identity server. Based on the supplied clientId and
clientSecret an accesstoken is supplied specifically for the calling application.
Headless signing begins by posting a request as can be found in example 1 to the
/api/signing/signheadless url.
POST /api/signing/signheadless HTTP/1.1 Host: https://api.pkisigning.io Authentication: Bearer kjhafd22323…094alskdfasjasf Content-Type: application/json { "documentsToSign": [ { "filename": "document1.pdf", "contents": "<<base64>>", "placeholders":["Signer1","Signer2"] }, [...] ], "assuranceLevel":"substantial", "signatureFormat":"PadES" }
Code example 1: Initiating headless signing session
The result will be equal to example 2.
HTTP/1.1 200 OK { "id": "<<sessionId>>", "password": "<<encryptionkey>>" }
Code example 2: Start session response
Please note:
a call may consist of multiple pdf documents to be separately signed.
Due to communication with external services for signing, timestamping, validation
and acquiring LTV data, performing a signature can take up to two seconds per
document.Please post to the PKIsigning service on a sequential basis. Setting up multiple threads
to send documents will result in severe performance degradation.