LogoLogo
  • Welcome
  • GETTING STARTED
    • SigningHub at a Glance
      • Overview
      • Why SigningHub
      • Signature types
      • Signing methods
      • Mobile signatures
        • How SigningHub works
      • Enterprise management
    • Key Terminologies & Concepts
      • System terminologies
      • System users
      • Service plans
      • Individual vs Enterprise subscriptions
      • Document statuses
  • Registration & Login
    • Account Registration
      • Register a free trial account
      • Register an individual account
      • Register an enterprise account
      • Accept an enterprise user invitation
      • Direct registration
    • Login & Authentication Methods
      • Login through SigningHub ID
      • Login through Microsoft Active Directory
        • Auto Provisioning for Microsoft Active Directory
      • Login through Salesforce
      • Login through Microsoft ADFS
      • Login through Microsoft Office 365
      • Login through LinkedIn
      • Login through Google
      • OTP as a two-factor authentication
      • Login through the SSL client
      • Login through Freja eID
      • Login through Azure Active Directory
        • Auto-Provisioning for Azure Active Directory
      • Corporate logins
      • Login through OIDC
      • Login through OAuth2
      • Login through Azure SAML- based SSO
  • Dashboard & Listing
    • Dashboard
      • GeoIP-based user location
      • Multilingual user interface
    • Document Listing
      • Document interactions
      • Manage custom folders
      • Manage the archive folder
      • Manage shared folders
      • Document actions
        • Sign
        • Bulk sign
        • Bulk share
        • View document
        • Package details
        • Send reminder
        • Workflow details
        • Comments
        • Start a new signing process
        • Recall
        • Evidence report
        • Replicate workflow
        • Download
        • Rename
        • Move to folder
        • Print
        • Delete
      • Search a document
  • Sharing & Signing
    • Document Sharing - A Document Owner's View
      • Sign a new document
      • Add a document
        • Document certification settings
        • Document-related utilities
        • Supported documents
      • Apply a template on your document
      • Configure signing order
      • Add a recipient, electronic seal, and placeholder
      • Configure special privileges
        • Configure recipient permissions
        • Configure document access security
        • Configure workflow reminders
        • Configure email language
        • Configure post processing
      • Configure comments
      • Add data fields
        • Add signature fields
        • Add in-person signature fields
        • Add electronic seal fields
        • Add initials fields
        • Add attachment fields
        • Add form components
        • Configure form filling
        • Add QR Code
        • Add unique identifier
        • Add drop-in comments
      • Add comments
      • Add attachments
        • Make attachments compulsory
      • Append documents
      • Save as template
      • Add email message
      • Change a recipient/placeholder after sharing
    • Document Signing - A Recipient's View
      • Open a pending document
      • Add/download attachments
      • Append documents
      • Recipient permissions
      • Fill in your form components
      • Fill in your form fields
      • Add your initials
      • Add your field attachments
      • Add your in-person signature
      • Agree to the legal notice
      • Add comments
      • Add your signature
        • XML signing
        • Word document signing
        • Electronic seal signing
        • eID Easy signing
        • CSC signing
        • Remote Authorisation Signing (RAS)
        • Signing using Policy OID
        • Local-side signing using T1C Server
        • Local-side signing using ADSS Server
        • Signing based on National ID validation
        • Signing via signature pad
        • Signing behavior w.r.t signature appearance
          • Enterprise subscription
          • Individual subscription
        • OTP authentication
      • Bulk sign fields
      • Add drop-in comments
      • Review a document
      • Update a document
      • Host in-person signing
      • Decline a document
      • View verification details
      • Change a recipient/ placeholder
      • Delegate your signing authority in a workflow
      • QR code scanning
      • Signing flow via API
        • Server-side signing
          • Single document signing
            • ADSS signing
            • RAS signing
            • CSC signing
            • eID Easy signing
          • Bulk document signing
            • ADSS signing
            • RAS signing
            • CSC signing
        • Client-side signing
          • Single document signing
            • T1C signing
            • Go>Sign signing
          • Bulk document signing
            • T1C signing
            • Go>Sign signing
  • Configurations
    • Personal Configurations
      • Set up your SigningHub profile
        • Locale
        • Enterprise
      • Active sessions
      • Authorised devices
      • Two-Factor Authentication (2FA)
      • Security
      • Manage your contacts
        • Import contacts via CSV file
      • Manage your groups
      • Manage your library
        • Manage your library documents
        • Manage your library folders
      • Manage your templates
        • Add a document
          • Configure certified signature
        • Add recipient(s), electronic seal(s) and placeholder(s)
        • Configure workflow type
        • Configure document comments
        • Configure special privileges
          • Configure recipient permissions
          • Configure document access security
          • Configure auto reminders
          • Configure email language
          • Configure post processing
        • Add email message
        • Add data fields
          • Add signature fields
          • Add in-person signature fields
          • Add electronic seal fields
          • Add initials fields
          • Add attachment fields
          • Add form components
          • Configure form filling
          • Add QR Code
        • Read-only templates
      • Manage your legal notices
      • Manage your SmartForms
        • Using SmartForm for response collection
        • Using SmartForm for routing
      • Configure signature settings
      • Enable cloud drives
      • Delegate settings
      • Configure your notifications
        • Configure your email content
      • Optimize your account storage
      • Delete your account
    • Enterprise Configurations
      • Set up your enterprise profile
      • View your enterprise logs
      • Manage your enterprise contacts
        • Import contacts via CSV file
      • Manage your enterprise groups
      • Manage your enterprise users
        • Register an enterprise user
        • Register enterprise users via CSV file
        • Edit Enterprise User Details
        • Reset the password of your enterprise user
        • Reset two factor of your enterprise user
        • View activities of your enterprise users
        • Set service quota of your enterprise use
        • Invite an enterprise user
        • Invite enterprise users via CSV file
        • Pre-authorize users
        • Disable an enterprise user
        • Search an enterprise user
        • Manage signing certificates
      • Manage your user roles
        • Basic information
        • User access preferences
        • Enterprise access preferences
        • Document preferences
        • Template and library document preferences
        • Signature preferences
        • Signature appearance preferences
        • Signing server preferences
      • Manage your enterprise documents
        • View all documents of your enterprise
        • View package details of your enterprise documents
        • View workflow details of your enterprise documents
        • Manage recipients of your enterprise documents
        • Send workflow completion report of an enterprise document
        • Terminate workflow of your enterprise documents
        • Delete your enterprise documents
      • Manage your enterprise library
        • Manage your enterprise library documents
        • Manage your enterprise library folders
      • Manage your enterprise templates
      • Manage enterprise legal notices
      • Manage your electronic seals
      • Document reports
      • Signature reports
      • Electronic seal statistics
      • Advanced reports
      • Brand your enterprise account
        • Primary colour
        • Sidebar navigation
        • Error colour
      • Integrate third party applications
        • Manage third party integrations
        • Assign custom roles to external users
      • Manage certificate filters
      • Configure your enterprise notifications
        • Configure your enterprise email content
      • Configure advanced settings
        • Configure enterprise default settings
        • Delete enterprise account
        • Configure document accessibility preferences
  • Service Plan Management
    • Service Plans and Billing
      • View your service plan & usage statistics
      • View your billing invoice
      • Upgrade your service plan
      • Cancel plan
  • Track & Audit Activities
    • Audit Trail Options
      • View the activity logs
      • View the workflow history
      • View the workflow evidence report
      • View system notifications
Powered by GitBook

© Ascertia Limited 2025

On this page
  • Introduction
  • CSC Signing - Client Credentials Flow
  • How it works?
  • Configure a Connector in SigningHub Admin
  • Configure a Signing Profile in SigningHub Admin
  • Add Signing Profile to a Service Plan in SigningHub Admin
  • Add Signing Server to a User Role in SigningHub Web
  • Specify the CSC User ID against your profile in SigningHub Web
  • Signing
  • Signing via SigningHub Web
  • Signing via API
  • CSC Signing - Authorisation Code Flow
  • How it works?
  • Configure a Connector in SigningHub Admin
  • Configure a Signing Profile in SigningHub Admin
  • Add Signing Profile to a Service Plan in SigningHub Admin
  • Add Signing Server to a User Role in SigningHub Web
  • Signing
  • Signing via SigningHub Web
  • Signing via API

Was this helpful?

Export as PDF
  1. Sharing & Signing
  2. Document Signing - A Recipient's View
  3. Add your signature

CSC signing

Introduction

The Cloud Signature Consortium (CSC) is a standard protocol for cloud-based digital signatures that supports web and mobile applications and complies with the most demanding electronic signature regulations in the world. The goal is to provide a common technical specification that will make solutions interoperable and suitable for uniform adoption in the global market, and to meet the highest level requirements of the European Union’s regulation on Identification and Trust Services (eIDAS). SigningHub supports the Cloud Signature Consortium (CSC) API protocol, this enables customers to leverage Remote Signing Service Providers (RSSP) for signing documents. Support for CSC within SigningHub now means customers can not only use SigningHub with Ascertia ADSS Signing Server but also independently with a CSC compliant RSSP.

SigningHub supports Cloud Signature Consortium (CSC) signing via the following two flows:

  • CSC Signing - Client Credentials Flow

  • CSC Signing - Authorisation Code Flow

CSC Signing - Client Credentials Flow

  • How it works?

  • Configure a Connector in SigningHub Admin

  • Configure a Signing Profile in SigningHub Admin

  • Add Signing Profile to a Service Plan in SigningHub Admin

  • Add Signing Server to a User Role in SigningHub Web

  • Specify the CSC User ID against your profile in SigningHub Web

  • CSC Signing

How it works?

  1. To perform CSC signing, you must configure a CSC connector, in SigningHub Admin.

  2. Configure a signing profile using the connector, in SigningHub Admin.

  3. Configure the signing profile to the service plan, in SigningHub Admin.

  4. Add Signing Server to your enterprise user role that you want to use for CSC signing.

  5. Specify your CSC User ID against your profile.

  6. Sign the document using the CSC Signing Server via SigningHub Web or API.

Configure a Connector in SigningHub Admin

Make the following configurations to a connector in SigningHub Admin:

  1. In the "Basic Information" section, choose "CSC" as the "Provider".

  2. In the "Details" section, choose "Client Credentials" as the "Auth Type".

A call back URL has to be registered with the CSC (Cloud Signature Consortium) signing server. The URL where the user will be redirected after the authorisation process has completed. Here is the format of call back URL: "{DEPLOYMENT_WEB_URL}/CSC/OAuth/CallBack" For example if your SigningHub site is "https://web.signinghub.com" then the Callback URL for SigningHub will be "https://web.signinghub.com/CSC/OAuth/CallBack".

Configure a Signing Profile in SigningHub Admin

Make the following configurations to a signing profile in SigningHub Admin:

  1. Select the CSC Connector created earlier, in the highlighted field below:

Add Signing Profile to a Service Plan in SigningHub Admin

Make the following configurations to the service plan in SigningHub Admin:

  1. In the "Signature" section of the service plan, select and add the earlier configured signing profile, as shown below:

Add Signing Server to a User Role in SigningHub Web

Make the following configurations to a user role in SigningHub Web:

  1. Against your user role, in the "Signing Server Preferences" tab, add the signing server.

Specify the CSC User ID against your profile in SigningHub Web

Make the following configurations to your profile in SigningHub Web:

  1. In your "Profile Information" tab, specify the "Cloud Signature Consortium (CSC) User ID".

Signing

Sign the document using the CSC Signing Server via SigningHub Web or API.

Signing via SigningHub Web

To perform CSC signatures via SigningHub Web, follow the below-mentioned steps:

  1. From the document listing, open a document having the signature field that you want to sign.

  2. Double-click on the signature field and select the CSC Signing Server.

  3. Click the "Sign" button and based on your CSC Signing Server configurations, provide the authorization details for Explicit (PIN/OTP/Both), Implicit or OAuth 2.0 authorization. Once the authorization is complete the document will be signed.

  1. The signing logs are maintained under "User Activity Logs", "Workflow History", and "Workflow Evidence Report".

  2. In case of CSC Signing:

    • Whenever a user clicks on the "Sign Now" button, to sign the document, the document will be locked. While the document is locked, other recipient can not process the document. The document will automatically unlock in case:

      • The signature has been successfully applied.

      • A period of 5 minutes has passed since the document was locked. (If you refresh or kill the browser window after clicking on the "Sign Now" button, the document will unlock after a period of 5 minutes has passed since the document was locked.)

      • Any exception has occurred from SigningHub or the CSC Server.

      • Any cancel action has been performed after clicking the "Sign Now" button.

    • If the package has multiple documents, the locking functionality will only lock the document being signed, and not the whole package.

    • The document locking functionality also works in case of Bulk Signing.

Signing via API

To perform CSC signatures via API, follow the below-mentioned steps:

9. The signature application uses one of the following APIs of the CSC server for revoking access tokens, as per the requirement:

  • 1-Step Sign:

  • 2-Step Sign:

    • Process: Follow the below steps:

CSC Signing - Authorisation Code Flow

  • How it works?

  • Configure a Connector in SigningHub Admin

  • Configure a Signing Profile in SigningHub Admin

  • Add Signing Profile to a Service Plan in SigningHub Admin

  • Add Signing Server to a User Role in SigningHub Web

  • CSC Signing

How it works?

  1. To perform CSC signatures, you must configure a CSC connector, in SigningHub Admin.

  2. Configure a signing profile using the connector, in SigningHub Admin.

  3. Configure the signing profile to the service plan, in SigningHub Admin.

  4. Add Signing Server to your enterprise user role that you want to use for CSC signing.

  5. Sign the document using the CSC Signing Server via SigningHub Web or API.

Configure a Connector in SigningHub Admin

Make the following configurations to a connector in SigningHub Admin:

  1. In the "Basic Information" section, choose "CSC" as the "Provider".

  2. In the "Details" section, choose "Authorization Code" as the "Auth Type".

A call back URL has to be registered with the CSC (Cloud Signature Consortium) signing server. The URL where the user will be redirected after the authorisation process has completed. Here is the format of call back URL: "{DEPLOYMENT_WEB_URL}/CSC/OAuth/CallBack" For example if your SigningHub site is "https://web.signinghub.com" then the Callback URL for SigningHub will be "https://web.signinghub.com/CSC/OAuth/CallBack".

Configure a Signing Profile in SigningHub Admin

Make the following configurations to a signing profile in SigningHub Admin:

  1. Select the CSC Connector created earlier, in the highlighted field below:

Add Signing Profile to a Service Plan in SigningHub Admin

Make the following configurations to the service plan in SigningHub Admin:

  1. In the "Signature" section of the service plan, select and add the earlier configured signing profile, as shown below:

Add Signing Server to a User Role in SigningHub Web

Make the following configurations to a user role in SigningHub Admin:

  1. Against your user role, in the "Singing Server Preferences" tab, add the signing server.

Signing

Sign the document using the CSC Signing Server via SigningHub Web or API.

Signing via SigningHub Web

To perform CSC signatures via SigningHub Web, follow the below-mentioned steps:

  1. From the document listing, open a the document having the signature field that you want to sign.

  2. Click on the signature field, select the CSC Signing Server.

  3. Input the CSC user credentials, provided by the CSC Signing Server.

  4. Click the "Sign" button and based on your CSC Signing Server configurations, provide the authorization details for Explicit (PIN/OTP/Both), Implicit or OAuth 2.0 authorization. Once the authorization is complete the document will be signed.

  1. The signing logs are maintained under "User Activity Logs", "Workflow History", and "Workflow Evidence Report".

  2. In case of CSC Signing:

    • Whenever a user clicks on the "Sign Now" button, to sign the document, the document will be locked. While the document is locked, other recipient can not process the document. The document will automatically unlock in case:

      • The signature has been successfully applied.

      • A period of 5 minutes has passed since the document was locked. (If you refresh or kill the browser window after clicking on the "Sign" button, the document will unlock after a period of 5 minutes has passed since the document was locked.)

      • Any exception has occurred from SigningHub or the CSC Server.

      • Any cancel action has been performed after clicking the "Sign Now" button.

    • If the package has multiple documents, the locking functionality will only lock the document being signed, and not the whole package.

    • The document locking functionality also works in case of Bulk Signing.

Signing via API

To perform CSC signatures via API, follow the below-mentioned steps:

9. The signature application uses one of the following APIs of the CSC server for revoking access tokens, as per the requirement:

  • 1-Step Sign:

  • 2-Step Sign:

    • Process: Follow the below steps:

PreviouseID Easy signingNextRemote Authorisation Signing (RAS)

Last updated 23 days ago

Was this helpful?

1. Use the "" API to get the authentication token of the user who is performing the signatures.

2. The signature application uses the "" API to get the RSSP (Remote Signing Service Provider) information that is needed to perform CSC Signing.

3. The signature application uses the "" API which returns the information about the RSSP (Remote Signing Service Provider) and the list of API methods it has implemented. This method shall be implemented by any RSSP conforming to this specification.

4. The signature application gets the access token using the "" API, Server will itself decide the grant_type (client_credentials / authorization_code) depending on its configurations.

5. The signature application gets the list of credentials associated using the "" API. if the RUT filtration is required this API will filter the credentials as per the RUT values. A user may have one or multiple credentials hosted by a single remote signing service provider.

6. The signature application gets the information on a signing credential, its associated certificate, and a description of the supported authorization mechanism using the "" API.

7. If the "authorization_required" parameter is true, in response to the "" API, the "" API shall be used to get the account_token which will be used to hit the "oauth2/authorize" CSC Server endpoint.

8. Use the "" API to get the hash of the document.

7. The signature application can use any one of the following API for authorization of credential ID, based on the response of the "" API of the CSC server:

"" API to start the online OTP mechanism associated with a credential ID for Explicit (OTP) authorization.

"" API to authorize access to the credential ID for signing for Explicit (OTP/PIN) or Implicit authorization. The SAD received in response shall be used in the "" API request.

"oauth2/authorize" API to initiate an OAuth 2.0 authorization flow for the OAuth 2.0 authorization. The authorization is returned in the form of an authorization code, which the signature application shall then use to obtain the SAD via "" API. The SAD received in response shall be used in the "" API request.

8. Use the "" API to embed signatures in the document.

"" API to revoke the service access token or refresh token.

"" API to revoke an OAuth 2.0 access token or refresh token.

The CSC Signing process can be a one-step or two-step operation, depending on the SCAL value returned by the "" API response. The distinction lies in how the document hash is calculated and how the signature is embedded.

Condition: If SCAL is 1 in the "" API response, the signature application does not need to call the "" API to calculate the document hash.

Process: The application simply collects the necessary data to call the "" API. This API will automatically calculate the document hash, sign it using the CSC server, and embed the signature directly into the document.

Condition: If SCAL is 2 in the "" API response.

First, the signature application must call the "" API to retrieve the document’s hash.

Next, the application must call the "" API to embed the signature into the document.

1. Use the "" API to get the authentication token of the user who is performing the signatures.

2. The signature application uses the "" API to get the RSSP (Remote Signing Service Provider) information that is needed to perform CSC Signing.

3. The signature application uses the "" API which returns the information about the RSSP (Remote Signing Service Provider) and the list of API methods it has implemented. This method shall be implemented by any RSSP conforming to this specification.

4. If the "authorization_required" parameter is true, in response to the "" API, the "" API shall be used to get the account_token which will be used to hit the "oauth2/authorize" endpoint.

4. The signature application requests authorization for the user to access the RSSP resources using the "oauth2/authorize" API of the CSC server. The authorization is returned in the form of an authorization code, which the signature application shall then use to obtain an access token with "service" as scope. To get the access token call the "" SigningHub API to get the Bearer/SAD token.

5. The signature application gets the list of credentials associated using the "" API. if the RUT filtration is required this API will filter the credentials as per the RUT values. A user may have one or multiple credentials hosted by a single remote signing service provider.

6. The signature application gets the information on a signing credential, its associated certificate, and a description of the supported authorization mechanism using the "" API.

7. If the "authorization_required" parameter is true, in response to the "" API, the "" API shall be used to get the account_token which will be used to hit the "oauth2/authorize" CSC Server endpoint.

8. Use the "" API to get the hash of the document.

7. The signature application can use any one of the following API for authorization of credential ID, based on the response of the "" API of the CSC server:

"" API to start the online OTP mechanism associated with a credential ID for Explicit (OTP) authorization.

"" API to authorize access to the credential ID for signing for Explicit (OTP/PIN) or Implicit authorization. The SAD received in response shall be used in the "" API request.

"oauth2/authorize" API to initiate an OAuth 2.0 authorization flow for the OAuth 2.0 authorization. The authorization is returned in the form of an authorization code, which the signature application shall then use to obtain the SAD via "" API. The SAD received in response shall be used in the "" API request.

8. Use the "" API to embed signatures in the document.

"" API to revoke the service access token or refresh token.

"" API to revoke an OAuth 2.0 access token or refresh token.

The CSC Signing process can be a one-step or two-step operation, depending on the SCAL value returned by the "" API response. The distinction lies in how the document hash is calculated and how the signature is embedded.

Condition: If SCAL is 1 in the "" API response, the signature application does not need to call the "" API to calculate the document hash.

Process: The application simply collects the necessary data to call the "" API. This API will automatically calculate the document hash, sign it using the CSC server, and embed the signature directly into the document.

Condition: If SCAL is 2 in the "" API response.

First, the signature application must call the "" API to retrieve the document’s hash.

Next, the application must call the "" API to embed the signature into the document.

Authenticate
Get RSSP Information
Get RSSP Info
Get Access Token | SAD
Get Filtered Credential List
Get Credentials Info
Get RSSP Information
Get Account Token
Get Document Hash
Get Credentials Info
Send OTP via RSSP
RSSP Credentials Authorization
Get Sign Hash from RSSP
Get Access Token | SAD
Get Sign Hash from RSSP
Embed Signature
Revoke Access Token
Revoke OAuth2 Access Token
Get Credentials Info
Get Credentials Info
Get Document Hash
Sign Document via RSSP Directly
Get Credentials Info
Get Document Hash
Embed Signature
Authenticate
Get RSSP Information
Get RSSP Info
Get RSSP Information
Get Account Token
Get Access Token | SAD
Get Filtered Credential List
Get Credentials Info
Get RSSP Information
Get Account Token
Get Document Hash
Get Credentials Info
Send OTP via RSSP
RSSP Credentials Authorization
Get Sign Hash from RSSP
Get Access Token | SAD
Get Sign Hash from RSSP
Embed Signature
Revoke Access Token
Revoke OAuth2 Access Token
Get Credentials Info
Get Credentials Info
Get Document Hash
Sign Document via RSSP Directly
Get Credentials Info
Get Document Hash
Embed Signature