Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
When you receive a document for signing/reviewing/editing/hosting in-person signatures, it is shown with the "Pending" status. You are also notified through an email from SigningHub with the link of the shared document. Since each pending document is associated with a workflow, they are shared with certain exclusive permissions (e.g., printing, downloading, access duration, password protection, etc.) by the respective Document Owner.
Click the "Documents" option in the navigation panel.
From your documents list, locate the pending document to sign, and click the "Sign" button in the information panel. The for signing. (Alternatively, you can skip the above two steps and follow the document link in the notification email that has been sent to you by SigningHub. This will directly for signing.)
as required (optional).
as required (optional).
Use the allowed as required (optional).
Fill in the (if any are configured for you).
Fill in the (if any are configured for you).
Add your (if any are configured for you).
Add your (if any are configured for you).
Add your (if any are configured for you).
Agree to the (if any is added).
Add (if necessary).
As per configuration, add your , and click the "Close" button.
Add (if any).
(if any).
In case you don't agree with the document's content or with any of its clauses, you may refuse signing and decline the document.
If you delete a pending document from your documents list without signing, it is considered declined.
SigningHub embeds fonts, graphics, annotations, and other necessary content within a PDF file to make your documents fully compliant with the PDF/A-1b standard. This content embedding is required by ISO 19005-1 and is usually associated with a document's visual appearance. However, a processed PDF through SigningHub may show non-compliance with the PDF/A-1b standard when a Date field or transparent PNG image rendering is used within the document.
When you receive a document with merging permissions, you can merge other documents with it before signing. The merged documents by you will be fused with the actual document and are automatically signed along with the document signing.
Click on the 'Append' option button appearing in the document viewer header. Alternatively, navigate to the "Pages" tab in the information panel, and click on the 'Append' button.
From the drop-down, select if you'd like to append at the top or bottom.
From the 'Add a document' dialogue box, add the document that you want to append.
Choose "Append at the top" or "Append at the bottom".
Click the 'Add' button. The PDF will be merged with the selected document and displayed accordingly.
When permitted, you can merge PDF documents with the following considerations:
The documents can be merged before signing.
The dimensions of the documents (being merged) should be the same. However, SigningHub allows up to 5 pixels difference.
Opening a pending document is subject to the , as configured for you by the respective . When you try to open a pending document to process:
Either by clicking the "Sign" button, or
By following the document link from your notification email, you could face any/ all/ none of the following viewing restrictions:
When you receive a document with some attachments, you can view and download them as required. You can also fully manage (i.e. add and remove) before signing if it has been permitted to you by the document owner. The attachments added by you will also be available to the next recipients in the workflow, along with other attachments (from the document owner). All these attachments become part of the document hash in the workflow.
Downloading attachments is subject to the following configuration:
The "Allow Download" recipient permission is set against the workflow.
The Artificial Intelligence (AI) tab in the document viewer allows users to apply AI-powered actions to documents to streamline workflows, analyse content, and detect potential issues. Users can simplify content, summarise text, analyse legal implications, and detect inconsistencies or errors within a document.
The AI tab appears as the third tab in the Document Viewer and is available only when the Artificial Intelligence (AI) option is enabled for the user in Recipient Permissions.
The signing process for documents follows a defined order of precedence, prioritizing form fields over initials, initials over in-person signatures, and in-person signatures over signatures. (Form fields > Initials > In-person signatures > Signatures)
Click on the 'Append' option button appearing in the document viewer header. Alternatively, navigate to the "Pages" tab in the information panel, and click on the 'Append' button.
Click the 'Add attachment' option.
From the 'Add attachments' dialogue box, add the attachments.
Click the "Done" button. The uploaded file will be added as an attachment to your document.
Navigate to the "Pages" tab in the information panel.
From the list of documents, expand the document to which an attachment has been added.
From the menu adjacent to the name of the attachment, click on the 'Preview' option.
A recipient will only be able to preview the added attachment if the 'Allow preview of document attachments' option is enabled in the user's recipient settings.
Navigate to the "Pages" tab in the information panel.
From the list of documents, expand the document to which an attachment has been added.
From the menu adjacent to the name of the attachment, click on the 'Download' option.
The attachment file is downloaded to your local Downloads folder.
Navigate to the "Pages" tab in the information panel.
From the list of documents, expand the document to which an attachment has been added.
From the menu adjacent to the name of the attachment, click on the 'Delete' option.
Click on the 'Delete' button to confirm the deletion.
Click the AI tab from the viewer toolbar.
Select the AI option you want to apply.
When prompted, select the page(s) on which you want to apply AI.
Click on the 'Generate' button.
Review the AI-generated response. To regenerate the response, click the 'Regenerate' button.
Simplify Content
Simplify complex text for non-experts and return a structured explanation.
Summarize
Return a short summary of the provided text.
Legal Implications
Analyse legal implications for the provided text.
Error Detection
Detect inconsistencies, contradictions, missing details, and other potential issues in the provided text.
By using Artificial Intelligence (AI) features, you agree that the document content may be securely transmitted to third-party AI service providers for processing. The information will be used solely to provide AI-powered features and will not be shared with unauthorised parties.
There should be no unassigned/ signed signature field in the document being merged.
The merged documents are fused with the actual document and are automatically signed along with the document signing.
In case a document is access duration protected, SigningHub will allow you to open it, in that particular time period only. The document will be inaccessible to you before and after the configured period. Contact the respective document owner if you receive an error message regarding the document access period.
In case a document is password protected, SigningHub will prompt for the password before opening it. Contact the respective document owner if you don't know the password.
In case a document is OTP protected, SigningHub will prompt for the 4, 6, or 9 digit OTP before opening it. The OTP will be sent on your mobile phone or Email based on your service plan. if your mobile number is incorrect on the OTP dialog, contact the respective document owner to change your mobile number. Once OTP is received, enter it in the text field. In case OTP is not received, you may select the option to resend it. You can also choose another method for OTP by selecting 'Switch Method'.
In case a document is TOTP protected, SigningHub will prompt you to enter the Time-based One-Time Password from the authenticator app configured on your mobile device. In case you have not configured two-factor authentication (2FA), upon trying to access a document that requires Time-based One-Time Password, you will be prompted with a 'Configure Two Factor Authentication' dialogue to set up and provide a Time-based One-Time Password. The document will be accessible only upon providing the correct Time-based One-Time Password.
In case a pending document has not been protected by any access security, you can open it without any restriction.
The OTP length is based on your subscribed service plan. SigningHub currently supports 4, 6, and 9-digit OTP.
The OTP retry and expiry times are based on your subscribed service plan.
The OTP method will be as per the configured OTP method in the document owner's service plan.
"(Email)", in case only "Email OTP" is configured in the service plan
"(SMS)", in case only "SMS OTP" is configured in the service plan
The gatekeeper follows the access security permissions that have been configured for the intended recipient and can view documents in read-only mode.
The availability of a Time-based One-Time Password as a document access authentication method is subject to your subscribed service plan.
If the user does not have two-factor authentication (2FA) configured, they will be prompted with a 'Configure Two Factor Authentication' dialogue to set up and provide a Time-based One-Time Password. If the user has already configured two-factor authentication (2FA) they will be prompted to provide the Time-based One-Time Password from the authenticator app configured on their mobile device.
To configure the two-factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The 'Configure Two-Factor Authentication' dialogue shown to the user will contain:
QR Code
Manual Key
To set up two-factor authentication (2FA), the user can either scan the QR code or manually enter the Manual Key into an authenticator app. After successful registration, the user must provide the Time-based One-Time Password (TOTP) generated by the app to proceed in SigningHub. A set of recovery codes is also provided in the configuration dialog, which can be used in place of a TOTP to regain access if the user loses access to their mobile device. Each recovery code is valid for one-time use only, and it is strongly recommended to store them in a secure location. Users can regenerate a new set of recovery codes anytime from the . If an enterprise user loses access to both their mobile device and recovery codes, or has used all of them, they can contact their enterprise administrator to for their account.
Stamp fields are filled by the assigned recipients during the signing workflow. Only the recipients assigned to a particular stamp field can fill it, ensuring proper workflow compliance. Multiple stamps can be filled by a recipient if more than one stamp field is assigned.
Access to enterprise and personal stamps is controlled by your role and the permissions assigned by your Enterprise Admin. Only allowed enterprise stamps, and your personal stamps will appear in the Your Stamps dialogue.
Locate the stamp field assigned to you.
Double-click the field, or select the field and click Apply.
The Your Stamps dialogue will open, displaying:
Allowed enterprise stamps
Your personal stamps
Select the desired stamp to apply it to the field.
Click Preview to show you how the stamp will appear. Click on the tick icon to apply the stamp on the document.
Bulk document signing via server-side processing enables multiple documents to be signed in a single operation, significantly reducing processing time for enterprises dealing with large document volumes. This feature is particularly useful for industries like finance, legal, and corporate contract management, where a standardized signing approach is required. By ensuring uniform signing policies across all documents in a batch, organizations can streamline operations while maintaining compliance. Supported signing methods for server-side bulk document signing including ADSS, RAS, and CSC signing.
The section details the signing behavior of the system with respect to whether the signature appearance and the logo have been configured against a signing server. Breakdown has been given on the basis of the two subscription types; Enterprise subscription, and Individual subscription.
Enterprise Subscription
Individual Subscription
Server-side signing allows documents to be signed automatically on the server without requiring end-user interaction. This method is ideal for automated workflows where signatures are applied based on predefined rules, ensuring efficiency and compliance. Organizations handling large-scale batch signing, automated contract approvals, or enterprise-level document workflows can greatly benefit from this approach. SigningHub supports various signing methods under server-side signing, including ADSS signing, RAS signing, CSC signing, and eID Easy signing for both single and bulk document processing.
Single document signing through server-side processing enables an individual document to be signed automatically via API using server-side certificates. Since the signing process occurs without user intervention, it provides an efficient and secure way for businesses to handle legally binding signatures programmatically. This method enhances security by utilizing server-stored certificates and ensures compliance with digital signature regulations, making it particularly useful for industries requiring automated, high-trust signing solutions. SigningHub supports ADSS, RAS, CSC, and eID Easy signing for single documents.
With single document signing on the client side, users can sign an individual document using their locally stored signing credentials. The process requires user authentication and approval, ensuring a high level of security and legal compliance. Since the private key remains under the user’s control, this method is commonly used for high-trust digital signatures in regulated industries. The ability to manage signing credentials locally provides greater flexibility while maintaining compliance with digital signature standards. SigningHub supports T1C signing and Go>Sign signing for this method.
A legal notice is used to define certain terms and conditions that must be agreed by the signer, before signing. When you receive a document with a legal notice, you will be prompted to agree with it at the time of signing.
.
Click "Go to field" or scroll directly to your assigned signature field.
Double-click the signature field, or single-click and choose the "Sign" option.
The associated legal notice will be displayed in a dialogue box with the "I Agree" and "Cancel" options.
Click "Agree".
SigningHub wont display the signing provision unless you click the "I Agree" button. If you do not agree with the specified legal notice or have got any reservations on its clauses, contact the document owner to update/ remove it.
SigningHub lets the document owner, and the recipients add document comments with in the workflows. The document owner and the recipients can add document comments to a workflow for which the document owner has . Document comments can be added in all modes. i.e. Draft, Pending, In-progress, Signed, Declined, Approved, Submitted, and Completed. Once a document comment is added, depending on whether it is a public comment or a private comment, the users will be notified (via push notifications/on-screen notifications/email notifications) as per their and . In case the user is a document owner, the "When my documents are processed by others" notification setting will be followed. In case the user is a recipient, the "When there are subsequent changes in documents that I received" notification setting will be followed.
When you receive a PDF form document with any , the "Save" option will be listed under the three-dot menu of the document viewer header. The PDF form fields can be related to any information and these fields are displayed in yellow-orange color. Once saved, such information will become the permanent part of the signed PDF document.
When you receive a document with any form components or form fields that have been assigned to you, the "Save" option will be listed under the three-dot menu of the document viewer header. The , are particularly related to your Name, Email, Job title, Company, Date, etc. and these fields are displayed in yellow-orange colour. SigningHub will pick the required information (where applicable) from your system profile and will display it in the respective fields in editable mode. You can change any field value (data) as required. Once saved, such information will become the permanent part of the signed PDF document. Moreover, SigningHub embeds fonts, graphics, annotations, and other necessary content within a PDF file to make your documents fully compliant with the PDF/A-1b standard. This content embedding is required by ISO 19005-1 and is usually associated with a document's visual appearance. However, a processed PDF through SigningHub may show non-compliance with the PDF/A-1b standard when a Date field or transparent PNG image rendering is used in it.
Filling in is almost the same as signing a document, however digital signatures are not embedded in this case. They can be added through freehand drawing, text filling or image upload (the same way a signature is added). When you receive a document with , then you need to fill in all such fields before signing. This is to ensure that you have gone through all the important sections/ pages of the document, where initials fields were configured. Once you are done with your initials, you can sign the document.
SigningHub provides a robust set of APIs that allow seamless integration of electronic signature workflows into applications. The Signing Flow via API enables developers to manage signing operations programmatically, offering flexibility for both server-side and client-side signing approaches.
By using these APIs, organizations can automate document signing workflows, enhance security, and ensure compliance with regulatory standards. The Signing Flow via API is divided into:
Server-side signing: Signatures are applied without requiring user intervention.
SigningHub provides the Delegated Signing facility through which you can assign your signing authority to a trusted person to collaborate in a workflow on your behalf. When you receive a document with the "" permissions, you can replace yourself with another recipient in the workflow. The delegated contact can then process the document on your behalf by using their own private key. The signature field will show the delegated signer name, however, the signature verification dialog will show your name (the actual signer's) along with a "Delegated" caption. If you are a part of any enterprise, and looking to replace yourself (i.e. Delegate other user) or change other configured recipients/ placeholders with a guest user, then you must have the option un-selected in your assigned role.
Each approach supports both single document signing and bulk document signing for streamlined processing.
Click on the 'Comments' button appearing in the information panel, of the document viewer.
Add a comment, and configure the recipient.
Click on the 'Add comment' button to send the comment.
A recipient with a "Send a Copy" role, does not have the option to add document comments.
Document comments are not allowed in "Only Me" workflows.
The document comments feature is only available for PDF and DOC documents and is not available for XML documents.
If a recipient is changed, all the private comments with that particular recipient will be deleted from the system. However, the public comments of that recipient will not be deleted.
For any unseen comments, a counter for the unseen comments will appear against the document comment thread.
Specify the field data as required. You cannot specify data in a field which has been assigned to someone else.
The blank white fields (if any) in a pending document are those, which have not been assigned to any recipient. Such fields can be filled in by any recipient/ placeholder in the workflow.
SigningHub embeds fonts, graphics, annotations, and other necessary content within a PDF file to make your documents fully compliant with the PDF/A-1b standard. This content embedding is required by ISO 19005-1, and is usually associated with a document's visual appearance. However, a processed PDF through SigningHub may show non-compliance with the PDF/A-1b standard, when a Date field or transparent PNG image rendering is used in it.
Fill in the field's data accordingly and click the "Go to field" button to traverse to your next field for data entry. Keep doing so till you reach the last field assigned to you. SigningHub will display the total and traversed counts of your assigned fields accordingly.
You can click the "Go to field" button or you can directly scroll to the field.
The cursor will start blinking in the first yellow-orange colour field (assigned to you), then in the second one, and so on. Where applicable, the system will populate the relevant information in the respective fields, from your SigningHub profile in editable mode. The fields that have been marked as mandatory for you are shown with red asterisks (*). You can not leave any mandatory field blank in the document.
Specify/update the fields' data as required. You cannot specify data in a field which has been assigned to someone else.
Click the three-dot menu on the right of the document viewer header, and select the "Save" option to save the filled-in data. You can edit the field's data, as long as the document is not signed. Once the document is signed, the field data will become a permanent part of the signed PDF document.
When a document (with the assigned form components) is opened, the relevant data (i.e. Name, Email, Job, Company, etc) is automatically populated in the respective fields (editable) from the recipient's profile (i.e. My Settings > Profile). The Date field is always filled with the current date (i.e. Today's date) in editable mode.
The blank white fields (if any) in a pending document are those, which have not been assigned to any recipient. Such fields can be filled in by any recipient/ placeholder in the workflow.
Fill in the field's data accordingly and click the "Next" button to traverse to your next field for data entry. Keep doing so till you reach the last field assigned to you. SigningHub will display the total and traversed counts of your assigned fields accordingly.
If the "Restrict users from editing fields" option is selected in the recipient's role settings, the job title and or company form fields will be disabled, in pending mode, according to the role configuration.
If the "Restrict user from editing fields" option is enabled in the user's role and the user is auto provisioned through Microsoft Active Directory, any mismatch between their job title and or company in Microsoft Active Directory and SigningHub's Personal Configurations will result in the values from Microsoft Active Directory being mapped onto SigningHub, except when the values in Microsoft Active Directory are empty or null.
If the "Restrict users from editing fields" option is enabled in the user's role and the user is provisioned through Azure Active Directory or via SCIM provisioning through Azure Active Directory, any mismatch between their job title and or company in Azure Active Directory and SigningHub's Personal Configurations will result in the values from Azure Active Directory being mapped onto SigningHub, except when the values in Azure Active Directory are empty or null.
The workflow may get stuck if the role restricts editing of the fields, the recipient is a guest or does not have a job title or company name set in their profile, and the job title or company name fields are marked as mandatory by the document owner in the field settings.
You can click the "Go to field" button or you can directly scroll to the field.
Double-click on the field, or single-click and then click the "Sign" option.
A dialogue will appear. Select the initials type (i.e., Text, Hand Draw or Image) and specify your initials accordingly. (If the user chooses the 'Image' option, an initials image can be uploaded. Upon uploading, the user can zoom the image, rotate it, and adjust its transparency as desired. By enabling the Remember image toggle, the same image can be reused for initials application throughout the current session.)
Click Done. The specified initials will be added and displayed on the respective area(s) of the document. The system won't let you sign the document unless you add your initials in all the assigned fields. Also, you cannot fill in the initials fields which have been assigned to someone else.
All the initials fields assigned to you are mandatory to add, so you cannot leave any initials field blank in the document.
Fill in the field's data accordingly and click the "Next" button to traverse to your next field for data entry. Keep doing so till you reach the last field assigned to you. SigningHub will display the total and traversed counts of your assigned fields accordingly.
Signature Pad can only be used to perform initials, only on Desktop Web.
If Signature Pad has been configured as the default initials method and the user tries to sign using native apps or mobile web, the user will not be able to perform initials and will be prompted to update the default initials method in the user's configurations.
Client-side signing enables users to sign documents using locally stored credentials or hardware tokens, ensuring that they have direct control over their digital signatures. Unlike server-side signing, this method requires user interaction and is commonly used for high-assurance signatures, such as qualified electronic signatures. Client-side signing is particularly beneficial when users store their certificates on USB tokens or smart cards, allowing for enhanced security through user authentication before signing. SigningHub supports T1C signing and Go>Sign signing for both single and bulk document workflows.
Bulk document signing on the client side allows users to sign multiple documents in one operation while using their local signing credentials. This method is highly efficient for professionals and organizations that regularly process contracts, agreements, or compliance documents. By reducing manual effort in repetitive signing tasks, client-side bulk signing saves time while ensuring that signing keys remain under user control. This approach is particularly useful for organizations requiring high-assurance digital signatures while maintaining compliance with industry regulations. SigningHub supports T1C signing and Go>Sign signing for client-side bulk document signing.
Click "Delegated" in right panel.
Specify the recipient name in the "Update Delegatee" dialogue and their email will automatically be updated in the next field. In case the recipient is not saved in your SigningHub contacts list, the email field will be enabled to specify the email address of recipient.
Click the "Save changes" button. The document will be removed from your documents list, and moved to the newly configured recipient's account and shown with the "Pending" status.
When you replace yourself with another recipient, you cannot change the pre-configured special privileges (i.e. printing, downloading, adding text, access securities like password, OTP, time duration, etc.) that was initially set by the document owner for you. These settings will be transferred to the new recipient on as is where is basis.
For a document recipient who is a part of any enterprise, and looking to replace themself (i.e. Delegate other user) or change other configured recipients/ placeholders with a guest user, must have the "Restrict Delegated Signing to only registered users" option disabled in their assigned role.
The Delegated Signing option can also be configured for a certain time period, see .
When you receive a document with printing, downloading and adding text permissions, you will see these options available for the document. The text-adding provision lets you add any textual notes to the document before signing. When specified, the added text will become the permanent part of the signed PDF document.
Click the "Documents" option in the navigation panel.
Select the document and click the "Print" button in the information panel.
A provision will appear through which you can set your preferences to print the document.
Click the "Documents" option in the navigation panel.
Select the document and click the "Download" button in the information panel.
.
Click the "Add Text" option listed under the "Fields" section and drop it on the document. In case the "Add Text" option is not listed, you cannot add text to this document because of adding text restrictions.
A blank text field will be added to the document. Drag and drop the text field anywhere in the document by using your mouse.
Delegate will not be allowed to perform any action on the document other than approve/decline.
SigningHub allows you to change the workflow recipients even after sharing the document, provided it is allowed in your role. You can change all those recipients who have not collaborated (signed/ reviewed/ updated/ hosted the in-person signatures) in the workflow yet. Similarly, you can also update the placeholder fields with the actual recipients. When a configured recipient is changed/ replaced with another recipient, all the special privileges configured for the previous recipient will be transferred to the new recipient, along with the predefined workflow role (i.e. signer, reviewer, editor, or meeting host).
Click the "Documents" option, in the navigation panel.
Open an 'In-progress' document, whose recipient you want to change.
Click the 'Details' button in the 'Recipients' tab in the information panel.
The recipients will be shown in an editable mode in the information panel.
Specify the Name, National ID or Mobile Number of the other recipient that is added to your SigningHub contacts list as required, and the email will automatically be updated in the below field.
The shared document will be recalled from the previous recipient's account, and s/he will be notified through an email/SMS by SigningHub.
The newly configured recipient will also be notified through an email/SMS upon their turn in the workflow.
Click the "Documents" option, in the navigation panel.
Open an 'In-progress' document, whose recipient you want to change.
Click the 'Details' button in the 'Recipients' tab in the information panel.
The newly configured recipient will be notified through an email upon their turn in the workflow.
A signer can be replaced with another signer, as far as s/he has not signed the document.
A reviewer can be replaced with another reviewer, as far as s/he has not reviewed the document.
When you receive a document with some attachment fields assigned to you, you can add attachments, as required. After adding an attachment and sharing the document, the attachment field does not become part of the document. When you receive a document with attachment fields assigned to you, then you need to add attachments to these fields, as required by the document owner, before signing. This is to ensure that you have provided all the required attachments that are requested by the document owner. If the attachment field is compulsory, you will only be able to sign the document after you have added an attachment to the attachment field.
Downloading attachments is now bound with downloading a document, which is subject to the following two configurations:
The 'Allow document downloading' recipient permission is set against the workflow.
The "Allow workflow participants to download document only on workflow completion" in the document owner's .
Click the "Go to field" button or scroll to the field.
Single-click and then click the "Upload" option.
A dialogue will appear. Select the document you want to attach.
Only one document can be added against a single attachment field.
Take the cursor to the attachment field for which an attachment has been added.
Click on the field, and select the 'Preview' option.
A dialogue box will appear to preview the attachment.
A recipient will only be able to preview the added attachment if the 'Allow preview of document attachments' option is enabled in the user's recipient settings.
To perform RAS signatures via API using server-side signing, follow the steps mentioned below. These steps outline the necessary API calls and conditions to successfully complete a single document signing operation through the server.
The signatory is identified via the access token provided in the API call, which means authentication is required before initiating the signing process. The access token must be issued directly to the signatory through authentication API.
If modifications are needed before signing, the Fill Form Fields API should be called beforehand. Note that any mandatory input fields must be completed for the signing process to succeed.
To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the API. This API provides details of all available signing servers along with their corresponding levels of assurance.
Signature applications can use API to sign a single document. This API will respond with a "Pending" status if all validations are done. At this point, the server will send the authorization request to the client device.
API will be used to get the status of signing that were processed by the previous API call (repetitive call until status become COMPLETED).
You will get verification object in the response of this API if the request parameter skip_verification is not passed or set to false. (on success)
After the signing process is complete, if the signatory is the final signer, the API must be invoked. Without this step, the document will remain in an "In Progress" state for the owner. Once the API is called, the status updates to "Completed."
Finally, after signing, the API can be used to retrieve the verification response.
SigningHub allows you to post comments (up to 255 characters) in a document workflow to accommodate any extra communication between the stakeholders (i.e. document owner & configured recipients). This may include the approval and declining reasons. The posted comments are maintained separately in the workflow, and will not be part of a completed/ signed PDF document. You can post your comments even after signing the document. Adding comments is subject to your assigned enterprise user role. If you are willing to use this provision, ask your Enterprise Admin to enable it in your Role>Document Settings.
Click on the document comments button to drag and drop the drop-in comment field anywhere on the document. Once a drop-in comment field is dropped, the field will no longer be draggable. The document field is not resizable.
Once the document comment field is dropped, the comment dialogue box will open.
Users can configure if they want to post a public comment or a private comment. By default, "Everyone" is selected for posting a public comment. For a private comment, the user can choose the recipient(s) who can see this comment. Only public document comments will be visible to all the recipients. The private document comment thread will only be visible to the selected recipients.
In the comment field, specify the comment you want to post. You can also choose to mention a recipient by typing "@". The maximum length of the comment is 500 characters.
Click on the "Add comment" button and the document comment will be posted.
The user can reply to a document comment to start a thread.
Click on the drop-in comment to which you want to reply.
A dialogue will appear. Type your reply and click "Reply".
A recipient can post a private comment for the document owner, by selecting the document owner from the "Comments" dialog's drop-down, even if the document owner is not a part of the workflow.
Only those comments will be visible to the recipient, which were added after the recipient was added to the workflow.
Users can scan the QR code from a printed document, the scanner will generate a URL e.g. https://beta.web.signinghub.com/document/27a8095c-6fc4-4888-9b8a-b0a52f2c7eaa which will display a screen with document name and two options "View Document", "Verify Signature".
Scroll down to your page footer and select your desired language from the language drop down. The system interface will change as per the selected language.
is not applicable for QR Code scanned documents.
To perform RAS bulk document signing via API using server-side signing, follow the steps mentioned below. These steps detail the API calls required to sign multiple documents in a single operation through the server.
The signatory is identified via the access token provided in the API call, which means authentication is required before initiating the signing process. The access token must be issued directly to the signatory through authentication API.
If modifications are needed before signing, the Fill Form Fields API should be called beforehand. Note that any mandatory input fields must be completed for the signing process to succeed.
To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the API. This API provides details of all available signing servers along with their corresponding levels of assurance.
The signature application needs to call API. This API executes pre-signing validations for each document package and respectively returns any errors along with the list of tasks that the application needs to perform to complete the signing process.
The signature application needs to call API. This API will sign/sign & share and share multiple documents without displaying the documents to the end user. This API will respond with a "Pending" status. At this point, the server will send the authorization request to the client device.
API will be used to get the status of a specific bulk signing transaction along with the details of document packages that were processed by the previous API call (repetitive call until status becomes COMPLETED).
Finally, after signing, the API can be used to retrieve the verification response.
Hosting in-person signatures on a document is also a part of the document workflow and is used for approval purposes. However, the hosting activity does not involve digital signatures. Being a you need to facilitate the document signing process for the configured in-person signers. Since hosting in-person signatures is a workflow activity, these documents are shared with certain exclusive permissions (e.g., printing, downloading, access duration, password protection, etc.) by the respective .
SigningHub lets you view the verification details of each digital/e-signature/in-person signature performed on your PDF document. The verification details reveal the validity of the signature and display its associated information i.e., reason, location, contact information, local time at which signing was done etc.
To perform Go>Sign signatures via API using client-side signing, follow the steps mentioned below. These steps guide you through the required API calls and user interactions needed to complete the single document signing process on the client side.
The signatory is identified via the access token provided in the API call, which means is required before initiating the signing process. The access token must be issued directly to the signatory through API.
If modifications are needed before signing, the
To perform Go>Sign bulk document signing via API using client-side signing, follow the steps mentioned below. These steps outline the APIs and user actions involved in signing multiple documents directly from the client side.
The signatory is identified via the access token provided in the API call, which means is required before initiating the signing process. The access token must be issued directly to the signatory through API.
If modifications are needed before signing, the
To perform T1C bulk document signing via API using client-side signing, follow the steps mentioned below. These steps outline the APIs and user actions involved in signing multiple documents directly from the client side.
The signatory is identified via the access token provided in the API call, which means is required before initiating the signing process. The access token must be issued directly to the signatory through API.
If modifications are needed before signing, the
To perform ADSS signatures via API using server-side signing, follow the steps mentioned below. These steps outline the necessary API calls and conditions to successfully complete a single document signing operation through the server.
The signatory is identified via the access token provided in the API call, which means is required before initiating the signing process. The access token must be issued directly to the signatory through API.
If modifications are needed before signing, the
To perform T1C signatures via API using client-side signing, follow the steps mentioned below. These steps guide you through the required API calls and user interactions needed to complete the single document signing process on the client side.
The signatory is identified via the access token provided in the API call, which means is required before initiating the signing process. The access token must be issued directly to the signatory through API.
If modifications are needed before signing, the
For the best QR Code scanning experience, use the default size of 120 * 120. The user can decrease or increase the size of the QR Code as per their requirement. In case of a QR Codes lesser in size than 50 * 50, the scanning experience might be affected.
Document
The name of the document what has been scanned.
View Document
By clicking on this button, you will be shown a read-only view of the document.
Verify Signature
By clicking on this button, you will be shown the verification results for all the digital signatures that exist in the document.
To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the Get Signature Settings API. This API provides details of all available signing servers along with their corresponding levels of assurance.
To perform local signing using Go-Sign, the Load Applet API is called to initialize the Go-Sign service. This API returns a script that must be appended to an HTML element.
The script loads Go-Sign.js into the HTML document, enabling multiple functions to retrieve certificate chains.
Once the certificates list is retrieved, the application calls the Pre Local Signing API to obtain data to be signed(D2S) and a transaction ID.
The “GoSign_Process()” method is then triggered automatically to generate the signature and return the signature bytes.
Finally, the obtained signature bytes are placed on ADSS using the transaction ID, and the Post Local Signing API is called to complete the signing process.
After the signing process is complete, if the signatory is the final signer, the Finish Processing API must be invoked. Without this step, the document will remain in an "In Progress" state for the owner. Once the API is called, the status updates to "Completed."
Finally, after signing, the Get Document Verification API can be used to retrieve the verification response.
To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the Get Signature Settings API. This API provides details of all available signing servers along with their corresponding levels of assurance.
The signature application needs to call Bulk Signing Pre Validation API. This API executes pre-signing validations for each document package and respectively returns any errors along with the list of tasks that the application needs to perform to complete the signing process.
To perform local signing using Go-Sign, the Load Applet API is called to initialize the Go-Sign service. This API returns a script that must be appended to an HTML element.
The script loads Go-Sign.js into the HTML document, enabling multiple functions to retrieve certificate chains.
Once the certificate list is retrieved, the application calls the Pre Bulk Local Signing API to initiate the processing of all packages. This API returns a transaction ID along with the signing status and any failed packages.
If the status is Pending the signature application periodically calls Bulk Signing Status API to check the status. Once the Data to be Signed (D2S) for all packages is received, the process continues.
When the D2S array becomes available, Go-Sign calls the “GoSign_SetD2S()” method to set the hash on ADSS, followed by the “GoSign_Process()” method to process the signature and return the signature bytes array.
The list of raw signature bytes, along with their corresponding package IDs is then sent to the Post Bulk Local Signing API to complete the signing process.
Finally, after signing, the Get Document Verification API can be used to retrieve the verification response.
To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the Get Signature Settings API. This API provides details of all available signing servers along with their corresponding levels of assurance.
The signature application needs to call Bulk Signing Pre Validation API. This API executes pre-signing validations for each document package and respectively returns any errors along with the list of tasks that the application needs to perform to complete the signing process.
To run T1C, you must install the utility by downloading the setup using the Download T1c Setup API.
To access T1C APIs for signing, you first need to obtain a token by calling the Get JWT Token API.
The T1C utility reads the card reader (USB token) and returns an array of encoded Base64 certificates along with the certificate ID. To display the certificate CN in the Signing Dialogue Get Certificates Detail API endpoint is used to decode the certificate.
The signature application calls the Pre Bulk Local Signing API to initiate the processing of all packages. This API returns a transaction ID along with the signing status and any failed packages.
If the status is Pending the signature application periodically calls Bulk Signing Status API to check the status. Once the Data to be Signed (D2S) for all packages is received, the process continues.
Once the D2S array is available, the application prompts the user to enter a PIN. Then, for each item in the D2S array, the application sends a signing request to the T1C server, including the PIN and corresponding D2S. The T1C server responds with the raw signature bytes for each document.
The list of raw signature bytes, along with their corresponding package IDs is then sent to the Post Bulk Local Signing API to complete the signing process.
Finally, after signing, the Get Document Verification API can be used to retrieve the verification response.
To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the Get Signature Settings API. This API provides details of all available signing servers along with their corresponding levels of assurance.
If OTP authentication is turned on for the server side signing operation which could be find in the response of Get Signature Settings API, client applications will need to generate an OTP for the mobile number using Signer Authentication via OTP (Users, In-persons, Signers) API call. Respective business applications must retrieve the OTP from the use and submit it when making the Sign Document API call. This is done using the "x-otp" header in the request.
Signature applications can use Sign Document API to sign a single document (both electronic and digital).
You will get verification object in the response of this API if the request parameter skip_verification is not passed or set to false.
After the signing process is complete, if the signatory is the final signer, the Finish Processing API must be invoked. Without this step, the document will remain in an "In Progress" state for the owner. Once the API is called, the status updates to "Completed."
Finally, after signing, the Get Document Verification API can be used to retrieve the verification response.
To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the Get Signature Settings API. This API provides details of all available signing servers along with their corresponding levels of assurance.
To run T1C, you must install the utility by downloading the setup using the Download T1c Setup API.
To access T1C APIs for signing, you first need to obtain a token by calling the Get JWT Token API.
The T1C utility reads the card reader (USB token) and returns an array of encoded Base64 certificates along with the certificate ID. To display the certificate CN in the Signing Dialogue Get Certificates Detail API endpoint is used to decode the certificate.
The signature application calls Pre Local Signing API to get D2S (data to be signed) and transaction ID.
The application prompts the user for a PIN and then sends the PIN along with the D2S in a signing request to the T1C Server. The T1C Server responds with raw signature bytes.
The raw signature bytes received from the T1C server are then sent to the Post Local Signing API to complete the signing process.
After the signing process is complete, if the signatory is the final signer, the Finish Processing API must be invoked. Without this step, the document will remain in an "In Progress" state for the owner. Once the API is called, the status updates to "Completed."
Finally, after signing, the Get Document Verification API can be used to retrieve the verification response.
Specify the Name, National ID or Mobile Number of the placeholder that is added to your SigningHub contacts list as required, and the email will automatically be updated in the below field.
A meeting host can be replaced with another meeting host, as far as s/he has not updated the document.
When you replace a configured recipient with another, you cannot change the pre-configured special privileges (i.e. printing, downloading, adding text, accessing securities like password, OTP, time duration, etc.) of the previous recipient that was initially set by the document owner. These settings will be transferred to the new recipient as it is.
A document recipient who is a part of any enterprise, and looking to replace (i.e. Delegate other users) or change other configured recipients/ placeholders with a guest user, must disable the "Restrict Delegated Signing to only registered users" option in their assigned role
Comments can not be posted for placeholders. However, once a placeholder is replaced by a recipient, comments can be posted for the recipient.
The "Comments" dialogue box is updated every time the document is reopened or the screen is refreshed, as the case may be.
A recipient can post comments even after they have processed (signed/reviewed/edited/hosted In-Person signatures) the document.
In case of a delegated reviewer, any comment posted by the gatekeeper at the time of the document approval will be displayed as a private comment for the original recipient.
For every comment posted, the system sends out an intimation email to the recipients, to whom the comment is visible.
Click the "Documents" option, available in the left menu of the SigningHub screen.
From your documents list, locate the pending document to host in-person signatures, and click the "Sign" button against it. The document will be opened for hosting. Alternatively, you can skip the above two steps and follow the document link in the notification email that has been sent to you by SigningHub. This will directly open the document for hosting in-person signatures.
Add/ download attachments as required (optional).
Merge other PDF files as required (optional).
Use the allowed document permissions as required (optional).
Fill in the form components (if any are configured for you).
Fill in the form fields (if any are configured for you).
Add your initials (if any are configured for you).
Add signing-related comments (if any).
Go to each configured in-person signer one by one, and get their in-person fields signed by them. A dialogue box window will appear with the hosting instructions to facilitate the signing process.
After getting all the in-person signatures, click the "Close" button from the top right of document header.
The document is now signed, and its status will be changed from "Pending" to "Signed" in your documents list. The document owner will also be notified about this action through an email.
In case a legal notice is configured for the meeting host, then each in-person signer will have to agree to it while signing their in-person field.
If you delete a pending document from your documents list without hosting in-person signatures, it is considered as declined.
An invisible signature doesn't have any visible appearance on a document. However it entails all other verifiable characteristics of e-signing, i.e. Time Stamping, Certificate Chain, Certificate Status, etc.
Fill in the field's data accordingly and click the "Go to field" button to traverse to your next field for data entry. Keep doing so till you reach the last field assigned to you. SigningHub will display the total and traversed counts of your assigned fields accordingly.
You cannot host an in-person signature without adding an attachment if a mandatory attachment field has been assigned to you.
If the recipient tries to close the document package without performing all of their required actions, a warning will be displayed, as shown in the figure below:
Click the desired signature and the details will be visible in right panel.
Open the document whose signature you wish to verify.
Click the desired signature and the details will be visible in right panel.
Click "More" for certificate details.
In case a document has an invisible signature, then this information can be found by clicking the button under "Document Verification" from the right panel.
Click "More" for further details.
An invisible signature doesn't have any visible appearance on a document. However, it entails all other verifiable characteristics of e-signing, i.e. Time stamping, Certificate Chain, Certificate Status, etc.
LEI (Legal Entity Identifier) number and LEI role appear on the signature verification dialogue box in SigningHub if the certificate used for signing has these attributes set as an extension.
Signing Reason will be replaced with National ID under signature appearance and verification, if 'Allow user to manage signing reason' is turned off under the user's role, provided that National ID is configured under global settings in SigningHub Admin and the .
Click "Decline" from the right panel.
Specify your declining reason (up to 500 characters), and click the "Decline Now" button. The specified reason will be available to:
The respective document owner in the Workflow History and Workflow Evidence Report.
All the recipients in the comments section, and also in the notification emails of those who have configured emails for subsequent changes in the document.
The document is now declined, and its status will be changed from "Pending" to "Declined" in your documents list. The document owner will be notified about this action through an email, and the document status on their (document owner) end will either be "Declined" or "In-Progress", based on the workflow configurations with which this document was shared.
If you delete a pending document from your documents list without signing/ reviewing/ updating/ hosting, it is also considered as "Declined" in SigningHub.
If the delegated reviewer declines the document, then the intended recipient's turn will also be declined.
SigningHub allows its users to sign Word documents (having the .docx format) containing a signature line. The documents are allowed to retain their original format and are not converted to .pdf. This requires the configuration of a signing profile and a verification profile in ADSS. Configuration of a connector, a signing profile, a verification profile, and a service plan in SigningHub Admin. Once the configurations have been made, create a workflow with a Word document, and share the workflow. After sharing the workflow, sign the document via either SigningHub API or SigningHub Web.
XAdES-X-L, short for "XAdES-X with Long-term Validation Data," is an advanced electronic signature format supported by SigningHub. This signature format aligns with ETSI standards, specifically tailored to meet European requirements for qualified electronic signatures. XAdES-X-L extends the capabilities of XAdES-X signatures by incorporating Long-term Validation Data. This ensures the long-term integrity and availability of validation data associated with the signature.
Configure a signing profile as a prerequisite, in ADSS.
Configure a verification profile, in ADSS.
Configure a connector, in SigningHub Admin.
For Word document signing a signing profile is configured in ADSS Signing Service.
To configure a signing profile for signing a Word document, follow these steps:
In the "Select Signature Type" section, check "PKCS#1" and copy the Profile ID because it would be used in SigningHub Admin. Then click the "Next" button.
In the "Advanced Settings" tab, enable the "Hash Signing Settings", and click the "Save" button.
For signature verification, a verification profile is configured in ADSS Verification Service.
To configure a verification profile, follow these steps:
Copy the Profile ID because it would be used in SigningHub Admin.
SigningHub creates the PKCS#1 signature for using the signing service. In the "Signature Settings" tab, make the following changes:
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "ADSS Server" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a signing profile in SigningHub Admin:
Paste the earlier copied Profile ID, while creating a Signing Profile in the ADSS:
The hashing algorithm for the signing profile in SingingHub, should be the same as the hashing algorithm selected while creating a signing profile in ADSS.
Make the following configurations to a verification profile in SigningHub Admin:
Paste the earlier copied Profile ID, while creating a Verification Profile in the ADSS, in the highlighted field below
Make the following configurations to a service plan in SigningHub Admin:
Select and add the earlier configured Signing Profile and Verification Profile, in a service plan in SigningHub Admin, as shown below:
Make the following configurations to the SigningHub API:
Get the authentication token of a user using the SigningHub API.
Add a document package from the SigningHub API.
Upload the document via stream/base with the document extension .docx. Set the "x-convert-document" to false.
The Word document being uploaded must have the signature line(s) along with the email addresses of the signer(s).
To sign the document via the SigningHub API:
Sign the workflow.
In case of bulk signing, use the below API.
To sign the document via SigningHub Web, follow the steps:
Open the SigningHub Web and open the Word document through the document listing. Click on the signature field and then click "Sign".
After signing the document, you can view "Signature Verification" for details.
The Word document can also be signed via bulk sign, on SigningHub Web.
Word signing is not supported in the Linux environment.
SigningHub provides an efficient, fast, and easy way to sign multiple fields assigned to you, within a single document, in one go. For this, use the "Bulk signing" option to sign your fields through a single-click operation while the document is in a 'Draft' or 'Pending' state. Bulk signing duly works with document signing, reviewing, updating, in-person signing and adding your initials. However, SigningHub does not allow you to sign fields through bulk signing if:
Field-level (OTP or TOTP) authentication has been set to sign the field, or
The next configured recipient in a workflow is an undefined placeholder, or
The mandatory form fields assigned to you are empty
A mandatory attachment field has been assigned to you
The availability of the "Bulk Signing" feature is subject to your subscribed Service Plan and Enterprise Role. If you cannot find this option in your account, please ask your Enterprise Admin to upgrade your service plan and enable it in your Role>Document Settings.
Open a 'Pending' and 'Draft' document.
Click on the "Bulk Signing" button in the information panel, on the document viewer screen.
The bulk sign dialogue box will appear. It will list your documents based on the required actions.
While a field is being processed, a circular percentage progress bar will appear next to it, to indicate the progress.
If a field can not be signed, the respective reason will be displayed, click on the 'Continue' button to continue signing the eligible documents.
Reviewing is also a part of document workflow and is used for approval purposes. However, the reviewing activity does not involve digital signatures. Being a reviewer you can either approve the document or can simply decline it. Since reviewing is a workflow activity, these documents are shared with certain exclusive permissions (e.g. printing, downloading, access duration, password protection, etc.) by the respective Document Owner.
Click the "Documents" option, available in the left menu of the SigningHub screen.
From your documents list, locate the pending document to review, and click the "Sign" button against it. The for review. Alternatively, you can skip the above two steps and follow the document link in the notification email that has been sent to you by SigningHub. This will directly for review.
as required (optional).
as required (optional).
Use the allowed as required (optional).
Fill in the (if any are configured for you).
Fill in the (if any are configured for you).
Add your (if any are configured for you).
Add (if any).
Click the "Approve" button from the right of the document viewer header, and agree to the (if any configured for you).
Specify your reviewing comments (up to 500 characters), and click the "Approve" button. These comments will be available to:
The respective document owner in the and .
All the recipients in the comments section, and also in the notification emails of those who have configured emails for subsequent changes in the document.
The document is now approved, and its status will be changed from "Pending" to "Approved" in your documents list. The document owner will also be notified about this action through an email.
If you delete a pending document from your documents list without reviewing it, it is considered as .
Fill in the field's data accordingly and click the "Next" button to traverse to your next field for data entry. Keep doing so till you reach the last field assigned to you. SigningHub will display the total and traversed counts of your assigned fields accordingly.
To perform ADSS bulk document signing via API using server-side signing, follow the steps mentioned below. These steps detail the API calls required to sign multiple documents in a single operation through the server.
The signatory is identified via the access token provided in the API call, which means authentication is required before initiating the signing process. The access token must be issued directly to the signatory through authentication API.
If modifications are needed before signing, the Fill Form Fields API should be called beforehand. Note that any mandatory input fields must be completed for the signing process to succeed.
To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the API. This API provides details of all available signing servers along with their corresponding levels of assurance.
The signature application needs to call API. This API executes pre-signing validations for each document package and respectively returns any errors along with the list of tasks that the application needs to perform to complete the signing process.
If OTP authentication is turned on for the server-side signing operation which could be found in the response of API, client applications will need to generate an OTP for the mobile number using API call. Respective business applications must retrieve the OTP from the use and submit it when making the Bulk Sign Packages API call. This is done using the "x-otp" header in the request.
The signature application needs to call API. This API will sign/sign & share and share multiple documents (both electronic and digital) without displaying the documents to the end user.
API will be used to get the status of a specific bulk signing transaction along with the details of document packages that were processed by the previous API call (repetitive call until status becomes COMPLETED).
Finally, after signing, the API can be used to retrieve the verification response.
Introduction
How it works?
Place the Policy Document in SigningHub Directory
are similar to the initials, but they are done on behalf of someone else. In-person signatures can be carried out by freehand drawing, text-filling or image upload (the same way a signature is added). When you receive a document with in-person fields assigned to you, then you need to fill in all such fields before signing. This is to witness that the document was signed in the presence of configured persons or on behalf of all of them. Similarly, a meeting host can also provide device control to the (in-person) signers, and get their signatures in his/her presence. Once you are done with in-person signatures, you can sign the document.
SigningHub supports local signing through unique RUT values that are exclusively assigned to each user. The users who wish to use the RUT based Go>Sign signing, need to modify the appsettings.Production.json file. The Go>Sign Desktop app has to be installed and should be running on your machine. Your RUT-based certificates that you want to perform signatures with, having the Subject Alternative Name value, must also be installed on your local machine. SigningHub supports the latest version of the Go>Sign Desktop app.
SigningHub supports performing server-side signing with eID Easy. eID Easy provides a simple API for Qualified Electronic Signature (QES) methods, Advanced Electronic Signature (AES) methods, and strong customer authentication for Remote Signing Service Providers that do not support the CSC interface.
SigningHub supports local signing through the Go>Sign Desktop app. The Go>Sign Desktop app has to be installed and should be running on your machine. The certificates that you want to perform signatures with should either be installed on your local machine, or be stored in the HSM token attached to your machine, based on the configurations of your Go>Sign profile. SigningHub supports the latest version of the Go>Sign Desktop app.
Configure a verification profile, in SigningHub Admin.
Add the signing profile and verification profile to the service plan.
Create a workflow with a Word document, and share the workflow.
Once you've shared the workflow, sign the document via either SigningHub API or SigningHub Web.
Electronic Seals: Click on the 'Apply Electronic Seal' button, and the electronic seal will be applied.
Basic Signatures: Click on the level of assurance, and the 'Sign' dialogue box will appear. Click the 'Sign' button to complete the signing.
Advanced Signatures: Click on the level of assurance, select the signing server in the 'Sign' dialogue box, and then click 'Sign' to apply advanced signatures.
If for any reason bulk signing fails, a summary dialogue will appear to show the reason for failure, and a caution icon will appear adjacent to the button.
If your textual signature is already filled in with your fixed name, it is because the signature text editing is restricted in your enterprise role. Your signature text can be edited under the "Signature" tab in 'Personal Configurations.
Choose a desired appearance for your signature. The options being populated in the "Signature Appearance Design" field are the allowed appearances to your enterprise user role. You can also see this list in your signature appearance. The signature appearance will be auto-filled and cannot be changed if it's restricted from enterprise roles signature settings to use a specific appearance for the selected Signing Server.
In case of bulk signing using a signature pad, the "Remember the captured signature for use throughout this document" option will not appear.
Upon clicking the "Sign" button, if any 'Authentication Method' is configured for the selected signing capacity under enterprise roles, an authentication dialogue box will appear. If no 'Authentication Method' is configured for the selected signing capacity under enterprise roles, the document signing process will start. In the documents, all the signature fields with the same level of assurance that matches the selected 'Signing Capacity', in the above step, will be signed.
If you have selected CSC Signing Server to perform signature and "Authorisation Code" is selected as the "Auth Type" in CSC Connector, then on clicking the 'Sign' button you will be shown an additional authorisation option, depending upon the authorisation settings configured in your CSC Server:
Implicit
Explicit (One Time Password (OTP)/PIN Number)
OAuth Authorisation Code
All unregistered users using the CSC Signing Server to perform signatures will be shown an additional authorisation option, as mentioned above, upon clicking the 'Sign' button.
If "Client Credentials" is selected as the "Auth Type" in the CSC Connector and a valid CSC User ID has been configured for the user, then on clicking the 'Sign' button, no additional authorisation will be required for signing.
There could be a possibility that both the options of OTP and PIN number are configured as a signing time authentication by your CSC Server.
In case the Level of Assurance of a "Signature" field is set to "Simple Electronic Signature", then only Document Signing Authentication will work.
In case of signing of XML document, optionally you may also specify "Commitment Type Indication". SigningHub populates values of this field in editable mode from your Personal Signing Details. When specified they will become a permanent part of your XML signature.
In the case of OTP authentication, the OTP method will be as per the configured OTP method in the document owner's service plan.
"(Email)", in case only "Email OTP" is configured in the service plan
"(SMS)", in case only "SMS OTP" is configured in the service plan
"(SMS and Email)", in case both "Email OTP" and "SMS OTP" are configured in the service plan
If the user has authenticated once against an "Authentication Method" which is configured for a "Signing Capacity", the user will not be prompted to re-authenticate the same "Authentication Method" even if it is configured against a different "Signing Capacity". In case a different "Authentication Method" has been configured against the new "Signing Capacity", the user will be prompted to authenticate against it.
If passkey authentication is configured for the user for a given signing capacity, the user will be prompted to authenticate using their passkey. Upon initiating the signing process, the browser will display a dialogue requesting passkey authentication. The passkey may be stored in the browser, on a mobile device, or on a USB security key. This authentication method is supported for both single sign and bulk sign operations. After signing, the document logs will record the authentication details, providing an indication of the profile used for authentication.
The passkey feature is not available for guest users, as they cannot register a passkey without first logging in.
If a delegated reviewer is configured for the document, then it will be automatically forwarded to the intended recipient.
You cannot review a document without adding an attachment if a mandatory attachment field has been assigned to you.
If the recipient tries to close the document package without performing all of their required actions, a warning will be displayed, as shown in the figure below:
Place the Policy Document in ADSS Server Directory
Modify the policy.properties file in ADSS Server Directory
Configure a Go>Sign Profile in ADSS
Configure a Connector in SigningHub Admin
Configure a Signing Profile in SigningHub Admin
Add Signing Profile to a Service Plan
Add Signing Server to a User Role in SigningHub Web
Signing via SigningHub Web
SigningHub supports all kinds of server side and local side signing using the Policy OID. When a user signs a document using SigningHub, the system applies a signature policy OID to ensure that the signature adheres to the predefined rules. This includes requirements such as cryptographic algorithms, key lengths, time-stamping, and other security measures specified by the policy. For recipients of signed documents, the signature policy OID serves as a reference point during verification. It allows them to confirm that the signature meets the necessary standards for validity and compliance. For this usecase, we are going to perform local side signing with ADSS using Policy OID.
Place the Policy Document, in SigningHub Directory.
Modify the appsettings.Production.json file, in SigningHub directory.
Place the Policy Document, in ADSS Server Directory.
Modify the policy.properties file, in ADSS Server directory.
Configure a Go>Sign signing profile as a prerequisite, in ADSS.
Configure a connector, in SigningHub Admin.
Configure a signing profile, in SigningHub Admin.
Add the signing profile to the service plan.
Add signing server to your enterprise user role.
Sign the document via SigningHub Web.
The policy document PDF needs to be placed, in the SigningHub deployment directory, at the following path:
[SigningHub Deployment Directory]\default\signaturepolicydocuments
To apply the policy OID while signing, the appsettings.Production.json file needs to be modified, in the SigningHub Directory.
Make the following modifications to the appsettings.Production.json file:
Provide the values of the "SignaturePolicyOID", "SignaturePolicyURI", "SignaturePolicyName" tags. Then save the changes and close the "appsettings.Production.json" file. The "SignaturePolicyName" should be the same as the name of the policy document placed in the SigningHub deployment directory.
The policy document PDF needs to be placed in the ADSS deployment directory, as the ADSS Server is being used for verification, at the following path:
[ADSS Deployment Directory]\service\policy
To apply the policy OID while signing, the policy.properties file needs to be modified in the ADSS Server Directory.
Make the following modifications to the policy.properties file:
Add the "Policy IDs" and their "Directory Paths" in the policy.properties file. Then save the changes and close the "policy.properties" file. Add this information using the mentioned format ( Signature Policy ID = Location of the Signature Policy Document). A sample of the format has been highlighted below:
For local signing, a Go>Sign profile is configured in Go>Sign Service. (In case of server side, a signing profile will need to be configured)
Make the following configurations to a Go>Sign profile:
From the "General" section, copy the Go>Sign Profile ID because it would be used in SigningHub Admin.
In the "Keystore Settings" section, check the "OS native API (MS CAPI & Mac Keychain)" option, as we want to use the certificates installed on your local machine.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "ADSS Server" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a signing profile in SigningHub Admin:
Paste the earlier copied Go>Sign Profile ID, while creating a Go>Sign Profile in the ADSS:
Make the following configurations to a service plan in SigningHub Admin:
Select and add the earlier configured Signing Profile, in a service plan in SigningHub Admin:
Make the following configurations to a user role in SigningHub Web:
Against your user role, in the "Signing Server Preferences" tab, add the signing server
To sign the document via SigningHub Web, follow the below-mentioned steps:
Open SigningHub Web and open a document having a signature field that you want to sign.
Double-click on the signature field and select the Signing Server.
Then click on the signature field and then click "Sign".
After signing the document, you can view the "Verification Certificate".
The signatures can also be verified through the ADSS verification service's transaction logs which will reflect the "Signature Policy ID" and the "Signature Policy URI".
SigningHub supports all kinds of server side and local side signing using the Policy OID.
Click on the 'Go to field' button, or scroll to the assigned in-person field.
Double-click the field, or single-click and select the "Sign" option.
A dialogue box will appear, here select the in-person type (i.e., Text, Hand-Drawn, Image) to sign the field accordingly. (If the user chooses the 'Image' option for an in-person signature, a signature image can be uploaded. Upon uploading, the user can zoom the image, rotate it, and adjust its transparency as desired.) If your textual signature is prefilled-in with your fixed name, it is probably because the signature text editing is restricted in your enterprise role. To edit your signature text:
Use your Personal Settings> Hand Signature Method for Web Browsers> Text-based Signatures, if you are using a web browser for signing. Or use your Personal Settings> Hand Signature Method for Mobile Apps> Text-based Signatures, if you are using a mobile app for signing.
Click the "More Options" option to select a signing capacity, signature appearance design, contact information and location. The signing capacities for the In-Person signature field will match with the configured "Level of Assurance" for the field, by the document owner.
Click the 'Sign' button. The specified in-person will be displayed on the same area of the document.
If "Document Signing Authentication" is configured for the In-person recipient, then the system will initiate the OTP process at the time of signing the In-Person signature.
An invisible signature doesn't have any visible appearance on a document. However, it entails all other verifiable characteristics of e-signing i.e., Time Stamping, Certificate Chain, Certificate Status, etc.
All the in-person fields assigned to you are mandatory to be signed, so you cannot leave any in-person field blank in the document.
Fill in the fields accordingly and click the "Go to field" button to move to the next field for data entry. Continue till you reach the last field assigned to you. SigningHub will display the total and traversed counts of your assigned fields accordingly.
Font colour will not be applicable in Signature Appearance while perform signature on any PDF/A document with "CMYK" colour space in order to ensure PDF/A compliance.
You cannot perform an in-person signature without adding an attachment if a mandatory attachment field has been assigned to the in-person signer.
If the recipient tries to close the document package without performing all of their required actions, a warning will be displayed.
In the case of Simple Electronic Signature (SES), an enterprise user will only be able to use Signature Appearance Design, if the "Allow users to use the signature appearance for Simple Electronic Signatures" option is enabled in the , against the user's role.
In the case of Simple Electronic Signature (SES), for an individual user, the Signature Appearance Design drop down is available but by default, no signature appearance is selected. In order to use the signature appearance the user can select any allowed signature appearance from the drop down.
In the "Apply In-Person Signature" dialogue box, the user's default location will be shown, as . In the case of an unregistered user:
if the auto-detect location is enabled, and the GeoIP connector has been configured, the system will pick the location and time zone using the GeoIP connector.
If either the auto-detect location is disabled, the GeoIP connector has not been configured, or the GeoIP connector is faulty or not functional, the system will use the location and time zone of the document owner.
Based on the type of users, the following mentioned signature appearances will be available:
In the case of an enterprise user, all the signature appearances are allowed in the user role.
In the case of an individual user, all the signature appearances are allowed in the user's service plan.
In case of a Simple Electronic Signature (SES) signature stamp, against the "Signed by" attribute:
the system will show the name of the user as configured in the user's profile in their personal settings.
in case of an unregistered user, the system will show the name of the unregistered user as saved in the document owner's contacts.
In the case of Electronic Seal (eSeal), the user will now be able to select the allowed signature appearance design, signing capacity, contact information and location.
The following OTP preference will be followed while signing, in case of configuration of field-level OTP, Document Signing OTP Authentication, and Secondary Authentication against the Signing Server:
Configure a Go>Sign signing profile as a prerequisite, in ADSS.
Modify the appsettings.Production.json file, in SigningHub directory.
Configure a connector, in SigningHub Admin.
Configure a signing profile, in SigningHub Admin.
Add the signing profile to the service plan.
Add signing server to your enterprise user role.
Add the National ID to your Profile.
Sign the document via SigningHub Web.
For local signing with RUT, a Go>sign profile is configured in Go>Sign Service.
Make the following configurations to a Go>Sign profile:
From the "General" section, copy the Go>Sign Profile ID because it would be used in SigningHub Admin.
In the "Keystore Settings" section, check "OS native API (MS CAPI & Mac Keychain)".
To enforce the users to use the RUT values for signing, the appsettings.Production.json file needs to be modified in the SigningHub Directory.
Make the following modifications to the appsettings.Production.json file:
Change the value of the "ValidateRUT" tag to "True". Then save the changes and close the "appsettings.Production.json" file.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "ADSS Server" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a signing profile in SigningHub Admin:
Paste the earlier copied Go>Sign Profile ID, while creating a Go>Sign Profile in the ADSS:
Make the following configurations to a service plan in SigningHub Admin:
Select and add the earlier configured Signing Profile, in a service plan in SigningHub Admin:
Make the following configurations to the global settings in SigningHub Admin:
Check the "Allow Users to Add National ID" checkbox to allow the users to add their National ID to their profiles:
Make the following configurations to a user role in SigningHub Web:
Against your user role, in the "Signing Server Preferences" tab, add the signing server.
Make the following configurations to your profile in SigningHub Web:
Copy the National ID, which is defined as the value of "Subject Alternative Name" from your certificate, and paste it in the "National ID" field, as shown below:
The National ID can also be provided at the time of new user registration.
To sign the document via SigningHub Web, follow the below-mentioned steps:
Open SigningHub Web and open a document having a signature field that you want to sign.
Double-click on the signature field and select the Go>Sign Signing Server. Upon selecting the signing server, the system will fetch all the certificates which have the same "Subject Alternative Name" value as the National ID, specified in your profile. If a National ID has not been provided or an invalid National ID has been provided, the system will not let the user sign the documents using the ADSS or CSC Signing Servers, given that the "ValidateRUT" tag in the appsettings.Production.json file has been set to "True".
Then click "Sign".
After signing the document, you can view "Signature Verification" details. The signatures are verified through the ADSS verification service.
Go>Sign signing supports PDF and XML document signing.
The National ID will be validated for both ADSS (as a local signing server) and CSC Signing Servers, if the "ValidateRUT" tag in the appsettings.Production.json file has been set to "True".
To perform eID Easy signing, you must configure an eID Easy connector, in SigningHub Admin.
Configure the connector in a signing profile, in SigningHub Admin.
Configure a signing profile using the connector, in SigningHub Admin.
Add Signing Server to your enterprise user role that you want to use for eID Easy signing.
Allow the Qualified Electronic Signature (QES) and/or Advanced Electronic Signature (AES) level of assurance against the user role.
Open a document having a Qualified Electronic Signature and/or Advanced Electronic Signature (AES) field and sign the document using the eID Easy Signing Server.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "eID Easy" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a signing profile in SigningHub Admin:
Select the eID Easy Connector created earlier, in the highlighted field below:
Make the following configurations to a service plan in SigningHub Admin:
In the "Signature" section of the service plan, select and add the earlier configured signing profile, as shown below:
Make the following configurations to a user role in SigningHub Web:
Against your user role, in the "Signing Server Preferences" tab, add the signing server.
Make the following configurations to a user role in SigningHub Web:
Against your user role, in the "Document Settings" tab, add the Qualified Electronic Signature (QES) and/or Advanced Electronic Signature (AES) levels of assurance.
To perform eID Easy signatures, follow the below-mentioned steps:
From the document listing, open a document having a Qualified Electronic Signature and/or Advanced Electronic Signature field that you want to sign.
Click on the signature field and click "Sign".
Select the eID Easy Signing Server.
Upon clicking the "Sign" button, the eId widget will appear. Based on the country configured in the user's personal settings and the level of assurance of the signature field, the signing methods will appear in the dialogue box. Select a signing method to proceed with.
Based on the selected signing method, complete the authorization process. Once the authorization is complete the document will be signed.
After the authorization is complete, the eID Easy API uses a webhook to send the signing certificate details to SigningHub which is used to fetch the "Signed by" information. The webhook URL, "[Web_URL]/v4/custom-cades-digest-webhook", is configured against the "Custom CAdES digest webhook" property in the eID Easy.
After signing the document, you can view "Signature Verification".
The signature Policy is not supported with eID Easy signing.
The eID Easy Signing Server will only appear if the level of assurance of the signature field is set to Qualified Electronic Signature (QES) and/or Advanced Electronic Signature (AES).
When both Qualified Electronic Signatures (QES) and Advanced Electronic Signatures (AES) are selected as the level of assurance for a signature field, signing with an AES-associated method in the eID Easy widget will display the level of assurance as QES in the workflow history, due to a system limitation on eID Easy's side.
Bulk signing is not supported with the eID Easy Server.
The signing logs are maintained under "User Activity Logs", "Workflow History", and "Workflow Evidence Report".
Configure a Go>Sign signing profile as a prerequisite, in ADSS.
Configure a connector, in SigningHub Admin.
Configure a signing profile, in SigningHub Admin.
Add the signing profile to the service plan.
Add signing server to your enterprise user role.
Sign the document via SigningHub Web.
For local signing, a Go>Sign profile is configured in Go>Sign Service.
Make the following configurations to a Go>Sign profile:
From the "General" section, copy the Go>Sign Profile ID because it would be used in SigningHub Admin.
In the "Keystore Settings" section:
If you want to sign documents using the certificates installed on your local machine, check the "OS native API (MS CAPI & Mac Keychain)" option.
If you want to sign documents using the certificates from your HSM token, check the "PKCS#11" option. Copy and paste the sample "Device Name" and the "Library Name" in their respective fields, and click the "Add" button.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "ADSS Server" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a signing profile in SigningHub Admin:
Paste the earlier copied Go>Sign Profile ID, while creating a Go>Sign Profile in the ADSS:
Make the following configurations to a service plan in SigningHub Admin:
Select and add the earlier configured Signing Profile, in a service plan in SigningHub Admin:
Make the following configurations to a user role in SigningHub Web:
Against your user role, in the "Signing Server Preferences" tab, add the signing server.
To sign the document via SigningHub Web, follow the below-mentioned steps:
Open SigningHub Web and open a document having a signature field that you want to sign.
Double-click on the signature field and select the Go>Sign Signing Server. Upon selecting the signing server, the system will fetch all the certificates from your local machine or the HSM token attached, based on the configurations of your Go>Sign profile.
Then click on the signature field and then click "Sign".
After signing the document, you can view the"Signature Verification" details. The signatures are verified through the ADSS verification service.
Go>Sign signing supports PDF and XML document signing.
SigningHub allows users to sign via a signature pad. It involves integrating a specialized device that electronically captures handwritten signatures. This integration is seamless within the SigningHub platform, ensuring a straightforward process for users. Once integrated, users need to make the necessary configurations and connect the signature pad to their computer or tablet, typically via USB or Bluetooth to perform the signatures. While the user writes their signature on the pad using a stylus or pen-like tool, the signature's unique characteristics (such as shape, pressure, and speed) are recorded digitally. SigningHub then applies this captured signature to the document, ensuring it remains secure and legally binding.
Configure a connector, in SigningHub Admin.
Add the connector to the service plan.
Configure the signature pad in the user role.
Set the signature pad as the default method.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "Signature Pad" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a service plan in SigningHub Admin:
In the "Signature" section of the service plan, enable the "Enable the Signature Pad to capture hand signature images while signing" option and add the earlier configured connector, as shown below:
Make the following configurations to a user role in SigningHub Web:
Against your user role, in the "Signature Appearance" tab, enable the Signature Pad option.
Signature Pad can be used to perform hand signatures and initials, only on Desktop Web.
Make the following configurations to 'My Settings' in SigningHub Web:
Against your 'Settings', in the "Signature Preferences" tab, set Signature Pad as the default hand signature method for Web Browsers.
Signature Pad can only be used to perform hand signatures, in-person hand signatures, and initials, only on Desktop Web.
If Signature Pad has been configured as the default initials method and the user tries to sign using native apps or mobile web, the user will not be able to perform initials and will be prompted to update the default initials method in the user's settings.
To perform signatures via a Signature Pad, follow the below-mentioned steps:
From the document listing, open a document having a signature field that you want to sign.
Double-click on the signature field, and select a Signing Server for performing signatures.
Upon selecting a signing server, the browser will show a pop-up to connect the Signature Pad device. Click on the "Connect" button to connect the signature pad.
The "Remember the captured signature for use throughout this document" option allows the user to use the captured signatures to sign all of the other assigned signature fields as well. If this option is unchecked, the user will have to perform signatures, using the signature pad, for each assigned field.
Even if the "Remember the captured signature for use throughout this document" option is enabled, the captured signatures stay in the memory as long as the user is on the document viewer screen and the session has not expired.
SigningHub allows you to add electronic seals in a workflow. Electronic Seal (eSeal), Advanced Electronic Seal (AdESeal), and Qualified Electronic Seal (QESeal) are the levels of assurance available for an electronic seal. Adding electronic seals will consume signatures quota of your (document owner's) account. Adding an electronic seal is subject to your SigningHub license, service plan configuration and the assigned enterprise user role.
SigningHub supports performing local side signing with Trust1Connector (T1C). For this, SigningHub needs to be registered with the T1C platform, and a T1C connector needs to be created in SigningHub to allow SigningHub to connect with the T1C app. The T1C app has to be installed on your local machine, and the related HSM is attached to it while signing, or the system certificates must be available within the local keystores. Also, you should have full rights to the Trust1Connector service running on your machine. SigningHub will prompt you if any of the prerequisites mentioned above are missing. T1C provides a solution to read the hardware tokens with minimum footprint and installations. It can interact with the hardware tokens by using javascript APIs which are implemented in SigningHub for local signing. SigningHub also supports T1C TrustStore for signing documents using locally stored certificates from keystores on Windows and macOS. (The support for TrustStore requires T1C JS SDK version 3.8.5 or later.) T1C can be used as an alternative to the Go>Sign Desktop for local signing. SigningHub supports the T1C SDK v3.8.6.
"AppSettings": {
"SignaturePolicyOID": "",
"SignaturePolicyURI": "",
"SignaturePolicyName": ""
}"AppSettings": {
"ValidateRUT": "true"
}
If the document owner is an enterprise user, all the signature appearances are allowed in the document owner's user role.
If the document owner is an individual user, all the signature appearances are allowed in the document owner's service plan.
Yes
Yes
Field-level OTP
Yes
No
No
Field-level OTP
Yes
Yes
No
Field-level OTP
Yes
No
Yes
Field-level OTP
No
Yes
No
Document Signing OTP Authentication
No
Yes
Yes
Document Signing OTP Authentication
No
No
Yes
Secondary Authentication against the Signing Server
No
No
No
-
Yes
Sign the document via signature pad.
Once the signature pad has been connected, the user can perform signatures on the signature pad, and the signatures will be visible on the "SIGN" dialogue box in SigningHub.
Clear: If the 'Clear' button is pressed, either on the SIGN dialogue box or on the signature pad, the signature pad will clear up, allowing you to retry your signatures.
Cancel: If the 'Cancel' button is pressed, either on the SIGN dialogue box or on the signature pad, the SIGN dialogue box will close without the signatures being performed.
OK: If the 'OK' button is pressed, either on the SIGN dialogue box or on the signature pad, the signatures will be applied to the document and the SIGN dialogue box will close.
The signing logs are maintained under "User Activity Logs", "Workflow History", and "Workflow Evidence Report".
The Wacom STU Tablets that are supported for performing signatures are STU-430 and STU-500.
Signing via a signature pad is allowed for both enterprise and individual users, based on the configurations of their service plan.
SigningHub integrates the Wacom SDK and validates the Wacom license directly through the Wacom server, without any communication with the Wacom License Management Server. If a user does not renew their license within the grace period provided by Wacom, access to the Wacom integration within SigningHub will be disabled until the license is renewed.
For using Wacom STU tablets, all the browsers that implement WebHID should be supported. Thus, at the moment it is supported as a feature on:
Chromium
Google Chrome
Microsoft Edge
Opera
(Firefox and Safari have refused to implement this feature on the basis of security reasons, so it won't be supported.)
N/A
N/A
Default signature appearance will appear as per the last used signature appearance.
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as as per settings.
Yes
Yes
Default signature appearance will appear as configured against the signing server.
Signature appearance will be used as configured against the signing server.
Signature logo will be used as configured against the signing server.
Yes
No
Default signature appearance will appear as configured against the signing server.
Signature appearance will be used as configured against the signing server.
Signature logo will be used as per setting.
No
The bulk signing behavior of the system with respect to whether the signature appearance and the logo have been configured against a signing server, in the SigningHub Admin, is as below:
N/A
N/A
Default signature appearance will appear as per the last used signature appearance.
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as per setting.
Yes
Yes
Default signature appearance will appear as configured against the signing server.
Signature appearance will be used as configured against the signing server.
Signature logo will be used as configured against the signing server.
Yes
No
Default signature appearance will appear as configured against the signing server.
Signature appearance will be used as configured against the signing server.
Signature logo will be used as per settings.
No
Yes
Yes
Default signature appearance will appear as configured against the PKI signing server.
For PKI Signatures:
Signature appearance will be used as configured against the PKI signing server.
Signature logo will be used as configured against the PKI signing server.
Yes
No
Default signature appearance will appear as configured against the PKI signing server.
For PKI Signatures:
Signature appearance will be used as configured against the PKI signing server.
Signature logo will be used as per setting.
No
In case of In-Person signatures, the appearance set against the ADSS signing server will be followed.
In case of signatures, the appearance set against the respective selected signing server will be followed.
N/A
N/A
Default signature appearance will appear as per settings.
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as follows:
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
Yes
Yes
Default signature appearance will appear as configured against the signing server.
Signature appearance will be used as configured against the signing server.
Signature logo will be used as configured against the signing server.
Yes
No
Default signature appearance will appear as configured against the signing server.
Signature appearance will be used as configured against the signing server.
Signature logo will be used as follows:
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
No
The bulk signing behavior of the system with respect to whether the signature appearance and the logo have been configured against a signing server, in the SigningHub Web, is as below:
N/A
N/A
Default signature appearance will appear as per settings.
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as follows:
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
Yes
Yes
Default signature appearance will appear as configured against the signing server.
Signature appearance will be used as configured against the signing server.
Signature logo will be used as configured against the signing server.
Yes
No
Default signature appearance will appear as configured against the signing server.
Signature appearance will be used as configured against the signing server.
Signature logo will be used as follows:
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
No
Yes
Yes
Default signature appearance will appear as configured against the PKI signing server.
For PKI Signatures:
Signature appearance will be used as configured against the PKI signing server.
Signature logo will be used as configured against the PKI signing server.
Yes
No
Default signature appearance will appear as configured against the PKI signing server.
For PKI Signatures:
Signature appearance will be used as configured against the PKI signing server.
Signature logo will be used as follows:
No
Enable the "Electronic Seals" module in your SigningHub license.
Allow the electronic seals module against the role of administrator, in SigningHub Admin.
To perform electronic seal signing, you must configure a connector, in SigningHub Admin.
Configure an electronic seal profile, in SigningHub Admin.
Configure an electronic seal against your service plan, in SigningHub Admin.
Configure the electronic seal against an enterprise user role, in SigningHub Web.
Create an electronic seal for your enterprise, in SigningHub Web.
Once an electronic seal has been created for your enterprise, you can add this electronic seal to a workflow.
Add an electronic seal field to your document.
Signing of an electronic seal.
The Electronic Seals feature is available through the license, if the "ELECTRONIC_SEALS" module is enabled in the license. When "ELECTRONIC_SEALS" module is enabled, it will consume the quota of "Signatures". Contact the SigningHub support and request them to enable this module in your license.
Make the following configurations against the administrator role.
From the Details screen, allow the "Electronic Seal Profiles" module for this role.
By default, the "Electronic Seal Profiles" module is unchecked. In order to use Electronic Seal Profiles, this module has to be manually allowed against a role.
Configure a connector, as shown below, for ADSS Electronic Seal or CSC Electronic Seal, respectively.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "ADSS Server" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "CSC Electronic Seal" as the "Provider".
In the "Details" section, fill in the required fields.
Currently, "Client Credentials" is the only option available for the Auth Type in the CSC Electronic Seal connector.
Configure an electronic seal profile, as shown below, for ADSS Electronic Seal or CSC Electronic Seal, respectively.
Make the following configurations to an electronic seal profile in SigningHub Admin:
Select the ADSS Server connector created earlier, and fill in the required fields:
Make the following configurations to an electronic seal profile in SigningHub Admin:
Select the CSC Connector created earlier, and fill in the required fields:
Configure an electronic seal against your service plan, as shown below, for ADSS Electronic Seal or CSC Electronic Seal, respectively.
Make the following configurations to a service plan in SigningHub Admin:
From the "Basic Information" section, select and add the "Electronic Seals" feature to the service plan.
From the "Signatures" section, add the electronic seal signing server.
Make the following configurations to a service plan in SigningHub Admin:
From the "Basic Information" section, select and add the "Electronic Seals" feature to service plan.
From the "Signatures" section, add the electronic seal signing server.
The Electronic Seals feature is only available for "Enterprise" service plan type.
Make the following configurations against an enterprise role:
From the "Enterprise Configuration", allow the "Electronic Seals" against this user role.
Configure an electronic seal, as shown below, for ADSS Electronic Seal or CSC Electronic Seal, respectively.
Make the following configurations to an electronic seal in SigningHub Web:
From the "Basic Information" section, select the signing server, and fill in the required fields.
Make the following configurations to an electronic seal in SigningHub Web:
From the "Basic Information" section, select the signing server, and fill in the required fields.
The electronic seal feature works with all CSC-based TSPs that support the OAuth 2.0 Client Credentials flow (authType=oauth2client), and credentials having Explicit authMode protection via only a PIN.
After you have added all the documents in a workflow package, follow the below-mentioned steps to add an electronic seal:
Click "Add an electronic seal".
From the "Select Electronic Seal" drop down, select the electronic seal that you want to add. Only the electronic seals available for use, based on the document owner's user role, will be displayed in this drop down.
Follow the below-mentioned steps to add an electronic seal field in a workflow:
Select the document from the information panel's 'Pages' tab, on which an electronic seal is required.
Select the electronic seal from the information panel's 'Recipeints' tab, for whom you want to add an electronic seal field.
Click the "Electronic Seal" field, and drop it on the document.
After sharing the document, when it is the turn of the electronic seal to be applied, the electronic seal is automatically signed using the configured settings. An electronic seal is signed without any user interaction. An on-screen notification is sent to the document owner when an electronic seal is signed. If for any reason the electronic seal signing fails, the system sends an email to the electronic seal owner and the electronic seal will have to be signed manually.
To check the electronic seal signature verification details:
Click on the electronic seal signatures.
Click verification in the information panel.
Electronic seal signing logs are maintained under "User Activity Logs", "Workflow History", and "Workflow Evidence Report".
Configure a connector, in SigningHub Admin.
Configure a signing profile, in SigningHub Admin.
Add the signing profile to the service plan.
Add the signing server to your enterprise user role.
Sign the document via SigningHub Web.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "T1C" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a signing profile in SigningHub Admin:
Select the T1C Connector created earlier:
Make the following configurations to a service plan in SigningHub Admin:
In the "Signature" section of the service plan, select and add the earlier configured signing profile:
Make the following configurations to a user role in SigningHub Web:
Against your user role, in the "Signing Server Preferences" tab, add the signing server.
To perform T1C signatures, follow the below-mentioned steps:
From the document listing, open a the document having a Signature field that you want to sign.
Double click on the signature field, select the T1C Signing Server.
Upon selecting the T1C Signing Server, the user consent dialog will appear. It will appear once for each user session. Click on the "Yes" button to proceed.
If you are using T1C JS SDK version 3.8.5 or above, the system will display the "KeyStore Selection" dialogue box. The user can select whether they would like to sign using a token or the 'TrustStore'. (In case of TrustStore, the system certificates are retrieved from MSCAPI on Windows, and Mac Keychain on macOS)
Click on the "Sign" button.
The system will prompt the user to input the token PIN to authorise the signing process. (The signing PIN functionality is not available for signing via 'TrustStore'.)
After signing the document, you can view "Signature Verification".
If the T1C utility is not running on the user's system, SigningHub will prompt the user to check:
If the T1C utility is installed on the user's system, run the utility and try signing again. (Make sure that the token is connected, or the certificates are available in the truststore, as per the 'KeyStore Selection'.)
If the T1C utility is not installed on the user's system, install the utility by clicking on the "click here" link and then try signing again.
Bulk signing is also supported with the T1C Signing Server.
The signing logs are maintained under "User Activity Logs", "Workflow History", and "Workflow Evidence Report".
T1C supports PDF and XML document signing.
The support for TrustStore requires T1C JS SDK version 3.8.5 or later. (For older SDK versions, only token-based signing is supported.)
In case of TrustStore, the system certificates are retrieved from MSCAPI on Windows, and Mac Keychain on macOS.
SigningHub provides Remote Authorised Signing (RAS) feature, to allow you to authorise a remote signature (done on server) using your registered mobile device(s), running any of the SigningHub native apps (i.e. Android or iOS). The device will have its user authentication built-in (touchID or PIN), so in a way you can also get two-factor authentication. The feature is available on those Android devices that support fingerprints verification, while in case of iOS devices, it can work with both touch ID or passcode verification. For RAS Signing configurations are required in the ADSS Server, SigningHub Admin, and SigningHub Web. Remote Authorisation Signing (RAS) supports the "Advanced Electronic Signature (AES)", "Qualified Electronic Signature (QES)", and "High Trust Advanced Signature (AATL)" levels of assurance. The availability of Remote Authorised Signing (RAS) feature is subject to your subscribed service plan and assigned role.
Configure a SAM profile, in ADSS.
Configure a RAS profile, in ADSS.
Configure a signing profile, in ADSS.
Configure a certification profile, in ADSS.
For remote signing a SAM profile is configured in ADSS SAM Service.
To configure a SAM profile for remote signing, follow these steps:
Copy the SAM Profile ID because it would be used in the upcoming steps.
In the "User Signature Key Pair Settings" section, select "SCAL2" option against the "Sole Control Assurance Level". Then click the "Save" button.
For remote signing a RAS profile is configured in ADSS RAS Service.
To configure a RAS profile for remote signing, follow these steps:
Copy the RAS Profile ID because it would be used in the upcoming steps.
In the "SAM Service Settings" section, enter the SAM Profile ID, copied earlier, and provide the required details.
In the "Credentials Authorisation Settings" section, check the "Implicit" option. Then click the "Save" button.
For remote signing a signing profile is configured in ADSS Signing Service.
To configure a signing profile for remote signing, follow these steps:
Copy the Signing Profile ID because it would be used in the upcoming steps.
In the "Select Signature Type" section, check "PKCS#1". Then click the "Next" button.
In the "Advanced Settings" tab, check the "Enable remote signing" checkbox, enter the RAS Profile ID, copied earlier, and provide the required details. Then click the "Save" button.
For remote signing a certification profile is configured in ADSS Certification Service.
To configure a certification profile for remote signing, follow these steps:
Copy the Certification Profile ID because it would be used in the upcoming steps.
In the "RAS Service Settings" section, check the "Enable key pair generation through RAS Service" checkbox, enter the RAS Profile ID, copied earlier, and provide the required details. Then click the "Save" button.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "ADSS Server" as the "Provider".
In the "Details" section, provide the "RAS Address" and fill in the required fields.
Make the following configurations to a signing profile in SigningHub Admin:
In the "Signing Method" section, check the "Enable Remote Authorisation" checkbox.
Enter the Signing Profile ID, copied earlier.
Make the following configurations to a certification profile in SigningHub Admin:
Select "Qualified Electronic Signature (QES)" as the "Level of Assurance".
Select "Remote Authorisation" as the "Key Protection Option".
Select the configured ADSS connector for certification purposes as the "Certification Authority Server".
Remote Authorisation Signing (RAS) supports the "Advanced Electronic Signature (AES)", "Qualified Electronic Signature (QES)", and "High Trust Advanced Signature (AATL)" levels of assurance.
Make the following configurations to a verification profile in SigningHub Admin:
Select the configured ADSS connector for verification purposes as the "Signature Verification Server".
Enter the Certification Profile ID, copied earlier, as the "Verification Service Profile ID". Then click "Save".
Make the following configurations to a service plan in SigningHub Admin:
Select and add the signing profile, configured earlier, in a service plan in SigningHub Admin.
Select the level of assurance which was selected in the certification profile, configured earlier. (For the purposes of this use case, the level of assurance is Qualified Electronic Signature (QES)).
In the "Signing Capacities" field, select the certification profile, configured earlier.
Make the following configurations to a service plan in SigningHub Admin:
Select and add the verification profile, configured earlier, in a service plan in SigningHub Admin, as shown below:
Make the following configurations to a user role in SigningHub Web:
Against your user role, in the "Signing Server Preferences" tab, add the signing server, configured earlier.
In the "Server" section, select the signing profile, configured earlier, as the "Signing Server".
Make the following configurations to a user role in SigningHub Web:
Against your user role, in the "Document Settings" tab, add the configured level of assurance. (For the purposes of this use case, the level of assurance is Qualified Electronic Signature (QES)).
To sign the document via SigningHub Web, follow the below-mentioned steps:
Open SigningHub Web and open a document the document you want to sign. The level of assurance of the signature field must be the same as configured earlier. (For the purposes of this use case, the level of assurance is Qualified Electronic Signature (QES)).
Click on the "Signature" field, select the "Signing Capacity", configured earlier, and then click on the "Sign" button. An authentication request will be sent to your registered mobile device for remote authorisation. In case you want to withdraw the remote authorisation request, click on the "Cancel Request" button.
Run SigningHub app (Android or iOS) on your mobile device and log in using the credentials which you have used on SigningHub Web. Click on "Remote Authorisation" to view the authorisation requests.
Remote Authorised Signing can be authorised through both SigninHub Native Apps as well as Go>Sign Desktop App.
Once the user has made the required configurations in ADSS Server and SigningHub, when the user logs into SigningHub Web, the user will be automatically registered in the SAM Service. The user can view their authorised devices by clicking the "User Devices" button, and their certificates by clicking the "User Keys" button. Once a user is registered in SAM Service, the "Remote Authorisation User ID" will be added in the user's "Personal Information" in Enterprise Settings>Users.
SigningHub allows its users to sign documents in XML format and supports ETSI XAdES signature in Enveloped mode. XAdES stands for “XML Advanced Electronic Signatures” and is a set of standards published by ETSI to support European requirements for qualified electronic signatures. SigningHub supports these ETSI XAdES signatures formats:
XAdES-B-LTA (Signature providing Long Term Availability and Integrity of Validation Data): In case of XAdES-B-LTA; XAdES-B-B, XAdES-B-T and XAdES-B-LT are being created first. XAdES-B-LTA is created by adding ArchiveTimeStamp in above mentioned signatures.
Enveloped: The XML signature is embedded within the original XML file.
To perform XAdES Extended signature for XML document, following key needs to be added in appsettings.Production.json of Web and API:
"XADES_SIGNATURE_TYPE": ""
For the tag with "XADES_SIGNATURE_TYPE" key, set the value "ES-X-L", SigningHub will perform a XAdES Extended signature for backward compatibility with ADSS Server version 6.9 or lesser. If it's not present, then SigningHub will work as of today and perform the "XAdES-Baseline-LTA" ETSI compliant signatures.
Configure a signing profile as a prerequisite, in ADSS.
Configure a verification profile, in ADSS.
To perform XML signing, you must configure a connector, in SigningHub Admin.
For XML signing a signing profile is configured in ADSS Signing Service.
To configure the signing profile for XML signature follow these steps:
In the "Select Signature Type" section, check "PKCS#1" and copy the Profile ID because it would be used in SigningHub Admin. Then click the "Next" button.
In the "Advanced Settings" tab, keep all check boxes unselected and click the "Save" button.
For XML signature verification, a verification profile is configured in ADSS Verification Service.
To configure verification profile for XML signature follow these steps:
Copy the Profile ID because it would be used in SigningHub Admin.
SigningHub creates the PKCS#1 signature for using signing service and further XAdES Signature enhancement is done via verification service.
By default, SigningHub produces XAdES-B-LTA signature. For XAdES Baseline Signatures, in the "Signature Settings" tab, make the following changes:
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "ADSS Server" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to a signing profile in SigningHub Admin:
Paste the earlier copied Profile ID, while creating a Signing Profile in the ADSS:
Make the following configurations to a verification profile in SigningHub Admin:
Paste the earlier copied Profile ID, while creating a Verification Profile in the ADSS:
Make the following configurations to a service plan in SigningHub Admin:
Select and add the earlier configured Signing Profile and Verification Profile, in a service plan in SigningHub Admin.
Make the following configurations to the SigningHub API:
Get the authentication token of a user using the SigningHub API.
Add a document package from the SigningHub API.
Upload the document via stream/base with document extension .xml. Set the "x-convert-document" to false. To upload an XSLT Style sheet to transform an XML document into an HTML-formatted PDF document on the SigningHub viewer, the following API will be executed against the same document ID and name, as uploaded in the above step.
Where an XSLT Style sheet has been applied to an XML document, upon opening the document on SigningHub Web, by default, the document will appear in the HTML-formatted view.
To switch between the plain XML view and the HTML-formatted view, the user can click the "Toggle" button available in the kebab menu in the document viewer screen.
To sign the document, follow the below-mentioned steps:
Open SigningHub Web and open the XML document through the document listing. click on the signature field and then click "SIGN".
In case of signing an XML document, optionally you may also specify "Commitment Type Indication". SigningHub populates the pre-defined value of this field from your Personal Signing Details. When specified they will become a permanent part of your XML signature.
When signing an XML file, the different Commitment Type Indications that can be selected are:
Only one signature can be performed per document in XML format.
XML signing can be performed via single or bulk sign API.
To perform CSC signatures via API using server-side signing, follow the steps mentioned below. These steps outline the necessary API calls and conditions to successfully complete a single document signing operation through the server.
1. The signatory is identified via the access token provided in the API call, which means is required before initiating the signing process. The access token must be issued directly to the signatory through API .
2. If modifications are needed before signing, the
For SES Signatures:
Signature appearance will be used as configured against the PKI signing server. (If the signature appearance of the configured against the PKI signing server is not allowed in the role for SES signatures, signature appearance will be used as per setting.
Signature logo will be used as per setting.
Signature appearance will be used as configured against the PKI signing server. (If the signature appearance of the configured against the PKI signing server is not allowed in the role for SES signatures, signature appearance will be used as per setting.
Signature logo will be used as per setting.
No
Default signature appearance will appear as per setting.
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as as per setting.
No
Default signature appearance will appear as per settings.
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as per settings.
No
Default signature appearance will appear as per setting.
For PKI Signatures:
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as per Branding.
For SES Signatures:
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as per setting.
Configure a connector, in SigningHub Admin.
Configure a signing profile, in SigningHub Admin.
Configure a certification profile, in SigningHub Admin.
Configure a verification profile, in SigningHub Admin.
Add the signing profile to a service plan, in SigningHub Admin.
Add the verification profile to a service plan, in SigningHub Admin.
Add Signing Server to your user role, in SigningHub Web.
Allow the configured level of assurance against the user role, in SigningHub Web.
Sign the document via SigningHub Web.
If your device is not authorised for RAS Signing, follow the below-mentioned configurations for device registration:
To select the configured RAS profile against a client, in ADSS Client Manager:
In the "RAS Service Settings" section against a client, select the configured RAS profile.
Log into the SigningHub app using the credentials against which you want to register the device. Click on "Remote Authorisation" and your device will be registered after biometric or PIN verification
A pop-up will appear on your mobile device to authorise your signature through touchID or PIN. Upon authorisation, the document is signed.
After signing the document, click the three dots menu and select "Signature Verification" to view "Signature Verification" details. The signatures are verified through the ADSS verification service.
To configure user authentication settings for Go>Sign Mobile App Registration, in ADSS RAS Service:
In the "User Authentication Settings for Go>Sign Mobile App Registration" section, select the user authentication method at the time of registration, as required.
To configure push notification settings, in ADSS RAS Service:
In the "Push Notification Settings (FCM)" section, configure the settings for push notifications, as required.
Configure a verification profile, in SigningHub Admin.
Add the signing profile and verification profile to the service plan
Create a workflow with an XML document, upload an XSLT style sheet, and share the workflow
Once you've shared the workflow, log in to your SigningHub Web account and sign the document.
SigningHub will perform a XAdES Extended signature for backward compatibility with ADSS Server version 6.9 or lesser. For XAdES Extended Signatures, in the "Signature Settings" tab, make the following changes:
Add Collaborator(s) as per requirement. https://manuals.ascertia.com/SigningHub/10.0/Api/#tag/Document-Workflow/operation/V4_Workflow_WorkflowAddUser
Add Digital Signature Field. For XML Signing, only one (Digital Signature) can be added for a collaborator per document. A field would be added on the last page in the bottom right corner. https://manuals.ascertia.com/SigningHub/10.0/Api/#tag/Document-Preparation/operation/V4_Signature_AddSignature
The "Toggle" button will only appear when a XSLT Style sheet has been applied to the XML document.
Proof of origin: indicates that the signer recognizes to have created, approved, and sent the signed data object.
Proof of receipt: indicates that the signer recognizes to have received the content of the signed data object.
Proof of delivery: indicates that the TSP providing that indication has delivered a signed data object in a local store accessible to the recipient of the signed data object.
Proof of sender: indicates that the entity providing that indication has sent the signed data object (but not necessarily created it).
Proof of approval: indicates that the signer has approved the content of the signed data object.
Proof of creation: indicates that the signer has created the signed data object (but not necessarily approved, nor sent it).
After signing the document, you can view "Signature Verification" for details.
Native Apps and Mobile Web do not support XML signing through the document viewer.
An XSLT Style sheet can not be applied to an already signed XML document.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
For SES Signatures:
Signature appearance will be used as configured against the PKI signing server. (If the signature appearance of the configured against the PKI signing server is not allowed in the role for SES signatures, signature appearance will be used as per settings.
Signature logo will be used as follows:
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
For SES Signatures:
Signature appearance will be used as configured against the PKI signing server. (If the signature appearance of the configured against the PKI signing server is not allowed in the role for SES signatures, signature appearance will be used as per settings.
Signature logo will be used as follows:
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
No
Default signature appearance will appear as per settings.
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as follows:
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
No
Default signature appearance will appear as per settings.
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as follows:
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
No
Default signature appearance will appear as per settings.
For PKI Signatures:
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as follows:
If the "Allow users to manage signature logo" option is checked, the logo will be as per settings.
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
For SES Signatures:
Signature appearance will be used as selected in the sign dialog.
Signature logo will be used as follows:
3. To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the Get Signature Settings API. This API provides details of all available signing servers along with their corresponding levels of assurance.
4. The signature application uses the "Get RSSP Information" API to get the RSSP (Remote Signing Service Provider) information that is needed to perform CSC Signing.
5. The signature application uses the "Get RSSP Info" API which returns the information about the RSSP (Remote Signing Service Provider) and the list of API methods it has implemented. This method shall be implemented by any RSSP conforming to this specification.
6. The signature application gets the access token using the "Get Access Token | SAD" API, Server will itself decide the grant_type (client_credentials / authorization_code) depending on its configurations.
7. The signature application gets the list of credentials associated using the "Get Filtered Credential List" API. if the RUT filtration is required this API will filter the credentials as per the RUT values. A user may have one or multiple credentials hosted by a single remote signing service provider.
8. The signature application gets the information on a signing credential, its associated certificate, and a description of the supported authorization mechanism using the "Get Credentials Info" API.
9. If the "authorization_required" parameter is true, in response to the "Get RSSP Information" API, the "Get Account Token" API shall be used to get the account_token which will be used to hit the "oauth2/authorize" CSC Server endpoint.
10. Use the "Get Document Hash" API to get the hash of the document.
Signature application can use any one of the following API for authorization of credential ID, based on the response of the "Get Credentials Info" API of the CSC server:
"Send OTP via RSSP" API to start the online OTP mechanism associated with a credential ID for Explicit (OTP) authorization.
"RSSP Credentials Authorization" API to authorize access to the credential ID for signing for Explicit (OTP/PIN) or Implicit authorization. The SAD received in response shall be used in the "Get Sign Hash from RSSP" API request.
"oauth2/authorize" API to initiate an OAuth 2.0 authorization flow for the OAuth 2.0 authorization. The authorization is returned in the form of an authorization code, which the signature application shall then use to obtain the SAD via "Get Access Token | SAD" API. The SAD received in response shall be used in the "Get Sign Hash from RSSP" API request.
11. Use the "Embed Signature" API to embed signatures in the document.
12. The signature application uses one of the following APIs of the CSC server for revoking access tokens, as per the requirement:
"Revoke Access Token" API to revoke the service access token or refresh token.
"Revoke OAuth2 Access Token" API to revoke an OAuth 2.0 access token or refresh token.
13. After the signing process is complete, if the signatory is the final signer, the Finish Processing API must be invoked. Without this step, the document will remain in an "In Progress" state for the owner. Once the API is called, the status updates to "Completed."
Finally, after signing, the Get Document Verification API can be used to retrieve the verification response.
The CSC Signing process can be a one-step or two-step operation, depending on the SCAL value returned by the "Get Credentials Info" API response. The distinction lies in how the document hash is calculated and how the signature is embedded.
1-Step Sign:
Condition: If SCAL is 1 in the "Get Credentials Info" API response, the signature application does not need to call the "Get Document Hash" API to calculate the document hash.
Process: The application simply collects the necessary data to call the "Sign Document via RSSP Directly" API. This API will automatically calculate the document hash, sign it using the CSC server, and embed the signature directly into the document.
2-Step Sign:
Condition: If SCAL is 2 in the "" API response, the following steps are required:
Process: Follow the below steps:
1. The signatory is identified via the access token provided in the API call, which means authentication is required before initiating the signing process. The access token must be issued directly to the signatory through authentication API.
2. If modifications are needed before signing, the Fill Form Fields API should be called beforehand. Note that any mandatory input fields must be completed for the signing process to succeed.
3. To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the Get Signature Settings API. This API provides details of all available signing servers along with their corresponding levels of assurance.
4. The signature application uses the "Get RSSP Information" API to get the RSSP (Remote Signing Service Provider) information that is needed to perform CSC Signing.
5. The signature application uses the "Get RSSP Info" API which returns the information about the RSSP (Remote Signing Service Provider) and the list of API methods it has implemented. This method shall be implemented by any RSSP conforming to this specification.
6. If the "authorization_required" parameter is true, in response to the "Get RSSP Information" API, the "Get Account Token" API shall be used to get the account_token which will be used to hit the "oauth2/authorize" CSC Server endpoint.
7. The signature application requests authorization for the user to access the RSSP resources using the "oauth2/authorize" API of the CSC server. The authorization is returned in the form of an authorization code, which the signature application shall then use to obtain an access token.
8. The signature application gets the access token using the "Get Access Token | SAD" API which returns the Bearer/SAD token.
9. The signature application gets the list of credentials associated using the "Get Filtered Credential List" API. if the RUT filtration is required this API will filter the credentials as per the RUT values. A user may have one or multiple credentials hosted by a single remote signing service provider.
10. The signature application gets the information on a signing credential, its associated certificate, and a description of the supported authorization mechanism using the "Get Credentials Info" API.
11. Use the "Get Document Hash" API to get the hash of the document.
11. Signature application can use any one of the following APIs for authorization of credential ID, based on the response of the "Get Credentials Info" API of the CSC server:
"Send OTP via RSSP" API to start the online OTP mechanism associated with a credential ID for Explicit (OTP) authorization.
"RSSP Credentials Authorization" API to authorize access to the credential ID for signing for Explicit (OTP/PIN) or Implicit authorization. The SAD received in response shall be used in the "Get Sign Hash from RSSP" API request.
"oauth2/authorize" API to initiate an OAuth 2.0 authorization flow for the OAuth 2.0 authorization. The authorization is returned in the form of an authorization code, which the signature application shall then use to obtain the SAD via "Get Access Token | SAD" API. The SAD received in response shall be used in the "Get Sign Hash from RSSP" API request.
12. Use the "Embed Signature" API to embed signatures in the document.
13. The signature application uses one of the following APIs of the CSC server for revoking access tokens, as per the requirement:
o "Revoke Access Token" API to revoke the service access token or refresh token.
o "Revoke OAuth2 Access Token" API to revoke an OAuth 2.0 access token or refresh token.
14. After the signing process is complete, if the signatory is the final signer, the Finish Processing API must be invoked. Without this step, the document will remain in an "In Progress" state for the owner. Once the API is called, the status updates to "Completed."
Finally, after signing, the Get Document Verification API can be used to retrieve the verification response.
The CSC Signing process can be a one-step or two-step operation, depending on the SCAL value returned by the "Get Credentials Info" API response. The distinction lies in how the document hash is calculated and how the signature is embedded.
1-Step Sign:
Condition: If SCAL is 1 in the "Get Credentials Info" API response, the signature application does not need to call the "Get Document Hash" API to calculate the document hash.
Process: The application simply collects the necessary data to call the "Sign Document via RSSP Directly" API. This API will automatically calculate the document hash, sign it using the CSC server, and embed the signature directly into the document.
2-Step Sign:
Condition: If SCAL is 2 in the "" API response, the following steps are required.
Process:
First, the signature application must call the "" API to retrieve the document’s hash.
To perform CSC bulk document signing via API using server-side signing, follow the steps mentioned below. These steps detail the API calls required to sign multiple documents in a single operation through the server.
1. The signatory is identified via the access token provided in the API call, which means authentication is required before initiating the signing process. The access token must be issued directly to the signatory through authentication API.
2. If modifications are needed before signing, the Fill Form Fields API should be called beforehand. Note that any mandatory input fields must be completed for the signing process to succeed.
3. To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the API. This API provides details of all available signing servers along with their corresponding levels of assurance.
4. The signature application needs to call API. This API executes pre-signing validations for each document package and respectively returns any errors along with the list of tasks that the application needs to perform to complete the signing process.
5. The signature application uses the "" API to get the RSSP (Remote Signing Service Provider) information that is needed to perform CSC Signing.
6. The signature application uses the "" API which returns the information about the RSSP (Remote Signing Service Provider) and the list of API methods it has implemented. This method shall be implemented by any RSSP conforming to this specification.
7. The signature application gets the access token using the "" API, the Server will itself decide the grant_type (client_credentials / authorization_code) depending on its configurations.
8. The signature application gets the list of credentials associated using the "" API. if the RUT filtration is required this API will filter the credentials as per the RUT values. A user may have one or multiple credentials hosted by a single remote signing service provider.
9. The signature application gets the information on a signing credential, its associated certificate, and a description of the supported authorization mechanism using the "" API.
10. If the "authorization_required" parameter is true, in response to the "" API, the "" API shall be used to get the account_token which will be used to hit the "oauth2/authorize" CSC Server endpoint.
11. Use the "" API to get the hash of the document.
11. Signature application can use any one of the following APIs for authorization of credential ID, based on the response of the "" API of the CSC server:
"" API to start the online OTP mechanism associated with a credential ID for Explicit (OTP) authorization.
"" API to authorize access to the credential ID for signing for Explicit (OTP/PIN) or Implicit authorization. The SAD received in response shall be used in the "" API request.
"oauth2/authorize" API to initiate an OAuth 2.0 authorization flow for the OAuth 2.0 authorization. The authorization is returned in the form of an authorization code, which the signature application shall then use to obtain the SAD via "" API. The SAD received in response shall be used in the "" API request.
12. Use the "" API to embed signatures in the document.
13. The signature application uses one of the following APIs of the CSC server for revoking access tokens, as per the requirement:
"" API to revoke the service access token or refresh token.
"" API to revoke an OAuth 2.0 access token or refresh token.
14. Finally, after signing, the API can be used to retrieve the verification response.
The CSC Signing process can be a one-step or two-step operation, depending on the SCAL value returned by the "" API response. The distinction lies in how the document hash is calculated and how the signature is embedded.
1-Step Sign:
Condition: If SCAL is 1 in the "" API response, the signature application need to call the "" API. This API will automatically calculate the document hash/s, sign it using the CSC server, and embed the signature directly into the document.
2-Step Sign:
1. The signatory is identified via the access token provided in the API call, which means is required before initiating the signing process. The access token must be issued directly to the signatory through API.
2. If modifications are needed before signing, the API should be called beforehand. Note that any mandatory input fields must be completed for the signing process to succeed.
3. To determine which Signing Servers should be displayed based on a signature field’s level of assurance, the signature application must call the API. This API provides details of all available signing servers along with their corresponding levels of assurance.
4. The signature application needs to call API. This API executes pre-signing validations for each document package and respectively returns any errors along with the list of tasks that the application needs to perform to complete the signing process.
5. The signature application uses the "" API to get the RSSP (Remote Signing Service Provider) information that is needed to perform CSC Signing.
6. The signature application uses the "" API which returns the information about the RSSP (Remote Signing Service Provider) and the list of API methods it has implemented. This method shall be implemented by any RSSP conforming to this specification.
7. If the "authorization_required" parameter is true, in response to the "" API, the "" API shall be used to get the account_token which will be used to hit the "oauth2/authorize" CSC Server endpoint.
8. The signature application requests authorization for the user to access the RSSP resources using the "oauth2/authorize" API of the CSC server. The authorization is returned in the form of an authorization code, which the signature application shall then use to obtain an access token.
9. The signature application gets the access token using the "" API which returns the Bearer/SAD token.
10. The signature application gets the list of credentials associated using the "" API. if the RUT filtration is required this API will filter the credentials as per the RUT values. A user may have one or multiple credentials hosted by a single remote signing service provider.
11. The signature application gets the information on a signing credential, its associated certificate, and a description of the supported authorization mechanism using the "" API.
12. Use the "" API to get the hash of the document.
12. Signature application can use any one of the following API for authorization of credential ID, based on the response of the "" API of the CSC server:
"" API to start the online OTP mechanism associated with a credential ID for Explicit (OTP) authorization.
"" API to authorize access to the credential ID for signing for Explicit (OTP/PIN) or Implicit authorization. The SAD received in response shall be used in the "" API request.
"oauth2/authorize" API to initiate an OAuth 2.0 authorization flow for the OAuth 2.0 authorization. The authorization is returned in the form of an authorization code, which the signature application shall then use to obtain the SAD via "" API. The SAD received in response shall be used in the "" API request.
13. Use the "" API to embed signatures in the document.
14. The signature application uses one of the following APIs of the CSC server for revoking access tokens, as per the requirement:
"" API to revoke the service access token or refresh token.
"" API to revoke an OAuth 2.0 access token or refresh token.
15. Finally, after signing, the API can be used to retrieve the verification response.
The CSC Signing process can be a one-step or two-step operation, depending on the SCAL value returned by the "" API response. The distinction lies in how the document hash is calculated and how the signature is embedded.
1-Step Sign:
Condition: If SCAL is 1 in the "" API response, the signature application need to call the "" API. This API will automatically calculate the document hash/s, sign it using the CSC server, and embed the signature directly into the document.
2-Step Sign:
If the "Allow users to manage signature logo" option is unchecked, the logo will be as per Branding.
Next, the application must call the "" API to embed the signature into the document.
Next, the application must call the "" API to embed the signature into the document.
Condition: If SCAL is 2 in the "" API response, the following steps are required:
Process: Follow the below steps:
First, the signature application must call the "" API to retrieve the document’s hash.
Next, the application must call the "" API to embed the signature into the document.
Condition: If SCAL is 2 in the "" API response, the following steps are required:
Process: Follow the below steps:
First, the signature application must call the "" API to retrieve the document’s hash.
Next, the application must call the "" API to embed the signature into the document.
