Table of contents
Other services
Management:
Freja eID Signature services allow relying parties to securely deliver messages to a user, as well as to prompt Freja eID end users to digitally sign data and documents. The end user will have previously downloaded the Freja eID mobile application on one or more iOS or Android devices they possess, and registered with Freja eID, allowing them to be referred to by relying parties through the use of one or more email addresses. Signature services are available to Basic and end users that have upgraded to Freja eID Extended or Plus. Signatures created by the end users are PKI-based and therefore non-repudiable.
The signature flow is practically identical to that of authentication depicted in the section on Authentication Services. The key difference is that whereas a user can only have one authentication transaction active at any given time and the duration of authentication transactions is limited to two minutes, multiple signatures can be pending for a user's approval and each individual signature transaction can be open for up to 30 days (i.e. from the initiation by a relying party an end user may have up to 30 days to perform the signing). This allows for flexible signing solutions to be built on top of Freja eID where users can be prompted to sign even outside a direct online context.
Signature types
Freja eID allows for several types of signatures.
Simple signature type
The Simple signature type allows signing of UTF-8 text. Upon completion of the signature by the user, the relying party receives a JWS structure containing the data that was presented to the user, as well as evidence that the Freja eID infrastructure has validated the signature.
Extended signature type
The extended signature type allows signing of UTF-8 text (presented to the user) alongside binary data (not presented to the user). Upon completion of the signature by the user, the relying party receives a JWS structure containing the data that was presented to the user and the supplied binary data, as well as evidence that the Freja eID infrastructure has validated the signature.
Advanced signature type
The advanced signature type allows signing of UTF-8 text (presented to the user), binary data (not presented to the user) or both to be signed in XML or CMS formats. Subject to the type of binary data, the value returned to the relying party will be one of the following:
Binary data type | Signature format | Value returned to the relyingparty |
---|---|---|
SHA-256 data digest | RAW | A JWS signature containing with the payload comprising of the raw digital signature (RSA transformation) over the digest data, alongside a reference to the end user's certificate corresponding to the signing key, evidence of certificate status and information about the end user's identity, all signed by Freja eID. |
Opaque binary data | XML | An enveloping XML digital signature containing the data presented to the user and the opaque binary data, signed by the end user and counter-signed by Freja eID, alongside the information about the user's identity and evidence of the validity of the end user's signature. |
Opaque binary data | CMS | CMS digital signature containing the data presented to the user and the opaque binary data, signed by the end user, alongside evidence of certificate status and information about the user's identity. This signature is, in turn, counter-signed in CMS format in evidence of its validity. |
XML document | XML | An enveloped XML digital signature over the supplied XML document extended with the data presented to the user, signed by the end-user and counter-signed by Freja eID, alongside the information about the user's identity and evidence of the validity of the end user's signature. |
Note: Currently, Simple and Extended signatures are supported.
Before you begin
Disclaimer
We retain the right to extend the API with new optional parameters, new response fields and error codes. Within the same API version, these additions shall be made strictly without altering existing response fields and error codes so as not to compromise your system's stability. Your application therefore MUST be able to handle unknown response fields and error codes. In the case of unknown response fields, the application SHOULD ignore them and process only those it understands. In the case of unknown error codes, the application MUST present a generic error message to the end-user.
There are several technical requirements that must be in place before the implementation can start. Please complete the checklist below before proceeding:
- Obtain an SSL client certificate providing you access to the Freja eID test environment.
- Import Freja eID Test root certificate as trusted into the trust store of your application.
- Using Freja eID mobile application, register one or more users with the Freja eID Test infrastructure.
Production checklist
In order to use Freja eID in a production environment, you must fulfil the following:
- Sign a contract allowing your organisation to access the production Freja eID Signature service.
- Provide Freja eID with a logo suitable to represent your organisation in the mobile application, as well as a display name and a short description. Please note that:
- The logo must be delivered in one of the vector file formats: AI (Adobe Illustrator Artwork), EPS (Encapsulated PostScript) or editable PDF (Portable Document Format). The preferable format is AI (filename extension is .ai).
- The display name is restricted to maximum length of 20 characters and the description should not exceed 75 characters. The URL can be up to 100 characters long.
- Obtain an SSL client certificate providing you access to the Freja eID production environment.
- Import Freja eID Production root certificate as trusted into the trust store of your application.
Initiate sign method
This method is used by a relying party to initiate a signing transaction. The method is intended for creating signatures both in online contexts, where the access to the relying party's service or application is initiated by the end user, as well as in offline contexts, where the signature request is initiated by the relying party's service in its own right. Signature transactions, therefore, have configurable longevity — from the point of initiation, the user has between two minutes and 30 days to confirm the signature request. As opposed to authentication requests, multiple signature requests may be active at any given time, from the same or different relying parties.
Although in most cases possession and control of the handheld device on which a Freja eID app is installed are sufficient for allowing the user to view transaction content when initiating a transaction, a relying party can also specify whether the content is confidential or not. The confidentiality flag governs whether the user must present the PIN or, if enabled, use one of the biometric authentication alternatives on the handheld device, before being allowed to view the transaction content. The option effectively provides an option to have transactions that are "signed-for (for viewing) with explicit consent (for accepting the content)".
The method is called using HTTP POST through the URLs below:
System | Method endpoints |
---|---|
Test | https://services.test.frejaeid.com/sign/1.0/initSignature |
Production | https://services.prod.frejaeid.com/sign/1.0/initSignature |
The parameter of the method is a Base64 encoded JSON payload according to the following:
Parameter name | Value | |
---|---|---|
initSignRequest | { "userInfoType":"User info type", "userInfo":"User information corresponding to user info type", "restrict":"Restricts the signature request to a specific mobile device", "minRegistrationLevel":"Minimum required registration level of a user", "title":"Title to display in transaction list", "pushNotification": { "title":"Title to display in push notification to user", "text":"Text to display in push notification to user" }, "confidential":"true/false", "expiry":"Expiry time for the request", "dataToSignType":"Type of data to sign", "dataToSign":"The data to be signed", "signatureType":"Signature type", "attributesToReturn": [ { "attribute":"Type of attribute to be returned" } ] } userInfoType: string, mandatory. Describes the type of user information supplied to identify the end user. Currently one of: PHONE (end user's telephone number), EMAIL (end user's email), SSN (end user's social security number), CUST (a custom identifier). Note: Currently, CUST is not supported. userInfo: string, mandatory, 256 characters maximum. If userInfoType is EMAIL or PHONE, interpreted as a string value of the email or telephone number of the end user, respectively. If userInfoType is SSN, then it must be a Base64 encoding of the ssnuserinfo JSON structure described below. If userInfoType is CUST, then see custuserinfo below. Note: If userInfoType is PHONE, the userInfo value MUST be in the form of: "+4673*******"; the leading plus '+' is present whereas the leading zero from the mobile phone operator code '0' is not. (See example below) | |
ssnuserinfo | { "country":"Country of SSN", "ssn":"Social security number of the end user" } country: string, mandatory. Contains the ISO-3166 two-alphanumeric country code of the country where the SSN is issued. In the current version of Freja eID, must be equal to "SE". | |
custuserinfo | Reserved for future use, not supported in current version of Freja eID. | |
restrict: base64 string, optional. A value that restricts the sign action only to the Freja eID mobile application started with the same parameter. This can be used in situations where the relying party service is accessed through a browser or app on the same device as the Freja eID app. By passing the same restrict value to the initSignRequest as to the start of the mobile application, the relying party application can target the usage of the Freja eID on the same device. If present, max 64 characters (post Base64 encoding). Note: Usage of "restrict" is not supported in current version of Freja eID. minRegistrationLevel: string, optional. Minimum required registration level of a user in order to approve/decline signing transaction. Can be BASIC, EXTENDED or PLUS. If not present, default level will be PLUS. title: string, optional, 128 characters maximum. The title to display in the transaction list if presented to the user on the mobile device. The title will be presented regardless of the confidentiality setting (see below). If not present, a system default text will be presented. pushNotification: JSON structure, optional. The title and the text of the notification sent to the mobile device to alert the user of a signature request. The character limit for the push notification title and text is 256 characters for each. If not present, a system default title and text will be presented. How much text the user sees in the push notification depends on the device's screen size. confidential: boolean (true/false), optional. Determines whether the user will be required to enter their Freja eID PIN or, if enabled, use the handheld device's biometric authentication method before being allowed to view the content of the transaction. If not present, defaults to false. Note: In the current version of Freja eID, if the parameter is supplied, it must be set to false. expiry: long, optional. Describes the time until which the relying party is ready to wait for the user to confirm the signature request. Expressed in milliseconds since January 1, 1970, 00:00 UTC. Min value is current time +2 minutes, max value is current time +30 days. If not present, defaults to current time +2 minutes. dataToSignType: string, mandatory. Describes the type of data to be signed. Currently, SIMPLE_UTF8_TEXT and EXTENDED_UTF8_TEXT are supported. dataToSign: JSON structure, mandatory. Subject to dataToSignType; If SIMPLE_UTF8_TEXT, than all of dataToSign will be displayed to the user prior to soliciting signature approval. If EXTENDED_UTF8_TEXT, then one part will be displayed to the user prior to soliciting signature approval, while the binaryData part of dataToSign will not. JSON structure described below. | ||
dataToSignType | SIMPLE_UTF8_TEXT | |
dataToSign | { "text":"Base64 encoded UTF-8 text displayed to the end user" } text: string, mandatory, 4096 plain text characters maximum prior to Base64 encoding. The text that will be shown in the mobile application and signed by the end user. The content of the Base64 string are bytes representing a UTF-8 encoding of the text to be displayed to and signed by the user. | |
dataToSignType | EXTENDED_UTF8_TEXT | |
dataToSign | { "text":"Base64 encoded UTF-8 text displayed to the end user", "binaryData":"Base64 encoded byte array not displayed to the user" } text: string, mandatory, 4096 plain text characters maximum prior to Base64 encoding. The text that will be shown in the mobile application and signed by the end user. The content of the Base64 string are bytes representing a UTF-8 encoding of the text to be displayed to and signed by the user. binaryData: string, mandatory, 10 MB maximum prior to Base64 encoding. This is not shown to the user in the mobile application but is, nonetheless included in the signature. | |
signatureType: string, mandatory. The type of signature that is requested. Currently, SIMPLE and EXTENDED are supported and must match the dataToSignType parameter. attributesToReturn: list of objects, optional. When retrieving results, additional information about the user can be returned based on the type of attributes required through this parameter. Each object should contain one attribute. Currently supported attribute types are: BASIC_USER_INFO (name and surname), EMAIL_ADDRESS (user's email address), DATE_OF_BIRTH (date of birth), CUSTOM_IDENTIFIER (a unique, RP-specific, user identifier, set by the RP through the Custom Identifier Management), SSN (social security number and country), RELYING_PARTY_USER_ID (a unique, user-specific value that allows the Relying Party to identify the same user across multiple sessions). Note: if the requested attribute is BASIC_USER_INFO, DATE_OF_BIRTH or SSN the minRegistrationLevel must be set to EXTENDED or PLUS. |
Example request with userInfoType set to EMAIL: |
---|
If you wish to initiate a signature request for a user with an email address joe.black@verisec.com, follow these steps:
The HTTP body should be the following (compact format, line broken for clarity only): initSignRequest=eyJ1c2VySW5mb1R5cGUiOiJFTUFJTCIsInVzZXJJbmZvIjoiam9lLmJsYWNrQHZlcmlzZWMuY29tIiwibWluUmVnaXN0cmF0a W9uTGV2ZWwiOiJCQVNJQyIsInRpdGxlIjoiU2lnbiB0cmFuc2FjdGlvbiIsImNvbmZpZGVudGlhbCI6ZmFsc2UsImV4cGlyeSI6MTUxNzUyNjAwMD AwMCwiZGF0YVRvU2lnblR5cGUiOiJTSU1QTEVfVVRGOF9URVhUIiwiZGF0YVRvU2lnbiI6eyJ0ZXh0IjoiVkdocGN5QnBjeUJoSUhSbGVIUWdabTl 5SUhOcFoyNGdkSEpoYm5OaFkzUnBiMjR1In0sInNpZ25hdHVyZVR5cGUiOiJTSU1QTEUiLCJhdHRyaWJ1dGVzVG9SZXR1cm4iOlt7ImF0dHJpYnV0 ZSI6IkNVU1RPTV9JREVOVElGSUVSIn1dfQ== |
Example request with userIntoType set to PHONE: |
If you wish to initiate a sign request for a user with a phone number '+46731234567':
The HTTP body should be the following: initSignRequest=eyJ1c2VySW5mb1R5cGUiOiJQSE9ORSIsInVzZXJJbmZvIjoiKzQ2NzMxMjM0NTY3IiwibWluUmVnaXN0cmF0aW9uTGV2ZWwiO iJCQVNJQyIsInRpdGxlIjoiU2lnbiB0cmFuc2FjdGlvbiIsImNvbmZpZGVudGlhbCI6ZmFsc2UsImV4cGlyeSI6MTUxNzUyNjAwMDAwMCwiZGF0YV RvU2lnblR5cGUiOiJTSU1QTEVfVVRGOF9URVhUIiwiZGF0YVRvU2lnbiI6eyJ0ZXh0IjoiVkdocGN5QnBjeUJoSUhSbGVIUWdabTl5SUhOcFoyNGd kSEpoYm5OaFkzUnBiMjR1In0sInNpZ25hdHVyZVR5cGUiOiJTSU1QTEUifQ== |
Example request with userIntoType set to SSN: |
If you wish to initiate a sign request for a user with an SSN '198905218072' and country 'SE':
The HTTP body should be the following: initSignRequest=eyJ1c2VySW5mb1R5cGUiOiJTU04iLCJ1c2VySW5mbyI6ImV5SmpiM1Z1ZEhKNUlqb2lVMFVpTENKemMyNGlPaUl4T1RnNU1EV XlNVGd3TnpJaWZRPT0iLCJtaW5SZWdpc3RyYXRpb25MZXZlbCI6IlBMVVMiLCJ0aXRsZSI6IlNpZ24gdHJhbnNhY3Rpb24iLCJjb25maWRlbnRpYW wiOmZhbHNlLCJleHBpcnkiOjE1MTc1MjYwMDAwMDAsImRhdGFUb1NpZ25UeXBlIjoiU0lNUExFX1VURjhfVEVYVCIsImRhdGFUb1NpZ24iOnsidGV 4dCI6IlZHaHBjeUJwY3lCaElIUmxlSFFnWm05eUlITnBaMjRnZEhKaGJuTmhZM1JwYjI0dSJ9LCJzaWduYXR1cmVUeXBlIjoiU0lNUExFIn0= |
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1001 | Invalid or missing userInfoType. |
1002 | Invalid or missing userInfo. |
1003 | Invalid restrict. |
1004 | You are not allowed to call this method. |
1005 | The user has not enabled your service. |
1006 | Invalid confidential. |
1007 | Invalid min registration level. |
1008 | Unknown relying party. |
1010 | JSON request cannot be parsed. |
3000 | Invalid or missing dataToSignType. |
3001 | Invalid or missing dataToSign. |
3002 | Invalid or missing signatureType. |
3003 | Invalid expiry time. |
3004 | Invalid push notification. |
3005 | Invalid attributesToReturn parameter. |
3006 | Custom identifier has to exist when it is requested. |
3007 | Invalid title. |
If HTTP 200 is returned from the method, the following return value will be present in the body of the response:
JSON Response Value in body |
---|
{ "signRef":"Reference to be submitted in getOneResult method" } signRef: string, mandatory. A reference unique to the transaction, that can be used to query the result of a specific signing transaction (see Get one signature result method and Get signature results method below). |
Methods for retrieving signature results
There are two methods that can be used for fetching digital signature results: one that returns a single result for a specified signature reference (signRef returned from a call to Initiate sign method), and one that returns multiple signature results. The latter is the preferred way of fetching results in situations where a relying party has many concurrent signatures in progress, as it reduces the number of polling requests.
Get one signature result method
The method is called using HTTP POST through the URLs below:
System | Method endpoint |
---|---|
Test | https://services.test.frejaeid.com/sign/1.0/getOneResult |
Production | https://services.prod.frejaeid.com/sign/1.0/getOneResult |
The parameter of the method is a Base64 encoded JSON payload according to the following:
Parameter name | Value | |
---|---|---|
getOneSignResultRequest | { "signRef":"Signature reference" } signRef: string, mandatory . The value must be equal to a signature reference previously returned from a call to the Initiate sign method. The time period during which a specific signature reference is available for checking will depend on the longevity of the signature operation (see the expiry parameter in the Initiate sign method) and is calculated as expiry time plus 3 days. |
Example request: |
---|
If you wish to fetch a single signature result with the signture reference previosly returned from a call to initSignRequest (for a user with an email address joe.black@verisec.com), follow these steps:
The HTTP body should be the following (compact format, line broken for clarity only): getOneSignResultRequest=eyJzaWduUmVmIjoiVHJMQTl6ZHhDQmxOT1 FOdmtkaEFNMTRtSm1sTDIwZGlnQzcrUWdFVlJ3bUU3U0g4UW0wc3dXSWM2d2hmS200WSJ9 |
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1008 | Unknown relying party. |
1100 | Invalid reference (for example, nonexistent or expired). |
If HTTP 200 is returned from the method, the following return value will be present in the body of the response:
JSON Response Value in body | |
---|---|
Response body | { "signRef":"Signature reference", "status":"Signature status", "details":"signed data, see below", "requestedAttributes": { "basicUserInfo":{ "name":"User's name", "surname":"User's surname" }, "emailAddress":"User's email address", "dateOfBirth":"User's date of birth", "customIdentifier":"Custom identifier set by the RP", "ssn":{ "ssn":"Social security number of the end user", "country":"Country of SSN" }, "relyingPartyUserId":"Unique user ID reserved for Relying Parties" } } signRef: string, mandatory . The signature reference of the signing request. status: string, mandatory. One of: STARTED (the transaction has been started but not yet delivered to Freja eID application associated with the end user), DELIVERED_TO_MOBILE (the Freja eID app has downloaded the transaction), OPENED (the user has opened and seen the signature request but neither canceled nor approved it yet), CANCELED (the end user declined the signature request), RP_CANCELED (the sign request was sent to the user but canceled by the RP before the user could respond), EXPIRED (the signature request was not approved by the end user within the signature validity limit as requested when the signature was initialized), APPROVED (the signature was successful). Note: In the current version of Freja eID, OPENED status is not supported. details: A signed object (see below), optional. Provides details and evidence of the signing if status was equal to APPROVED. requestedAttributes: JSON object (see below), optional. Provides additional attributes about a user if required in attributesToReturn parameter in related initSignRequest and the status was equal to APPROVED. |
details | The content of this response element will depend on the signatureType requested when the signature was initiated. For a Simple signature type, it will contain a JWS in compact serialised form as following: BASE64URL(UTF8(JWS Protected Header)) || ’.’ || BASE64URL(JWS Payload) || ’.’ || BASE64URL(JWS Signature)
JWS Protected Header { "x5t": "SHA-1 digest of the signing certificate", "alg": "algorithm used to secure the JWS" } x5t: mandatory, Base64URL encoding of the certificate's SHA-1 digest.
JWS Payload { "signRef":"Signature reference", "status":"Signature status", "userInfoType":"User info type", "userInfo":"User information corresponding to user info type", "minRegistrationLevel":"Minimum required registration level of a user", "timestamp":"Time when signature was confirmed by end user", "signatureType":"Signature type", "signatureData": { "userSignature":"The signature produced by the end user", "certificateStatus":"Evidence of end-users certificate status" }, "requestedAttributes": { "basicUserInfo":{ "name":"User's name", "surname":"User's surname" }, "emailAddress":"User's email address", "dateOfBirth":"User's date of birth", "customIdentifier":"Custom identifier set by the RP", "ssn":{ "ssn":"Social security number of the end user", "country":"Country of SSN" }, "relyingPartyUserId":"Unique user ID reserved for Relying Parties" } } signRef: See signRef above. status: See status above. userInfoType: See userInfoType as described in Initiate sign method. userInfo: See userInfo as described in Initiate sign method. minRegistrationLevel: See registrationLevel as described in Initiate sign method. timestamp: long, mandatory. Describes the time when the confirmation by the end user was validated on Freja eID server side. Expressed in milliseconds, since January 1, 1970, 00:00 UTC. signatureType: string, mandatory. The type of signature that is requested. Currently SIMPLE and EXTENDED are supported. signatureData: see fields below, mandatory. userSignature: the produced signature, string, mandatory. Contains the end user's signature in the requested format. The end user's signature will implicitly contain the dataToSign as requested in Initiate sign method as within its payload. certificateStatus: Base64 string, mandatory. Contains the OCSP response regarding the state of the end-user certificate at the time of validating the signature. requestedAttributes: JSON object (see below), optional. Provides additional attributes about a user if required in attributesToReturn parameter in related initSignRequest and the status was equal to APPROVED. |
requestedAttributes | { "basicUserInfo":{ "name":"User's name", "surname":"User's surname" }, "emailAddress":"User's email address", "dateOfBirth":"User's date of birth", "customIdentifier":"Custom identifier set by the RP", "ssn":{ "ssn":"Social security number of the end user", "country":"Country of SSN" }, "relyingPartyUserId":"Unique user ID reserved for Relying Parties" } basicUserInfo: JSON object which contains user's name and surname. emailAddress: String, representing the user's email address. dateOfBirth: String containing date of birth in format: YYYY-MM-DD customIdentifier: String, a unique, RP-specific, user identifier, set by the RP itself through the Custom Identifier Management. ssn: JSON object which contains social security number and country. relyingPartyUserId: String, mandatory. Represents a unique, user-specific value that allows the Relying Party to identify the same user across multiple sessions. |
Get signature results method
The method is called using HTTP POST through the URLs below:
System | Methodendpoint |
---|---|
Test | https://services.test.frejaeid.com/sign/1.0/getResults |
Production | https://services.prod.frejaeid.com/sign/1.0/getResults |
The parameter of the method is a Base64 encoded JSON payload according to the following:
Parameter name | Value | |
---|---|---|
getSignResultsRequest | { "includePrevious":"Include previously returned results" } includePrevious: string, mandatory. Must be equal to ALL or OUTSTANDING_AND_NEW. If equal to ALL, indicates that the complete list of signature requests is successfully initiated by the relying party. The time period during which a specific signature reference is available for checking will depend on the longevity of the signature operation (see the expiry parameter in the Initiate sign method) and is calculated as expiry time plus 3 days. NOTE: In the current implementation of the service must be equal to ALL. |
Example request: |
---|
If you wish to fetch multiple signature results, follow these steps:
The HTTP body should be the following: getSignResultsRequest=eyJpbmNsdWRlUHJldmlvdXMiOiJBTEwifQ== |
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1008 | Unknown relying party. |
1200 | Invalid or missing includePrevious parameter. |
If HTTP 200 is returned from the method, the following return value will be present in the body of the response:
JSON Response Value inbody | |
---|---|
Responsebody | { "signatureResults":[ { "signRef":"Signature reference", "status":"Signature status", "details":"signed data, see below", "requestedAttributes": { "basicUserInfo":{ "name":"User's name", "surname":"User's surname" }, "emailAddress":"User's email address", "dateOfBirth":"User's date of birth", "customIdentifier":"Custom identifier set by the RP", "ssn":{ "ssn":"Social security number of the end user", "country":"Country of SSN" }, "relyingPartyUserId":"Unique user ID reserved for Relying Parties" } }, { "signRef":... } } signatureResults: an array of JSON objects, mandatory. An array of signature result objects (if the signatureRef parameter was passed, the array will always be of length 1). signRef: string, mandatory . The signature reference of the signing request. status: string, mandatory. One of: STARTED (the transaction has been started but not yet delivered to Freja eID application associated with the end user), DELIVERED_TO_MOBILE (the Freja eID app has downloaded the transaction), OPENED (the user has opened and seen the signature request but neither canceled nor approved yet), CANCELED (the end user declined the signature request), RP_CANCELED (the sign request was sent to the user but canceled by the RP before the user could respond), EXPIRED (the signature request was not approved by the end user within the signature validity limit as requested when the signature was initialized), APPROVED (the signature was successful). Note: In the current version of Freja eID, OPENED status is not supported. details: A signed object, optional. Provides details and evidence of the signature if status was equal to APPROVED (see details as described in the Get one signature result method above). requestedAttributes: JSON object (see details as described in the Get one signature result method above), optional. |
Cancel sign method
This method is used by a relying party to cancel a signature request.
The method is called using HTTP POST through the URLs below:
System | Method endpoints |
---|---|
Test | https://services.test.frejaeid.com/sign/1.0/cancel |
Production | https://services.prod.frejaeid.com/sign/1.0/cancel |
The parameter of the method is a Base64 encoded JSON payload according to the following:
Parameter name | Value | |
---|---|---|
cancelSignRequest | { "signRef":"Signature reference" } signRef: string, mandatory . The value must be equal to a signature reference previously returned from a call to the Initiate sign method. |
Example request: |
---|
If you wish to cancel a sign request, follow these steps:
The HTTP body should be the following (line broken for clarity only): cancelSignRequest=eyJzaWduUmVmIjoiVHJMQTl6ZHhDQmxOT1FOdmtkaEFNMTRtSm1sTDIwZGlnQzcr UWdFVlJ3bUU3U0g4UW0wc3dXSWM2d2hmS200WSJ9 |
Possible errors returned by the method are the following:
Return code | Explanation |
---|---|
1004 | You are not allowed to call this method. |
1008 | Unknown relying party. |
1100 | Invalid reference (for example, nonexistent or expired). |
If HTTP 200 is returned from the method, the request was successfully fulfilled.
Attachments:

