Tutorial: PDF Digital Signature Validation
  • Intro
  • PDF Digital Signature Validation
  • Validation in Adobe Acrobat
  • Validation Web Application
  • Validation with API
  • Conclusion
  • Useful Links
Powered by GitBook
On this page
  • Requesting a validation
  • Access

Validation with API

PreviousValidation Web ApplicationNextConclusion

Last updated 7 years ago

While our web application is very useful, chances are you'll want to validate signed PDF documents in your own application. Luckily, there's nothing easier when making use of our API. Let's take a look under the Validation WebApp's hood and see how it's done.

Requesting a validation

The specific part we want can be found in the following :

function uploadForValidation(file, jwt) {
  let options = getDefaultOptions('/validations/upload', jwt); // https://accapim.t1t.be/trust1team/signbox/v1/validations/upload
  options.formData = {
    signedFile: {
      value: file.buffer,
      options: {
        filename: file.originalname,
        contentType: file.mimeType
      }
    }
  };
  return rp.post(options).then(returnBody);
}

function getDefaultOptions(path, jwt) {
  let headers = { apikey: config.gw.apikey };
  if (jwt) { headers.authorization = 'Bearer ' + jwt }
  return {
    url: config.gw.signbox + path,
    headers,
    resolveWithFullResponse: true
  }
}

function returnBody(res) {
  let body = JSON.parse(res.body);
  body.limits = limits.extractLimits(res.headers);
  return JSON.stringify(body);
}

A simple HTTP POST request to our Signbox API with the document as a multipart-formdata suffices. You'll receive the entire report as a JSON response, which you can then parse to display the various validation results in your application or just verify that your document is in fact valid!

Access

Now, you're probably asking, how do I get access to the API...?

Our APIs are secured with a JWT policy, and this means that an API key alone will not suffice to grant you access to our Validation API

/**
 * Returns JWT token. Will request a new token if needed.
 * @param fn Callback function
 */
function getJWT(fn) {
    let options = {
        method: "GET",
        url: config.gw.auth + "/login/application/token", // https://accapim.t1t.be/apiengineauth/v1/login/application/token
        headers: { apikey: config.gw.apikey, "content-type": "application/json"},
        json: true
    };
    request(options, fn);
}

/**
 * Refresh a JWT token
 * @param token Current valid token
 * @param fn Callback function
 */
function refreshJWT(token, fn) {
    let options = {
        method: "POST",
        url: config.gw.auth +  "/login/token/refresh", // https://accapim.t1t.be/apiengineauth/v1/login/token/refresh
        headers: { apikey: config.gw.apikey, "content-type": "application/json" },
        body: { originalJWT: token },
        json: true
    };
    request(options, fn);
}

You do this by making a GET request to our orchestration API with your API key in a apikey header.

curl -X GET \
  https://accapim.t1t.be/apiengineauth/v1/login/application/token \
  -H 'Accept: application/json' \
  -H 'apikey: your-api-key-here'

and make your validation request with the resulting JWT in an Authorization Bearer header like so:

curl -X POST \
  https://accapim.t1t.be/trust1team/signbox/v1/validations/upload \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer your-jwt-here' \
  -H 'Content-Type: multipart/form-data; boundary=----FormBoundary' \
  -H 'apikey: your-api-key-here' \
  -d '------FormBoundary
Content-Disposition: form-data; name="Trust1Team"; filename="Trust1Team.pdf"
Content-Type: application/pdf

[your document bytes here]
------FormBoundary--'

Note that the JWT in the Authorization-header must be prefixed by Bearer.

There's a for that!

Just head on over to our , and obtain an API key by requesting a contract with our Signbox API.

However, we've made this simple for you! If we take a look at the below, you can see that all you need to do is exchange your API key for a valid JWT

snippet of code
guide
Marketplace
snippet of code