Automatic Qualified Electronic Signature

The Qualified Electronic Signature (QES) automatic solution simplifies signing processes, ensuring full compliance with European regulations.

It is an extremely flexible API service that can be customized based on the specific needs of individual companies. Among the various options available, it is possible to sign documents either individually or in bulk directly from a server, select any signature format (CAdES, PAdES, XAdES, and PKCS#1), and set whether the document validation and signature should be synchronous or asynchronous.

There are no annual fees: you only pay for the cost of activating the certificate and actual use.

The QES Signature is also available for legal persons, through a special service (Qualified Electronic Seal).

The implementation of electronic signing via API allows offering employees or users a simplified remote signing experience for any document, while simultaneously ensuring security and European validity. Electronic signatures are recognized by European Union law through the eIDAS regulation.

The solution has 30 customisable security levels and can be integrated via API into management systems, software, and websites, making it easier and safer to sign orders, quotes, activation requests, and contracts.

Before using this service, it is necessary to purchase a signing certificate through the dedicated endpoint POST /certificates/namirial-automatic.

Once the certificate is activated, you can start using the automatic signing service. Both the "automatic" service and the "OTP" service are available, i.e., strong authentication using OTP (One Time Password), which increases the security level of the signature and further protects signed documents.

Request for Qualified Electronic Signature (EU-QES_automatic)

POST/EU-QES_automatic

The endpoint POST/EU-QES_automatic allows you to apply a qualified electronic signature via API.

{
 "inputDocument":[
  {
  	"sourceType": "remote",
	  "url": "https://my-domain.com/remoteResource.pdf",
  },
  {
	  "sourceType": "remote",
	  "payload": "BASE64string",
  }
],
 "certificateUsername": "[email protected]",
 "certificatePassword": "password123",
 "title": "PAdES Signature",
 "description": "PAdES signature of a remote and base64 file",
 "signatureType": "pades",
}

The mandatory fields for proceeding with the signature are:

• Document (inputDocument)
• Certificate Username
• Certificate Password

If not specified (in the signatureType field), the system will select the most suitable format (CAdES, PAdES, XAdES, and PKCS#1) based on the mimeType of the uploaded file.

As mentioned, the service is highly flexible and allows configuration options such as document validation mode and signature (synchronous or asynchronous), signature level, hash algorithm, and optional callback.

Some options may be available only for specific signature formats (e.g., positioning the signature in the PDF document).

The service also allows you to mark the document with any type of timestamp.

Response for Qualified Electronic Signature (EU-QES_automatic)

POST/EU-QES_automatic

The response content after the request will depend on the status of the request and could be:

• Waiting for validation
• Waiting for the completion of the signing process
• Signing process completed

If the signing process is completed, the response will contain data such as status (DONE), options, and the date.

{
 "data":{
   "id": "67af252164f60538280f70f9",
	 "updatedAt": "2025-02-14 11:12:53.699+00:00",
   "createdAt": "2025-02-14 11:12:34.218+00:00",
   "certificateType": "EU-QES_automatic",
   "state": "DONE",
   "signatureType": "pades",
   "options": {
     "asyncDocumentsValidation": false,
     "asyncSignature": false,
     "level": "B",
     "hashAlgorithm": "SHA256",
     "encryptInAnyCase": false,
     "page": 1,
     "withSignatureField": false,
  },
	"document": {
    "title": "B",
    "description": "",
    "inputDocuments": [
     {
      "sourceType": "base64",
      "createdAt": "2025-02-14 11:12:33.819+00:00",
      "mimetype": "application/pdf",
      "extension": "pdf",
      "size": 339,
      "id": "67af252164f60538280f70fb",
      "md5": "694be78a9eaa52d602bec92e211fa5dc",
      "name": "694be78a9eaa52d602bec92e211fa5dc.pdf",
    }  
  ],
   "validatedDocument": {,
     "mimetype": "application/pdf",
     "extension": "pdf",
     "size": "339",
     "createdAt": "2025-02-14 11:12:33.819+00:00",
     "id": "67af252164f60538280f70fb",
     "md5": "694be78a9eaa52d602bec92e211fa5dc",
     "name": "694be78a9eaa52d602bec92e211fa5dc.pdf"
}
  "signedDocument": {,
     "createdAt": "2025-02-14 11:12:34.229+00:00",
     "mimetype": "application/pdf",
     "extension": "pdf",
     "size": "50133",
     "id": "67af252264f60538280f70fe",
     "md5": "363cfdb141fe0e1a3f598e1fef3b3d8c",
     "name": "694be78a9eaa52d602bec92e211fa5dc_signed.pdf"
    }
  }
}, 
"message": "Created",
"success": true,
"error": null,
}

Audit

GET /signatures/{id}/{actionType}

At the end of the signing process, it will be possible to request details of the completed signing process, the signed document, the validated document, or the audit trail, which is the document containing all the information that led to the successful completion of the signature. In case of disputes, this file will allow for the technical reproduction of every step of the procedure.

Signature Validity Verification

POST /verify

Openapi also allows you to verify whether a document has actually been signed, who the signature is associated with, and how long it remains valid. The relevant endpoint in this case is POST /verify.

REQUEST EXAMPLE

When making a request, it is necessary to upload the signed document.

{
  "inputDocument": "BASE64string",
  "detachedContent": "BASE64string",
  "pdfEncryptionPassword": "password123",
  "recursive": true,
  "verifyOnDate": "2025-02-14"
}

RESPONSE EXAMPLE

The system will return various information about the document. First, it specifies whether the document has been properly signed, in which format, and whether the signature is valid.

Additionally, it provides:

{
  "data": {
    "checkDate": "2025-02-14 11:11:01.892+00:00",
    "verificationDate": "2025-02-14 11:11:01.892+00:00",
    "signatureFormat": "PAdES",
    "nrOfSignatures": 1,
    "overallVerified": true,
    "signatureReportList": [
      {
        "id": "0",
        "integrity": true,
        "signatureAlgorithmName": "SHA256withRSA",
        "subjectDN": "C=IT,SURNAME=ROSSI,GIVENNAME=MARIO,SERIALNUMBER=TINIT-RSSMRA73R02H501H,CN=ROSSI MARIO,DNQ=AUSL2023021972028357",
        "issuerDN": "C=IT,O=Namirial S.p.A./02046570426,OU=Certification Authority,CN=Namirial CA Firma Qualificata",
        "subjectCN": "ROSSI MARIO",
        "issuerCN": "Namirial CA Firma Qualificata",
        "serialNumber": "5557601230250214000",
        "signerCertificateStatus": "VALID",
        "signerCertificateNotBefore": "2025-02-14 11:11:01.892+00:00",
        "signerCertificateNotAfter": "2025-02-14 11:11:01.892+00:00",
        "signerCertificateRevocationDate": "2025-02-14 11:11:01.892+00:00",
        "issuerCertificateStatus": "VALID",
        "issuerCertificateRevocationDate": "2025-02-14 11:11:01.892+00:00",
        "trustedSignatureDate": false,
        "signatureDate": "2025-02-14 11:11:01.892+00:00",
        "issuerTrustedList": true,
        "keySize": 2048,
        "qcComplianceStatus": "VALID",
        "qcSSCDStatus": "VALID",
        "derEncodedSignerCert": "BASE64string"
      }
    ],
    "noteReportList": [
      {
        "policy": 3,
        "about": 2,
        "type": 1,
        "synopsis": "Certified qualified in conformity",
        "description": "The qualified certificate of ROSSI MARIO complies with European Directive 1999/93/EC"
      }
    ],
    "plainDocument": "BASE64string"
  },
  "message": "Signature is valid",
  "error": null,
  "success": true
}

The electronic signature has already been integrated for the signing of documents such as pre-contracts, quotes, sales or rental contracts, and generic documents.