...
Info | ||
---|---|---|
| ||
Please note that this documentation and the links refer to the api v6. For more information please see the migration guide and the documentation related to v5. |
Introduction
Info |
---|
REST API /v3 and /v4 DEPRECATION: The 23.76 (published March 2024) will be the last LTS version that includes these API versions. By early June 2024, the REST API routes to v3/v4 will be deactivated on DEMO. Early December 2024, the REST API routes to v3/v4 will be removed from feature stream releases. Note that there is no date communicated yet to discontinue REST APIv5 (and where v5 refers to v4 routes, these will still remain); however we recommend to use the /v6 API specification already. |
Introduction
On this page you will find the eSAW API description. First we start with a basic overview of the API. If you are looking for examples we recommend the Postman Sample, On this page you will find the eSAW API description. First we start with a basic overview of the API. If you are looking for examples we recommend the Postman Sample, v6 Envelope structure and our Stories and Examples.
...
Table of Contents |
---|
...
|
...
- Authorization
- UserKey Header Authorization
- Bearer token Authorization
- OrganizationKey and UserLogin Header
...
...
|
Principles of Api v6
Detailed information about all changes between api v5 and api v6 can be found here: migration guide.
- Reduced HTTP verbs
- Only HTTP GET and POST
- Consistent naming and symmetric structures within api v6
- Consistency between Web User Interface (WebUI) and api v6 in features but also naming
- Positive wording (e.g. prevent sharing with team changed to share with team)
- Simplified terminology and structures
- No abstract types any more
Changes has been made on api method level as well as the JSON structures and the envelope status values changed.
Overview and references
The API is for developers, who want to integrate eSignAnyWhere into their application and for administrators, who want to script interactions with eSignAnyWhere (e.g. user synchronization).
Quick Overview: eSAW uses REST (with JSON) as API. The basic workflow is to upload a document and then send the envelope with a envelope configuration. Optional, before sending the envelope, it is possible to prepare the envelope to get the workstep configuration for sending the envelope. For more information about the envelope configuration please also have a look at the Envelope Structure. The configuration consists out of the envelope part (workflow configuration) and for each action a definition and a signing configuration (workstep configuration). The workstep configuration is the description (as JSON for REST) of tasks for signer (e.
Overview and references
The API is for developers, who want to integrate eSignAnyWhere into their application and for administrators, who want to script interactions with eSignAnyWhere (e.g. user synchronization).
Quick Overview: eSAW uses REST (with JSON) as API. The basic workflow is to upload a document and then send the envelope with a envelope configuration. Optional, before sending the envelope, it is possible to prepare the envelope to get the workstep configuration for sending the envelope. For more information about the envelope configuration please also have a look at the Envelope Structure. The configuration consists out of the envelope part (workflow configuration) and for each action a definition and a signing configuration (workstep configuration). The workstep configuration is the description (as JSON for REST) of tasks for signer (e.g. Signature Fields, Form-Fields) and additional document configurations.
...
The User Guide, Signer Guide and Administration Guide (for on-premise customers) can be also helpful.
General conncepts
Authorization
This section covers the authorization options for REST-API integrations. For the authorization you have different options with REST API; as described in the next chapters. If you are authorized you will get a HTTP/200 Ok info. Otherwise you will get a 401 Unauthorized error.
Authorization
We recommend to use user-specific API tokens. Therefore, each user can create several tokens for different application integrations. The apiToken has to be provided as HTTP Header.
Please see the next sample authorization (Bearer token):
...
Object validation
String and array objects are validated. If hovering over an object in the model section on e.g. https://demo.esignanywhere.net/Api/swagger/ui/index you can see which validation is performed. In the following sample the validation for the Documents array is such that at least one document must be added and maximum of 50 documents are allowed.
For string objects, the length is validated. In the following sample, a maximum of 100 characters is checked for the string Name.
Ids have a fixed length, therefore the minimum and maximum values are the same:
Authorization
This section covers the authorization options for REST-API integrations. For the authorization you have different options with REST API; as described in the next chapters. If you are authorized you will get a HTTP/200 Ok info. Otherwise you will get a 401 Unauthorized error.
Authorization
We recommend to use user-specific API tokens. Therefore, each user can create several tokens for different application integrations. The apiToken has to be provided as HTTP Header.
Please see the next sample authorization (Bearer token):
Key | Value |
---|---|
"Authorization" | e.g. "Bearer asdfngtmvv8pfmsuaxpzz85zux3e63dd9zttrwitx9mln6qka6tds83du3p3lroe" |
Please see the next sample authorization (api token):
Key | Value |
---|---|
"ApiToken" | "asdfngtmvv8pfmsuaxpzz85zux3e63dd9zttrwitx9mln6qka6tds83du3p3lroe" |
Such an user api token can be created in Settings→API Tokens and Apps; Section "API Tokens".
Tokens created by eSAW are currently 64-digit alphanumeric strings - but the length and set of allowed characters may be changed with future product versions.
Format Specification
Note that the key can be any 64 digit alphanumeric value; not necessarily following the GUID format! The length and set of allowed characters may be changed with future product versions.
Callbacks
The API allows the definition of several callbacks. Please note, that only the envelope callback (directly from eSignAnyWhere) is fired, when the envelope is in a final state. The status update callback is fired by a sub-component and you may require to wait a post-processing time that the envelope reaches its final state.
Time of Retry | Total time after t0 | |
---|---|---|
0 min |
Please see the next sample authorization (api token):
...
Such an user api token can be created in Settings→API Tokens and Apps; Section "API Tokens".
Tokens created by eSAW are currently 64-digit alphanumeric strings - but the length and set of allowed characters may be changed with future product versions.
Format Specification
Note that the key can be any 64 digit alphanumeric value; not necessarily following the GUID format! The length and set of allowed characters may be changed with future product versions.
Callbacks
The API allows the definition of several callbacks. Please note, that only the envelope callback (directly from eSignAnyWhere) is fired, when the envelope is in a final state. The status update callback is fired by a sub-component and you may require to wait a post-processing time that the envelope reaches its final state.
Time of Retry | Total time after t0 | 0 min | T0: Initial Callback Event will retry (see next row) if no HTTP 2xx response, or in case of timeout | T1 = T0 + 5 min | 5 min | 2nd Attempt (= 1st Retry)T0: Initial Callback Event | will retry (see next row) if no HTTP 2xx response, or in case of timeout |
---|---|---|---|---|---|---|---|
T2 T1 = T0 + 5 min | 5 min | 2nd Attempt (= 1st Retry) will retry (see next row) if no HTTP 2xx response, or in case of timeout | |||||
T2 = T1 + T1 + 10 min | 15 min | 3rd Attempt | |||||
T3 = T2 + 15 min | 30 min | ... | |||||
T4 = T3 + 20 min | 50 min | ... | |||||
... | ... | ... | |||||
T9 = T8 + 40 min | 180 min = 3h | 10th Attempt if still no HTTP 2xx response => listed as "warning" in errors view (assuming default value "10" configured in _global.xml for "notificationErrorThreshold") | |||||
... | ... | ... | |||||
T29 = T28 + 145 min | 2175 min = 36.25h | 30th Attempt if still no HTTP 2xx response => listed as "error" in errors view & permanent give-up (assuming default value "30" configured in _global.xml for "notificationMaximumRetries"); but can be triggered from UI / errors view) again |
...
Consider, that our system expects the full callback url, including the parameter list you expect, with the placeholders that should be replaced by values at runtime. You can also add your own paramter parameter for that envelope (e.g. internal references). Moreover, on our shared SaaS environments only HTTPS callbacks (port 443, and 1025-65535) callbacks are allowed.
Placehoder for callback URL:
...
Consider, that our system expects the full callback url, including the parameter list you expect, with the placeholders that should be replaced by values at runtime. You can also add your own paramter parameter for that envelope (e.g. internal references). Moreover, on our shared SaaS environments only HTTPS callbacks (port 443, and 1025-65535) callbacks are allowed.
Sample:
https://www.mycallback.at?envelope=##EnvelopeId##&action=##Action##
...
Code Block | ||||
---|---|---|---|---|
| ||||
"CallbackConfiguration": { "CallbackUrl": "string", "StatusUpdateCallbackUrl": "string", "StepActionCallbackConfigurationActivityActionCallbackConfiguration": { "Url": "string", "ActionCallbackSelection": { "ConfirmTransactionCode": true, "DefaultEventType": true, "AgreementAccepted": true, "AgreementRejected": true, "RequestPrepareAuthenticationInformationSuccess": true, "PrepareAuthenticationSuccess": true, "AuthenticationFailed": true, "AuthenticationRejected": true, "AuthenticationSuccess": true, "ReAuthenticationFailed": true, "AuditTrailRequested": true, "AuditTrailXmlRequested": true, "CalledPage": true, "WhoIsInformation": true, "DocumentDownloaded": true, "FlattenedDocumentDownloaded": true, "AddedAnnotation": true, "AddedAttachment": true, "AppendedDocument": true, "FormsFilled": true, "ConfirmReading": true, "PageViewChanged": true, "SendTransactionCode": true, "PrepareSignWorkstepDocument": true, "SignWorkstepDocument": true, "UndoAction": true, "WorkstepCreated": true, "WorkstepFinished": true, "WorkstepRejected": true, "DisablePolicyAndValidityChecks": true, "EnablePolicyAndValidityChecks": true, "AppendFileToWorkstep": true, "AppendTasksToWorkstep": true, "SetOptionalDocumentState": true, "PreparePayloadForBatch": true } } }, |
...
These events are fired by the Workstep Controller (internal component) and are fired before the data in eSAW is complete updated (some post-processing is required). Therefore this event callbacks are used only in rare integrations.
Available Event Types
For more information please see https://demo.esignanywhere.net/Api/swagger/ui/index#!/Envelope/Envelope_Send section EnvelopeSendActionCallbackSelection
Available Event Types
Type | Description |
---|---|
ConfirmTransactionCode | A transaction code was sent |
AgreementAccepted | The user accepted the agreement |
AgreementRejected | The user rejected the agreement |
PrepareAuthenticationSuccess | The prepare authentication process succeeded |
AuthenticationFailed | The user failed to authenticate |
AuthenticationSuccess | The user succeeded to authenticate |
AuditTrailRequested | The audittrail was requested |
AuditTrailXmlRequested | The audittrail XML was requested |
CalledPage | The viewer site was requested |
DocumentDownloaded | The document download was requested |
FlattenedDocumentDownloaded | The flattened document download was requested |
AddedAnnotation | An annotation was added |
AddedAttachment | An attachment was added |
AppendedDocument | A document was appended |
FormsFilled | A form field was filled |
ConfirmReading | A reading task was completed |
PageViewChanged | Note: This event is only used for the audit trail, no notification is sent to the configured URL. The user changed the page view (e.g. by scrolling through the document). |
SendTransactionCode | This event is raised, when a TransactionCode for a signature with type TransactionCode has been sent using the IdentityServer or the TransactionCodeSenderPlugin |
PrepareSignWorkstepDocument | A signature is prepared for signing |
SignWorkstepDocument | Try to sign a signature |
UndoAction | An action was undone |
WorkstepCreated | A workstep was created |
WorkstepFinished | A workstep was finished |
WorkstepRejected | A workstep was rejected |
DisablePolicyAndValidityChecks | The policy and validity checks have been disabled. |
EnablePolicyAndValidityChecks | The policy and validity checks have been enabled. |
AppendFileToWorkstep | A file was appended to the workstep |
AppendTasksToWorkstep | A task was added to the workstep |
SetOptionalDocumentState | A optional document became either active or inactive |
PreparePayloadForBatch | The payload is getting prepared for batch signing |
Type | Description |
ConfirmTransactionCode | A transaction code was sent |
DefaultEventType | Not specially defined event type |
AgreementAccepted | The user accepted the agreement |
AgreementRejected | The user rejected the agreement |
RequestPrepareAuthenticationInformationSuccess | The request for additional authentication infos was requested |
PrepareAuthenticationSuccess | The prepare authentication process succeeded |
AuthenticationFailed | The user failed to authenticate |
AuthenticationRejected | The user rejected the authentication process |
AuthenticationSuccess | The user succeeded to authenticate |
ReAuthenticationFailed | The reauthentication process failed |
AuditTrailRequested | The audittrail was requested |
AuditTrailXmlRequested | The audittrail XML was requested |
CalledPage | The viewer site was requested |
WhoIsInformation | WHOIS information has been requested. |
DocumentDownloaded | The document download was requested |
FlattenedDocumentDownloaded | The flattened document download was requested |
AddedAnnotation | An annotation was added |
AddedAttachment | An attachment was added |
AppendedDocument | A document was appended |
FormsFilled | A form field was filled |
ConfirmReading | A reading task was completed |
PageViewChanged | The user changed the page view (e.g. by scrolling through the document). Note: This event is used for the audit trail, but not sent to the configured notification URL. |
SendTransactionCode | This event is raised, when a TransactionCode for a signature with type TransactionCode* has been sent using the IdentityServer or the TransactionCodeSenderPlugin |
PushTransactionCode | This event is raised, when a TransactionCode for a signature with type TransactionCode has been sent using the TransactionCodePushPlugin |
GetPushResult | This event is raised, when the result of the push plugin method GetPushResult returns a successful authentication |
GetGenericSigningPluginAuthenticationStatus | This event is raised, when the result of the GenericSigningPlugin method GetAuthenticationStatus returns a successful authentication |
PrepareSignWorkstepDocument | A signature is prepared for signing |
PrepareSignPkcs7WorkstepDocument | A signature is prepared for P7M (PKCS7) signing. |
FinalizeSignPkcs7WorkstepDocument | A signature is prepared for P7M (PKCS7) signing. |
SignWorkstepDocument | Try to sign a signature |
UndoAction | An action was undone |
WorkstepCreated | A workstep was created |
WorkstepFinished | A workstep was finished |
WorkstepFinishedStarted | A workstep started to finish. |
WorkstepRejected | A workstep was rejected |
DisablePolicyAndValidityChecks | The policy and validity checks have been disabled. |
EnablePolicyAndValidityChecks | The policy and validity checks have been enabled. |
FinalizeActionAutomaticSignature | A finalize action with an automatic signature was applied |
FinalizeActionTimeStamp | A finalize action with a time stamp was applied |
FinalizeLockForms | A finalize action with all forms getting locked |
AppendFileToWorkstep | A file was appended to the workstep |
AppendTasksToWorkstep | A task was added to the workstep |
SetOptionalDocumentState | A optional document became either active or inactive |
StartBatch | A batch signing process started (not used anymore) |
EndBatch | A batch signing process ended (not used anymore) |
WorkstepExpired | A workstep was set to expired. |
PreparePayloadForBatch | The payload is getting prepared for batch signing |
PreparePayloadForMultipleWorksteps | The payload is getting prepared for multiple worksteps. |
ApplyPayloadForMultipleWorksteps | The payload is used while signing for multiple worksteps. |
ExtendPayloadForBatch | The payload is getting extended for batch signing. |
ExtendPayloadForMultipleWorksteps | The payload is getting extended for multiple worksteps. |
StartExternalSigningProcess | Starting a signing process via an external service |
FinishExternalSigningProcess | Finishing a signing process via an external service |
PrepareGenericSigningPlugin | Prepares to sign a signature via an Generic Signing Plugin |
SignGenericSigningPlugin | Signs a signature via an Generic Signing Plugin |
ExternalAuthentication | External authentication succeeded |
LogClientSettings | Used to log client-side settings like viewer preferences in the audit trail |
Draft Callbacks
Draft callbacks are fired, if a draft is used or deleted. The draft callback is set in the “CreateDraftOptions” (“AfterSendCallbackUrl”: “”), via the following call: https://demo.esignanywhere.net/Api/v6/envelope/create
- ##DraftId##
- #Action##
- draftDiscarded
- draftSent
Sample:
, via the following call: https://
...
...
Error
In general, our REST endpoint returns different HTTP status codes:
...
- 400 BadRequest (envelope description is incorrect)
- 401 Unauthorized (User is not authorized)
- 404 NotFound
- 415 UnsupportedMediaType
esignanywhere.net/Api/swagger/Draft/Draft_Create
- ##DraftId##
- #Action##
- draftDiscarded
- draftSent
Sample:
https://www.mycallback.at?draft=##DraftId##
...