Document signature API

The document signature API is TRIDENT's interface for the applications to perform advanced electronic signatures on documents (CAdES, PAdES, and XAdES signatures that, optionally, include a time-stamp). The applications can use this interface in two ways:

  • By acting on Web resources that correspond to the signature processes.

  • By acting on Web resources that correspond to the documents and signature definitions.

In the first case, the platform directs (orchestrates) the signing process, while in the second, the application does this.

Thus, if an application creates a signature process and orders its execution, it is the platform's job to coordinate the execution of the tasks making up the process and to request the intervention of the different actors as required. The platform requests from the signature provider and the time-stamp provider, the digital signature (PKCS #1) and the time-stamp to be included in the electronic signature, respectively. Lastly, the platform notifies the application (via a callback) that the signature process has ended so the application can download the signed document from its location (URL). There is a special type of signature process in which the TRIDENT totally delegates the orchestration to an external system, e.g., an electronic signature desktop application. In these cases, TRIDENT acts as a (gateway) mechanism for integrating existing electronic signature systems instead of acting as an advanced electronic signature provider.

Alternatively, if an application creates a resource that contains a document or one or more signature definitions (let's assume only one), the application itself requests from the platform the calculation of the document hash using the signature definition. Next, the application requests that a signature provider generate — from the hash of the document — the digital signature to be put in the electronic signature. Thus, the application first requests the signature's hash from the platform and then the time-stamp to put on the signature from the corresponding time-stamp provider. Following this last step, the application can download the signed document from its location (URL).

For more information on the resources, operations, and use cases of this API, see: