Versions Compared

Version Old Version 4 New Version 5
Changes made by

Saray Cordón Arnau

Wilter Torres Enriquez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

UANATACA ONE-SHOT SIGNATURE API DOCUMENTATION (v1)

Table of Contents
stylenone

What it is

One-Shot represents the solution for electronic signatures based on a single-use certificate issuance. One-Shot API is the solution for Uanataca One-Shot Signature service, a complete option that can be implemented as part of your application or web.

...

Electronic signatures include a time stamp, providing a document signature with a reliable date and time.

How it works

The API is given with a module called One-Shot Optimizer, a server system that exposes our One-Shot HTTP RESTful API through which business applications are able to process their electronic signature requests.

...

The electronic signatures are performed on Uanataca Trusted Service Center side, where signature keys are generated and stored in a Qualified Electronic Signature Creation Device (QSCD) system.

image-20241115-073657.png

Sandbox environment

For testing purposes, Uanataca provides integrators of a pre-configured test-mode One-Shot Optimizer accessible at the following URL:

...

Want to configure your own test-mode Optimizer? Find instructions in the configuration section.

Classic Workflow

In a common One-Shot Signature service, an OTP (One-Time Password) code is sent via SMS to the end user, directly from Uanataca services. The OTP verification method is used to trigger the issuance of the single-use digital signature certificate, which is inmediately used to sign the request associated documents e.g. the service contract.

...

Code Block
curl -X DELETE https://one-shot.developers.uanataca.com/api/v1/documents/1464

Alternative Workflows

Hash signature flow

Our software nowadays is capable of performing a hash signature with the return of a p7m structure (CMS object) instead of building and returning a whole built document. It's important to mention that this modality needs a specific extracted message digest. These would be the objects that the hash should contain to be introduced into the optimizer.

...

Code Block
curl -X DELETE https://one-shot.developers.uanataca.com/api/v1/documents/1464

# Video ID Workflows

eIDAS VideoID

This workflow defines the complete process of issuing eIDAS certificates.

...

Code Block
curl -X DELETE https://one-shot.developers.uanataca.com/api/v1/documents/1464

External Mode

In External mode Video ID, digital evidences are uploaded to an independent Video ID platform.

...

Code Block
curl -X DELETE https://one-shot.developers.uanataca.com/api/v1/documents/1464

Configuration

One-Shot Optimizer can be supplied as a Docker or as a Virtual Machine image. See the configuration description in:
One-Shot Optimizer on Docker
One-Shot Optimizer on Virtual Machine

Hardware requirements

CPU: modern multicore (minimum 4 core)

RAM: 8GB

HDD: 200 GB

One-Shot Optimizer on Docker

This configuration requires a server with a Linux operating system.

...

See service settings configuration section.

One-Shot Optimizer on Virtual Machine

The Virtual Machine is supplied in an OVA file. One-Shot Optimizer image is compatible with common virtual environments such as VMWare, AWS, Azure or VirtualBox.

...

See service settings configuration section.

Rootstore configuration

As a requirement for LTV/LTVLITE signature level, we must add to the optimizer every chain of trust for each certificate that is involved in the signature.

...

Code Block
-----BEGIN CERTIFICATE-----
MIIIWjCCBkKgAwIBAgIIICfKLtFjrRMwDQYJKoZIhvcNAQELBQAwgbkxCzAJBgNV
BAYTAkVTMUQwQgYDVQQHDDtCYXJjZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3Mg
YXQgd3d3LnVhbmF0YWNhLmNvbS9hZGRyZXNzKTEWMBQGA1UECgwNVUFOQVRBQ0Eg
Uy5BLjEVMBMGA1UECwwMVFNQLVVBTkFUQUNBMRswGQYDVQQDDBJVQU5BVEFDQSBS
K+0fx83luCN81YLsUpdpc3e0URG7eDMKNG54WvtW
-----END CERTIFICATE-----

Docker

Prior to following the steps, you must have a mapped volume with rootstore folder and a mapped volume with 'dockergeneraterootstore.sh' file.

...

Code Block
docker compose up -d

OVA

STEP 1: Load certificates in the optimizer

...

Code Block
systemctl start optimizer imgconverter nginx

Service settings

Requirements:

  • Billing credentials for the selected environment.

  • Credentials or token generated from these belonging to the authorized operator.

  • Certificate (.cer) and key (.key) files for connection to the selected environment.

  • The Id number for the Registration Authority that will issue the certificates.

...

Code Block
cd /opt/oneshot_optimizer
docker-compose restart optimizer

Webhook Configuration

One-Shot API requires a Webhook implemented on customer business side to manage our service callbacks. Every request status change will trigger a simple event-notification via HTTP POST, consisting on a JSON object to an URL that must be explicitly included as an optional parameter in the Create Video ID Request call. Keep in mind that the webhook passed as parameter will be only for testing purposes, the definitive webhook has to be set in your belonging RA by Operations Department.

...

Code Block
<?php

//videoid.json

$post = file_get_contents('php://input',true);
$file_handle = fopen('/videoid/status.json', 'w');
fwrite($file_handle, $post);
fclose($file_handle);

?>

Logs

Service logs file optimizer.log is stored in a One-Shot Optimizer local folder.

...

Code Block
/opt/bit4id/oneshot_optimizer/logs

Postman collection

A postman collection is available as a support for a quick start.
It is only required to edit hostvariable in Postman environment with the IP or domain of One-Shot Optimizer.

One-Shot Postman collection download

API Reference