Versions Compared

Version Old Version 70 New Version 71
Changes made by

Lorenzo Cardinali

Lorenzo Cardinali

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

The REST interface offered by SWS is exposed at the path:

Code Block
http://<IP-APPLIANCE>:8080/SignEngineWeb/rest/

This path is composed by other sub-path for every of purpose:

  • admin: method for sws like remove certificate from cache
  • enquiry: contain the method for obtain the information like signatures available, signer certificate, timestamps available ecc...
  • sign: this is the principal path of SWS and contain the methods for apply the signature
  • timestamps: methods for apply the timestamp on every type of file

And in this guide will be described how manage the error generated by the REST interface.

NOTE: this interface is available from SWS version: 2.5.52

Convention (manage the response)

SWS rest interface use this convention for create the response

Request is CORRECT, will return response code 200 with response body (if present) . Like in this example:

Image Removed

Request NOT-CORRECT with error managed, will return response code 400 and the header will have the field "errorMsg" with error description (in Italian) and field "errorCode" with code error. Like in this example:

Image Removed

NOTE: if you want the "errorMsg" in a specified language, you can use the method "enquiry/errors" will be described in the next section.

Enquiry

ENQUIRY: certificate

Descriptionreturn the certifcate associated to "device_signer"

Table of Contents

Introduction


The REST interface offered by SWS is exposed at the path:

Code Block
http://<IP-APPLIANCE>:8080/SignEngineWeb/rest/


This path is composed by other sub-path for every of purpose:


  • admin: method for sws like remove certificate from cache
  • enquiry: contain the method for obtain the information like signatures available, signer certificate, timestamps available ecc...
  • sign: this is the principal path of SWS and contain the methods for apply the signature
  • timestamps: methods for apply the timestamp on every type of file

And in this guide will be described how manage the error generated by the REST interface.



NOTE: this interface is available from SWS version: 2.5.52

Convention (manage the response)


SWS rest interface use this convention for create the response


Request is CORRECT, will return response code 200 with response body (if present) . Like in this example:

Image Added


Request NOT-CORRECT with error managed, will return response code 400 and the header will have the field "errorMsg" with error description (in Italian) and field "errorCode" with code error. Like in this example:

Image Added

NOTE: if you want the "errorMsg" in a specified language, you can use the method "enquiry/errors" will be described in the next section.













Enquiry

ENQUIRY: certificate


Descriptionreturn the certifcate associated to "device_signer"
HttpMethodPOST
Path
/rest/enquiry/certificate
Request


Expand
titlerequest-enquiry-certificate
{
  "credentials": {
    "username""device_signer"
  }
}


Responsereturn the byte array of certificate associated to device_signer


ENQUIRY: signatures


Descriptionreturn the numer of signatures apposed from "device_signer"
HttpMethodPOST
Path
/rest/enquiry/signatures

Request


Expand
titlerequest-enquiry-signatures
{
  "credentials": {
    "username""device_signer"
  }
}



ResponseNumber of signatures apposed



ENQUIRY: signatures-available


Descriptionreturn the number of signatures which "device_signer" can apply
HttpMethodPOST
Path
/rest/enquiry/signatures-available
Request


Expand
titlerequest-enquiry-signatures-available
{
  "credentials": {
    "username""device_signer"
  }
}


ResponseNumber of signatures available



ENQUIRY: otps


Descriptionreturn the otp list associated to "device_signer"
HttpMethodPOST
Path
/rest/enquiry/otps
Request


Expand
titlerequest-enquiry-otps
{
  "credentials": {
    "username""device_signer"
  }
}


Response


Expand
titleresponse-enquiry-otps

[
    {
        "idOtp": number,
        "serialNumber""string",
        "type""otp-type-enum"
    },
   {
        "idOtp": number,
        "serialNumber""string",
        "type""otp-type-enum"
    }
]




ENQUIRY: timestamps-available


Descriptionreturn the numeber of timestamp available (valid only for Namirial TSA account)
HttpMethodPOST
Path
/rest/enquiry/certificatetimestamps-available
Request


Expand
titlerequest-enquiry-certificatetimestamps-available

{
  "

credentials

timestampUrl":

{
    "username

 "timestamp-namirial-enquiry-url",
  "timestampUsername""

device_signer"
  }

tsa-username",
  "timestampPassword""tsa-password"
}


Responsereturn the byte array of certificate associated to device_signerNumber of timestamps available


ENQUIRY:

signatures

errors


POST
Descriptionreturn the numer of signatures apposed from "device_signer"error description associated to error code
HttpMethodPOST
Path
/rest/enquiry/signatureserrors
Request
Descriptionreturn the number of signatures which "device_signer" can apply
HttpMethod


Expand
titlerequest-enquiry-signatureserrors

{
  

"credentials": {
    "username""device_signer"
  }
}
ResponseNumber of signatures apposed

ENQUIRY: signatures-available

"error_code": integer,
  "lang""COUNTRY-CODE-2DIGIT"
}


Response


Expand
titleresponse-enquiry-errors

[
    {
        "errorCode"integer,
        "errorLanguage""CONUNTRY-CODE-2DIGIT",
        "errorLanguage2""COUNTRY-CODE-3DIGIT",
        "errorText""Description error in language"
    }
]



Admin

ADMIN: remove-certificate-from-cache


Descriptionremove the certificate from cache of SWS
HttpMethodPUT
Path
/rest/enquiry/signatures-availableadmin/remove-certificate-from-cache
Request


Expand
titlerequest-enquiry-signatures-availableremove-certificate-from-cache

{
  "

credentials

error_code":

{

 integer,

    

  "

username

lang""

device_signer"
  }

COUNTRY-CODE-2DIGIT"
}


ResponseNumber of signatures available


ENQUIRY: otps

Timestamps

TIMESTAMPS: apply

Descriptionreturn the otp list associated to "device_signer"permits to apply timestamp on specified file
HttpMethodPOST
Path
/rest/enquirytimestamps/otpsapply
Request
timestampPreferences


Expand
titlerequest-enquirytimestamps-otpsapply
Expand
titleresponse-enquiry-otps

{

  

  "

credentials

filenameInTSD":

{
    

"

username

string"

:

,
  "

device_signer"
  }
}
Response

[
    {
        "idOtp": number,
        "serialNumber""string",
        "type""otp-type-enum"
    },
   {
        "idOtp": number,
        "serialNumber"outputAsPDF": boolean,
  "outputAsTSD": boolean,
  "outputBase64Encoded": boolean,
  "timestampHashAlgo": "string",
  "timestampPassword": "string",
  "timestampUrl": "string",
          "typetimestampUsername":   "otp-type-enumstring"
    }
]

ENQUIRY: timestamps-available

Descriptionreturn the numeber of timestamp available (valid only for Namirial TSA account)

}


contentfile to apply timestamp


Response


User

USER: change-password

Descriptionpermits to change the password associated to device signer
HttpMethodPOST
Path
/rest/enquiryuser/timestampschange-availablepassword
Request (for remote device signer)

ADMIN: remove-certificate-from-cache

/rest/admin/remove-certificate-from-cache
Descriptionremove the certificate from cache of SWS
HttpMethodPUT
Path


Expand
titlerequest-user-enquirychange-timestampspassword-availableremote

{
  "timestampUrlcredentials""timestamp-namirial-enquiry-url",
  "timestampUsername{
    "idOtp": idOtp or -1,
    "otp""tsa-usernameotpCode",
      "timestampPasswordpassword""tsaold-password"
}

ResponseNumber of timestamps available

ENQUIRY: errors

Descriptionreturn the error description associated to error codeHttpMethodPOSTPath
/rest/enquiry/errors
Request
Expand
titlerequest-enquiry-errors

{
  "error_code": integer,
  "lang""COUNTRY-CODE-2DIGIT"
}

Response
Expand
titleresponse-enquiry-errors

[
    {
        "errorCode"integer,
        "errorLanguage""CONUNTRY-CODE-2DIGIT",
        "errorLanguage2""COUNTRY-CODE-3DIGIT",
        "errorText""Description error in language"
    }
]

Admin

-of-device-signer-remote",
    "username""device-signer-remote"
  },
  "newPassword""new-password-of-device-signer-remote"
}


Request (for automatic device signer)


Expand
titlerequest-user-change-password-automatic

{
  "credentials": {
    "securityCode": "securityCode associate to automatic device signer",
    "password""old-password-of-device-signer-automatic",
    "username""device-signer-automatic"
  },
  "newPassword""new-password-of-device-signer-automatic"
}


ResponsePassword update succesfully


Sign

SIGN: openSession


TIMESTAMPS: apply
Descriptionpermits to open the sessione for apply multiple sign with remote device
HttpMethodPOST
Path
/rest/sign/openSession
Request


Expand
titlerequest-enquiry-remove-certificate-from-cachesign-openSession

{
  "error_code"credentials": {
    "idOtp"-1,
    "otp""775351",
    "password"integer"12345678",
      "langusername""COUNTRY-CODE-2DIGITRHIP22021116852552"
  }
}


Response

Timestamps

String with the session


SIGN: getRemainingTimeForSession


USER: change-password
Descriptionpermits to apply timestamp on specified fileobtain the time until the session is valid
HttpMethodPOST
Path
/rest/timestampssign/applygetRemainingTimeForSession
RequesttimestampPreferences


Expand
titlerequest-timestampssign-applygetRemainingTimeForSession

{
    "filenameInTSDcredentials": "string",
  "outputAsPDF": boolean,
  "outputAsTSD": boolean,
  "outputBase64Encoded": boolean,
  "timestampHashAlgo": "string",
  "timestampPassword": "string",
  "timestampUrl": "string",
  "timestampUsername": "string"
}

contentfile to apply timestamp
Response

User

 {
    "sessionKey""zZto1G0DpL/vBFkTnK7caquzY5pasOlzS+bQG7wUkOONnbV7Vhd+JSPTjP7ZqTYR12QjS0W89T7UmnQB2KzAQ3C4NalDgFE67ntqoGm7uOU7+oOPLvKQv/p5aeZ2bcjKe6x5KQPUEH//rKaExFcLcLj8cnwXfFBixJ4MN+3o8S5535HcRxWv+YoTHHgAY16Fh0yJGfLL3x/4W+HJeiIYL2cHpKNTGkKcGTM8Eon0R+djNFvKzZSF1VIETPADqDdvgLYkRWODd3yoUvExGk5BcQKVm0Z7Nd7NMKl4NRbHumdqmqy81jchQv2qlXIxSpjZ0GTnL4vDZMF2MP2DGHPoWw==",
    "username""RHIP22021116852552"
  }
}


ResponseSeconds until the session is valid


SIGN: closeSession


Descriptionpermits to change the password associated to device signerdestroy the session before will expire
HttpMethodPOST
Path
/rest/usersign/change-passwordcloseSession
Request (for remote device signer)


Expand
titlerequest-user-change-password-remotesign-closeSession

{
  "credentials": {
    "idOtpsessionKey": idOtp or -1,
    "otp""otpCode",
    "password""old-password-of-device-signer-remote" "zZto1G0DpL/vBFkTnK7caquzY5pasOlzS+bQG7wUkOONnbV7Vhd+JSPTjP7ZqTYR12QjS0W89T7UmnQB2KzAQ3C4NalDgFE67ntqoGm7uOU7+oOPLvKQv/p5aeZ2bcjKe6x5KQPUEH//rKaExFcLcLj8cnwXfFBixJ4MN+3o8S5535HcRxWv+YoTHHgAY16Fh0yJGfLL3x/4W+HJeiIYL2cHpKNTGkKcGTM8Eon0R+djNFvKzZSF1VIETPADqDdvgLYkRWODd3yoUvExGk5BcQKVm0Z7Nd7NMKl4NRbHumdqmqy81jchQv2qlXIxSpjZ0GTnL4vDZMF2MP2DGHPoWw==",
    "username""device-signer-remoteRHIP22021116852552"
  }
},
  "newPassword""new-password-of-device-signer-remote"
}

Request (for automatic device signer)


Response


SIGN: sendOtpBySMS


Descriptionpermits to destroy the session before will expire
HttpMethodPOST
Path
/rest/sign/sendOtpBySMS
Request


Expand
titlerequest-user-change-password-automaticsign-sendOtpBySMS

{
  "credentials":   {
    "securityCode": "securityCode associate to automatic device signer",
    "password""old-password-of-device-signer-automatic",
    "username""device-signer-automaticRHIP22021116852552"
  },
  "newPassword""new-password-of-device-signer-automatic"
}


ResponsePassword update succesfully
Sign


SIGN:

openSession

signCades


Descriptionpermits to open the sessione for apply multiple sign with remote deviceapply the cades signature
HttpMethodPOST
Path
/rest/sign/openSessionsignCades
Request
credentials
Descriptionpermits to obtain the time until the session is valid
HttpMethodPOST
Path
/rest/sign/getRemainingTimeForSession
Request


Expand
titlerequest-signsignCades-openSessioncredentials

{  

"credentialsusername": {
    "idOtp"-1"device signer name",    

"otppassword": "775351PIN of device signer name",    

"passwordidOtp": "12345678"associated to device signer or -1,

    "usernameotp": "RHIP22021116852552otp code"
  }
}

ResponseString with the session

SIGN: getRemainingTimeForSession

Expand
titlerequest-sign-closeSession

{
  "credentials": {
    "sessionKey""zZto1G0DpL/vBFkTnK7caquzY5pasOlzS+bQG7wUkOONnbV7Vhd+JSPTjP7ZqTYR12QjS0W89T7UmnQB2KzAQ3C4NalDgFE67ntqoGm7uOU7+oOPLvKQv/p5aeZ2bcjKe6x5KQPUEH//rKaExFcLcLj8cnwXfFBixJ4MN+3o8S5535HcRxWv+YoTHHgAY16Fh0yJGfLL3x/4W+HJeiIYL2cHpKNTGkKcGTM8Eon0R+djNFvKzZSF1VIETPADqDdvgLYkRWODd3yoUvExGk5BcQKVm0Z7Nd7NMKl4NRbHumdqmqy81jchQv2qlXIxSpjZ0GTnL4vDZMF2MP2DGHPoWw==",
    "username""RHIP22021116852552"
  }
}

Response

SIGN: sendOtpBySMS

Descriptionpermits to destroy the session before will expireHttpMethodPOSTPath
/rest/sign/sendOtpBySMS
Request
Expand
titlerequest-sign-sendOtpBySMS

{
  "credentials": {
    "username""RHIP22021116852552"
  }
}

Response

SIGN: signCades

,

"sessionKey":"string with sessionKey"

}


cadesPreferences


Expand
titlerequest-signsignCades-getRemainingTimeForSessioncadesPrefernces

{
  "credentials": {
    "sessionKey""zZto1G0DpL/vBFkTnK7caquzY5pasOlzS+bQG7wUkOONnbV7Vhd+JSPTjP7ZqTYR12QjS0W89T7UmnQB2KzAQ3C4NalDgFE67ntqoGm7uOU7+oOPLvKQv/p5aeZ2bcjKe6x5KQPUEH//rKaExFcLcLj8cnwXfFBixJ4MN+3o8S5535HcRxWv+YoTHHgAY16Fh0yJGfLL3x/4W+HJeiIYL2cHpKNTGkKcGTM8Eon0R+djNFvKzZSF1VIETPADqDdvgLYkRWODd3yoUvExGk5BcQKVm0Z7Nd7NMKl4NRbHumdqmqy81jchQv2qlXIxSpjZ0GTnL4vDZMF2MP2DGHPoWw==",
    "username""RHIP22021116852552"
  }
}

ResponseSeconds until the session is valid

SIGN: closeSession

Descriptionpermits to destroy the session before will expireHttpMethodPOSTPath
/rest/sign/closeSession
Request
Descriptionpermits to apply the cades signature

  "filenameInTSD": "string",
  "outputAsPDF": boolean,
  "outputAsTSD": boolean,
  "outputBase64Encoded": boolean,
  "timestampHashAlgo": "string",
  "timestampPassword": "string",
  "timestampUrl": "string",
  "timestampUsername": "string",
  "hashAlgorithm": "string",
  "level": "enum",
  "withTimestamp": boolean,
  "counterSignature": true,
  "counterSignatureIndex": 0,
  "detached": boolean
}


bufferfile to sign
Responsebyte array of signed files


SIGN: signCades (detached output p7s)


If you want make the Cades detached signature, SWS not require all files to sign, but only the hash. The tag "buffer" will be the hash of the file.

For example if we want the cades detached signature of this PDF the procedure is:

1) Calculate the hash of this file, for example with the openssl:

Code Block
openssl dgst -sha256 -binary FILE_TO_BE_SIGN | openssl enc -a

And in output will obtain the hash to sign, will be:

Code Block
HASH TO SIGN = msj3f4hJCSELbMkWjkFwNrf0XhkebTnAKaKhx4686DY=

This string "msj.....DY=" will be the "buffer" on REST signCades


Descriptionpermits to obtain the cades detached signature (p7s) , from the hash associated to the file to sign
HttpMethodPOST
Path
/rest/sign/signCades
Requestcredentials
Expand
titlerequest-signCades-credentials

{

"username":"device signer name",

"password":"PIN of device signer name",

"idOtp":associated to device signer or -1,

"otp":"otp code",

"sessionKey":"string with sessionKey"

}

cadesPreferences
Request
credentials

 Expand
titlerequest-signCades-
cadesPrefernces
credentials
{
  
"
filenameInTSD
username":"
string
device signer name",
  
"
outputAsPDF
password":
 boolean,
  "outputAsTSD": boolean
"PIN of device signer name",
  
"
outputBase64Encoded": boolean,
  "timestampHashAlgo": "string",
  "timestampPassword": "string",
  "timestampUrl": "string",
  "timestampUsername": "string",
  "hashAlgorithm": "string",
  "level": "enum",
  "withTimestamp": boolean,
  "counterSignature": true,
  "counterSignatureIndex": 0,
  "detached": boolean
}bufferfile to sign
idOtp":associated to device signer or -1,
"otp":"otp code",
"sessionKey":"string with sessionKey"
}

cadesPreferences

 Expand
titlerequest-signCades-cadesPrefernces
{"detached": true}

buffer
btye array relates to the hash files to sign (for example like this)
Responsebyte array of signed files

SOAP RESPONSE:
In output will obtain the hash signed and the certificate associated to the private key which has signed the hash, the response will be this

SIGN: signPades
Descriptionpermits to apply the pades signature
HttpMethodPOST
Path
/rest/sign/signPades
Request
credentials

 Expand
titlerequest-signPades-credentials
{
"username":"device signer name",
"password":"PIN of device signer name",
"idOtp":associated to device signer or -1,
"otp":"otp code",
"sessionKey":"string with sessionKey"
}

padesPreferences

 Expand
titlerequest-signPades-padesPreferences
{
  "filenameInTSD": "string",
  "outputAsPDF": boolean,
  "outputAsTSD": boolean,
  "outputBase64Encoded": boolean,
  "timestampHashAlgo": "string",
  "timestampPassword": "string",
  "timestampUrl": "string",
  "timestampUsername": "string",
  "hashAlgorithm": "string",
  "level": "enum",
  "withTimestamp": boolean,
  "encryptInAnyCase": boolean,
  "encryptionPassword": "string",
  "lockFields": [
    "string"
  ],
  "needAppearanceDisabled": boolean,
  "page": 0,
  "signerImage": {
    "fieldName": "string",
    "fontName": "string",
    "fontSize": 0,
    "image": "string",
    "imageFilename": "string",
    "imageURL": "string",
    "imageVisible": boolean,
    "location": "string",
    "reason": "string",
    "scaled": true,
    "signerName": "string",
    "textPosition": "enum",
    "textVisible": boolean,
    "scaledText": boolean,
    "width": int,
     "height":int,
    "x": int,
    "y": int
  },
  "signerImageReference": "string",
  "withSignatureField": boolean
}

imagefile with image (of appereance)
 bufferPDF file to sign
Responsebyte array of signed files

SIGN: signXades
Descriptionpermits to apply the xades signature
HttpMethodPOST
Path
/rest/sign/signXades
Request
credentials

 Expand
titlerequest-signXades-credentials
{
"username":"device signer name",
"password":"PIN of device signer name",
"idOtp":associated to device signer or -1,
"otp":"otp code",
"sessionKey":"string with sessionKey"
}

xadesPreferences

 Expand
titlerequest-signXades-xadesPreferences
{
  "filenameInTSD": "string",
  "outputAsPDF": boolean,
  "outputAsTSD": boolean,
  "outputBase64Encoded": boolean,
  "timestampHashAlgo": "string",
  "timestampPassword": "string",
  "timestampUrl": "string",
  "timestampUsername": "string",
  "hashAlgorithm": "string",
  "level": "enum",
  "withTimestamp": boolean,
  "detached": boolean,
  "detachedReferenceURI": "string",
  "signElement": "string",
  "signatureId": "string",
  "withoutSignatureExclusion": boolean,
  "xPathQuery": "string"
}

bufferXML file to sign
Responsebyte array of signed files

SIGN: signPKCS1
Descriptionpermits to apply the raw signature (PKCS1)
HttpMethodPOST
Path
/rest/sign/signPKCS1
Request
credentials

 Expand
titlerequest-signPkcs1-credentials
{
"username":"device signer name",
"password":"PIN of device signer name",
"idOtp":associated to device signer or -1,
"otp":"otp code",
"sessionKey":"string with sessionKey"
}

signPreferences

 Expand
titlerequest-signPKCS1-signPreferences
{
    "hashAlgorithm": "enum"
}

bufferhash to sign
Responsebyte array associated to hash signed

Verify
VERIFY: signatures
Descriptionpermits to verify the signatures
HttpMethodPOST
Path
/rest/verify/signatures
Request
signedContentfile to verify
preferences

 Expand
titlerequest-verify-signatures
{
  "detachedContent": "string",
  "language": "COUNTRY_CODE_2_DIGIT" (es: IT),
  "pdfEncryptionPassword": "string",
  "recursive": true,
  "verifyOnDate": "YYYY-mm-dd" (for example: 2022-10-24)
}

ResponseReport with verify, this is a complex object: "SignedDocumentReportBean"

Verify timestamp

With SWS is possible to verify TSD and TSR using the preferences, below will be described the REST request.
VERIFY: tsr or tsd
Descriptionpermits to verify the timestamps in tsd or tsr format
HttpMethodPOST
Path
/rest/verify/timestamps
Request
timestampedContentfile with timestamp
detachedContentfile original, where timestamp has ben applied (use this field only if you are verifying TSR)
preferences

 Expand
titlerequest-verify-timestamps-preferences
{
    "responseWithoutContent": boolean,
    "language": "COUNTRY_CODE_2_DIGIT" (es: IT)
}

ResponseReturn a complex object "TimestampReportBeanSummary"

VERIFY: tsd
Descriptionpermits to verify the timestamps
HttpMethodPOST
Path
/rest/verify/timestamps/tsd
Request
tsdtimestamp to verify
preferences

 Expand
titlerequest-verify-timestamps-preferences
{
    "responseWithoutContent": boolean,
    "language": "COUNTRY_CODE_2_DIGIT" (es: IT)
}

ResponseReturn a list of complex objects: "TimestampReportBean"

VERIFY: tsr
Descriptionpermits to verify the timestamps
HttpMethodPOST
Path
/rest/verify/timestamps/tsr
Request
tsrtimestamp to verify
contentfile original, where timestamp has ben applied
preferences

 Expand
titlerequest-verify-timestamps-preferences
|
{
    "responseWithoutContent": boolean,
    "language": "COUNTRY_CODE_2_DIGIT" (es: IT)
}

ResponseReturn a complex object "TimestampReportBean"

...