Skip to end of banner
Go to start of banner

UANATACA ONE-SHOT API

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Current »

UANATACA ONE-SHOT SIGNATURE API DOCUMENTATION (v1)

What it is

One-Shot represents the solution for electronic signatures based on a single-use certificate issuance. One-Shot API is the solution for Uanataca One-Shot Signature service, a complete option that can be implemented as part of your application or web.

It is designed in such a way that no sensitive data has to be sent away from your premises, as only hashes of the documents to be signed need to be transmitted to the signature service. Documents are signed by means of the creation of single-use digital certificates, which are created at the moment of the signature operation for immediate use to electronically sign all documents included.

Electronic signatures include a time stamp, providing a document signature with a reliable date and time.

How it works

The API is given with a module called One-Shot Optimizer, a server system that exposes our One-Shot HTTP RESTful API through which business applications are able to process their electronic signature requests.

One-Shot Optimizer performs the most computationally expensive workload of the signature process, thus reducing data traffic on the local network and performing most cryptographic hardware acceleration. The documents to be signed are processed in the customer business layer and are not send to Uanataca Services since a hash of the document is sent, created from a hash algorithm.

Uanataca is a Qualified Trusted Service Provider that issues digital certificates by means of its own trusted Certification Authority (CA). Additionally, the role of the Registration Authority Officials (RAO) is vital in the process as they manage every request for new digital certificates that is received from new users. Issued certificates can be used to electronically sign documents.

One-Shot Signature certificates are generated on the spot every time a new set of documents requires a signature. Through One-Shot Signature service you will play RAO's role, providing identification data for each user and requesting the generation of signature certificates. Once user registration data has been provided and the certificate is ready to be issued, the end user triggers the generation of the digital certificate. This action completes the signature procedure.

The electronic signatures are performed on Uanataca Trusted Service Center side, where signature keys are generated and stored in a Qualified Electronic Signature Creation Device (QSCD) system.

image-20241115-073657.png

Sandbox environment

For testing purposes, Uanataca provides integrators of a pre-configured test-mode One-Shot Optimizer accessible at the following URL:

https://one-shot.developers.uanataca.com

In sandbox environment, requests can be easily created, validated or approved by using a stored default Operator credentials set represented by an alfanumeric string called token. This token can be found when executing the List Tokens call.

List Tokens call output:

{
    "status": "success",
    "detail": {
        "3bf8d8eb-d96c-41ea-83ad-d78a7016c7da": {
            "username": "1125824",
            "password": true,
            "pin": true,
            "rao_id": 44,
            "env": "sandbox"
        }
    }
}

When using our test-mode Optimizer, you must consider:

  1. Billing credentials are required.

  2. The Registration Authority id number will be explicitly assigned by our staff.

  3. The token 3bf8d8eb-d96c-41ea-83ad-d78a7016c7da is valid for using in Create Request call. Cannot be deleted.

Want to configure your own test-mode Optimizer? Find instructions in the configuration section.

Classic Workflow

In a common One-Shot Signature service, an OTP (One-Time Password) code is sent via SMS to the end user, directly from Uanataca services. The OTP verification method is used to trigger the issuance of the single-use digital signature certificate, which is inmediately used to sign the request associated documents e.g. the service contract.

One-Shot Signature can use other external authentication methods instead of Uanataca SMS. This alternative methods are subjected to approval.

The following images summarize One-Shot Signature flow involving both authentication methods:

image-20241115-073838.png

  1. The business application creates a new digital signature request, providing all required user data

  2. One-Shot Optimizer returns an identifier for the certificate request

  3. The business application provides the documents to be signed by the end user

  4. The business application retrieves the service contract

  5. The business application shows the documents to be signed and the service contract to its end user

  6. After reviewing the documents, the end user agrees to sign them

  7. The business application starts the signature process by requesting the generation of an One-Time Password (OTP) token for the signature

  8. Uanataca services sends the OTP code directly to the end user through an SMS message

  9. By introducing the OTP code, the end user identifies himself as the subject of the signature certificate

  10. The business application provides the OTP and the identifier of the signature request to the One-Shot Optimizer

  11. One-Shot Optimizer takes care of computing the hash of the documents to be signed in the business layer

  12. Hashes are sent with the request identifier and OTP code to Uanataca Services

  13. The end user signature certificate is generated and used to sign the hashes

  14. The signed hashes and the signature identifier are returned to the One-Shot Optimizer

  15. One-Shot Optimizer generates the signed document envelopment, combining the original documents with the signed hashes

  16. Finallly, the business application calls One-Shot Optimizer API to obtain the signed documents

Other authentication methods

image-20241115-073916.png

  1. The business application creates a new digital signature request, providing all required user data

  2. One-Shot Optimizer returns an identifier for the certificate request

  3. The business application provides the documents to be signed by the end user

  4. The business application retrieves the service contract

  5. The business application shows the documents to be signed and the service contract to its end user

  6. After reviewing the documents, the end user agrees to sign them

  7. The client application starts the signature process with an authentication method provided by the client

  8. One-Shot Optimizer takes care of computing the hash of the documents to be signed in the business layer

  9. Hashes are sent together with the request identifier and an id of the business authentication method to Uanataca Services

  10. The end user signature certificate is generated and used to sign the hashes

  11. The signed hashes and the signature identifier are returned to the One-Shot Optimizer

  12. One-Shot Optimizer generates the signed document envelopment, combining the original documents with the signed hashes

  13. Finally, the business application calls One-Shot Optimizer API to obtain the signed documents

The next section presents the workflow for a simple use case of the One-Shot Signature service with a step-by-step description of the API calls required to allow a user to digitally sign a document provided by the client application.

The basic digital signature process involves the following steps:

  1. RETRIEVE AN EXISTING TOKEN FOR THE RAO

  1. CREATE A NEW DIGITAL SIGNATURE REQUEST

  1. UPLOAD A DOCUMENT

  1. RETRIEVE SERVICE CONTRACT

  1. GENERATE AN OTP (only for Uanataca SMS)

  1. SIGN THE DOCUMENT

  1. RETRIEVE SIGNED DOCUMENT

  1. DELETE DOCUMENTS FROM OPTIMIZER

STEP 1: RETRIEVE AN EXISTING TOKEN FOR THE RAO

API Reference: List Tokens

The test-mode One-Shot Optimizer is pre-configured with a Registration Authority Officer (RAO) account ready to be used within sandbox environment. This account has an associated token that can be used to identify the RAO in API calls.

curl -X GET https://one-shot.developers.uanataca.com/oneshot/api/v1/tokens

This call should return the following JSON object:

{
    "status": "success",
    "detail": {
        "3bf8d8eb-d96c-41ea-83ad-d78a7016c7da": {
            "username": "1125824",
            "password": true,
            "pin": true,
            "rao_id": 44,
            "env": "sandbox"
        }
    }
}

This output tells us that a single token "3bf8d8eb-d96c-41ea-83ad-d78a7016c7da" exists. This token is associated to the RAO account with id "1125824" and can be used instead of the password and pin.

To use tokens in a production environment, you will need to create them first using the corresponding Create token API call.

STEP 2: CREATE A NEW DIGITAL SIGNATURE REQUEST

API Reference: Create Request

In One-Shot Signature Service, all data corresponding to a given digital signature is collected within a Digital Signature Request. This includes both the identifying information of the signing user -provided when you create the signature request- and the document or documents to be signed, to be uploaded in an upcoming step.

This call must include enough information to identify both the signing user and the RAO approving the request. The full description of the arguments accepted by this endpoint can be found in the API call detailed documentation, but for now it is enough to include at least the following:

curl --location --request POST 'https://one-shot.developers.uanataca.com/oneshot/api/v1/create' \
     --form 'token=3bf8d8eb-d96c-41ea-83ad-d78a7016c7da' \
     --form 'profile=PFnubeAFCiudadano' \
     --form 'given_name=name_of_the_user' \
     --form 'surname_1=surname_of_the_user' \
     --form 'email=user-example@domain.com' \
     --form 'mobile_phone_number=+343391234567' \
     --form 'document_front=@document_front.png' \
     --form 'document_rear=@document_rear.png' \
     --form 'document_owner=@document_owner.png'

where "token" is the token representing the RAO's credentials obtained in the previous step.

If the signature request is completed successfully, we will get the unique identifier assigned to it:

{
    "status": "success",
    "message": "Request created with pk 388141",
    "detail": {
        "status": "ENROLLREADY",
        "asyncmode": false,
        "pk": 388141
    }
}

The code shown above will be used to identify the created signature request in subsequent calls.

STEP 3: UPLOAD A DOCUMENT

API Reference: Upload Document

After creating the the signature request, we can associate all pdf documents that must be signed by the user.

curl -F "file=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141

#For multiple documents
curl -F "file=@doc.pdf" -F "file2=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141

Note that the number at the end of the call is the request id we obtained in the previous step.

If the upload is successful, the response will contain the identifier assigned to each document:

{
    "status": "success",
    "detail": [
        {
            "name": "file0",
            "uid": "aead990f-3c31-4a58-b8bd-49136f72e739"
        }
    ]
}

# Multiple documents response
{
    "status": "success",
    "detail": [
        {
            "name": "file0",
            "uid": "3a8f49de-37a2-48eb-99cb-621ad2db5b5c"
        },
        {
            "name": "file1",
            "uid": "e00a3bd4-87ab-414b-b359-e2bdc0c6a196"
        },
        {
            "name": "file2",
            "uid": "882c64a1-847b-4c96-b0b2-dd4f2b388407"
        }
    ]
}

STEP 4: RETRIEVE SERVICE CONTRACT

API Reference: Retrieve Contract

As a Trusted Service Provider, Uanataca must inform certificate requesters about terms and conditions ruling the issuance of certificates.

A service contract is generated for each digital certificate issue. The user must view the request-associated service contract to be signed in the same step as the documents, using the one-time certificate just issued.

curl -X GET https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141/contract

The response by the server will be the service contract document file in binary format:

%PDF
...

STEP 5: GENERATE AN OTP (only for Uanataca SMS)

API Reference: Generate OTP code

This step applies only for signatures made using Uanataca SMS method.

Once the documents to be signed are ready, we need to generate a secure One-time password (OTP) that allows the user to sign them. The OTP code is generated by executing the Generate OTP call and the resulting OTP is sent as an SMS message directly to the phone number is provided when creating the signature request.

When calling the OTP endpoint you must add the request identifier returned by the Create Request call:

curl -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/otp/388141

A successful call will look like this:

{
    "status": "success",
    "detail": "OTP successfully sent to +34666777888"
}

With this call, an SMS with the secret code is sent to the mobile phone number associated to the signature request.

STEP 6: SIGN THE DOCUMENT

API Reference: Sign

In this step the digital signature certificate is issued, then it signs all documents previously uploaded for the signature request.

Execute the sign call with the request id and json parameters containing the OTP code sent:

curl -d @params.json -H "Content-Type: application/json -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/sign/388141

params.json for Uanataca SMS:

{
    "secret": "123456",
    "signature": {
        "appearance": {
            "text": ["Firmado por: %(CN)s", "%(EMAIL)s %(L)s %(S)s %(SUBJECT)s", "Fecha: %(DATE)s"],
            "date": "%d/%m/%Y %H:%M:%S %z",
            "timezone": "Europe/Madrid",
            "position": "30, 100, 165, 150",
            "horizontal": false,
            "image": "a4c1ad3d-bd34-43c4-8913-ca80548c3181",
            "page": 0
        }
    }
}

params.json for other authentication methods:

{
    "secret": "123456",
    "ext_unlock_type": "biometric"
    "ext_unlock_value": "12345678-12345678"
    "signature": {
        "appearance": {
            "text": ["Firmado por: %(CN)s", "%(EMAIL)s %(L)s %(S)s %(SUBJECT)s", "Fecha: %(DATE)s"],
            "date": "%d/%m/%Y %H:%M:%S %z",
            "timezone": "Europe/Madrid",
            "position": "30, 100, 165, 150",
            "horizontal": false,
            "image": "a4c1ad3d-bd34-43c4-8913-ca80548c3181",
            "page": 0
        }
    }
}

A successful call will result in the following response:

{
    "status": "success",
    "message": "Signature process for Request 388141 completed",
    "detail": {
        "request": "388141",
        "documents": {
            "signed": [
                "aead990f-3c31-4a58-b8bd-49136f72e739"
            ],
            "inerror": []
        }
    }
}

STEP 7: RETRIEVE SIGNED DOCUMENT

API reference: Retrieve Document

Once the signature is done, the next step is to get all signed documents.

To do this, query with an HTTP GET request the endpoint /api/v1/document/{pk}/{type}/{uid}, where {pk} is the Request's unique identifier, {type} is the type of the document (it can be "original" for the uploaded document or "signed" for the digitally-signed version) and {uid} is the document unique identifier.

curl -X GET https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141/712c29ac-a2dc-4530-8c67-d0f227d8294b?document_type=signed

The response obtained by the server will be the document in binary format:

%PDF
...

STEP 8: DELETE DOCUMENTS FROM OPTIMIZER

API reference: Delete All Documents

⚠ Since the service does not delete uploaded files unless explicitly requested through an API call, it is strongly recommended that you backup any file you want to preserve using an alternative system.

Delete all documents associated to a finished digital signature request.

curl -X DELETE https://one-shot.developers.uanataca.com/oneshot/api/v1/request/388141

Alternative Workflows

Hash signature flow

Our software nowadays is capable of performing a hash signature with the return of a p7m structure (CMS object) instead of building and returning a whole built document. It's important to mention that this modality needs a specific extracted message digest. These would be the objects that the hash should contain to be introduced into the optimizer.

image-20241115-074641.png

This is the structure that the uploaded json needs to contain to be able to perform this signature.

{
"messageDigest": "MC8GCSqGSIb3DQEJBDEiBCCxXpcEPsmyTVAGFu1ScquUGBbN3En9x21Tpkp8g==",
"digestAlgorithm": "sha256",
"addAuthAttribute": 1,
"addSigningTime": 1,
"otherAuthAttributes": []
}

The hash signature process involves the following steps:

  1. RETRIEVE AN EXISTING TOKEN FOR THE RAO

  1. CREATE A NEW DIGITAL SIGNATURE REQUEST

  1. UPLOAD A DOCUMENT

  1. RETRIEVE SERVICE CONTRACT

  1. GENERATE AN OTP (only for Uanataca SMS)

  1. SIGN THE HASH

  1. RETRIEVE SIGNED P7M

  1. DELETE DOCUMENTS FROM OPTIMIZER

STEP 1: RETRIEVE AN EXISTING TOKEN FOR THE RAO

API Reference: List Tokens

The test-mode One-Shot Optimizer is pre-configured with a Registration Authority Officer (RAO) account ready to be used within sandbox environment. This account has an associated token that can be used to identify the RAO in API calls.

curl -X GET https://one-shot.developers.uanataca.com/oneshot/api/v1/tokens

This call should return the following JSON object:

{
    "status": "success",
    "detail": {
        "3bf8d8eb-d96c-41ea-83ad-d78a7016c7da": {
            "username": "1125824",
            "password": true,
            "pin": true,
            "rao_id": 44,
            "env": "sandbox"
        }
    }
}

This output tells us that a single token "3bf8d8eb-d96c-41ea-83ad-d78a7016c7da" exists. This token is associated to the RAO account with id "1125824" and can be used instead of the password and pin.

To use tokens in a production environment, you will need to create them first using the corresponding Create token API call.

STEP 2: CREATE A NEW DIGITAL SIGNATURE REQUEST

API Reference: Create Request

In One-Shot Signature Service, all data corresponding to a given digital signature is collected within a Digital Signature Request. This includes both the identifying information of the signing user -provided when you create the signature request- and the document or documents to be signed, to be uploaded in an upcoming step.

This call must include enough information to identify both the signing user and the RAO approving the request. The full description of the arguments accepted by this endpoint can be found in the API call detailed documentation, but for now it is enough to include at least the following:

curl --location --request POST 'https://one-shot.developers.uanataca.com/oneshot/api/v1/create' \
     --form 'token=3bf8d8eb-d96c-41ea-83ad-d78a7016c7da' \
     --form 'profile=PFnubeAFCiudadano' \
     --form 'given_name=name_of_the_user' \
     --form 'surname_1=surname_of_the_user' \
     --form 'email=user-example@domain.com' \
     --form 'mobile_phone_number=+343391234567' \
     --form 'document_front=@document_front.png' \
     --form 'document_rear=@document_rear.png' \
     --form 'document_owner=@document_owner.png'

where "token" is the token representing the RAO's credentials obtained in the previous step.

If the signature request is completed successfully, we will get the unique identifier assigned to it:

{
    "status": "success",
    "message": "Request created with pk 388141",
    "detail": {
        "status": "ENROLLREADY",
        "asyncmode": false,
        "pk": 388141
    }
}

The code shown above will be used to identify the created signature request in subsequent calls.

STEP 3: UPLOAD A DOCUMENT

API Reference: Upload Document

After creating the the signature request, we can associate the json that contains the message digest and its properties.

curl -F "hashfile=@test.json" -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141

Note that the number at the end of the call is the request id we obtained in the previous step.

If the upload is successful, the response will contain the identifier assigned to each document:

{
    "status": "success",
    "detail": [
        {
            "name": "file0",
            "uid": "aead990f-3c31-4a58-b8bd-49136f72e739"
        }
    ]
}

STEP 4: RETRIEVE SERVICE CONTRACT

API Reference: Retrieve Contract

As a Trusted Service Provider, Uanataca must inform certificate requesters about terms and conditions ruling the issuance of certificates.

A service contract is generated for each digital certificate issue. The user must view the request-associated service contract to be signed in the same step as the documents, using the one-time certificate just issued.

curl -X GET https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141/contract

The response by the server will be the service contract document file in binary format:

%PDF
...

STEP 5: GENERATE AN OTP (only for Uanataca SMS)

API Reference: Generate OTP code

This step applies only for signatures made using Uanataca SMS method.

Once the documents to be signed are ready, we need to generate a secure One-time password (OTP) that allows the user to sign them. The OTP code is generated by executing the Generate OTP call and the resulting OTP is sent as an SMS message directly to the phone number is provided when creating the signature request.

When calling the OTP endpoint you must add the request identifier returned by the Create Request call:

curl -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/otp/388141

A successful call will look like this:

{
    "status": "success",
    "detail": "OTP successfully sent to +34666777888"
}

With this call, an SMS with the secret code is sent to the mobile phone number associated to the signature request.

STEP 6: SIGN THE DOCUMENT

API Reference: Sign

In this step the digital signature certificate is issued, then it signs all documents previously uploaded for the signature request.

Execute the sign call with the request id and json parameters containing the OTP code sent:

curl -d @params.json -H "Content-Type: application/json -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/sign/388141

params.json for Uanataca SMS:

{
    "secret": "123456"
}

params.json for other authentication methods:

{
    "secret": "123456"
    "ext_unlock_type": "biometric"
    "ext_unlock_value": "12345678-12345678"
}

A successful call will result in the following response:

{
    "status": "success",
    "message": "Signature process for Request 388141 completed",
    "detail": {
        "request": "388141",
        "documents": {
            "signed": [
                "aead990f-3c31-4a58-b8bd-49136f72e739"
            ],
            "inerror": []
        }
    }
}

STEP 7: RETRIEVE SIGNED P7M

API reference: Retrieve Document

Once the signature is done, the next step is to get the signed document.

To do this, query with an HTTP GET request the endpoint /api/v1/document/{pk}/{type}/{uid}, where {pk} is the Request's unique identifier, {type} is the type of the document (it can be "original" for the uploaded document or "signed" for the digitally-signed version) and {uid} is the document unique identifier.

curl -X GET https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141/712c29ac-a2dc-4530-8c67-d0f227d8294b?document_type=signed

The response obtained by the server will be the signed hash in a p7m structure, it's important to add .p7m extension to the information obtained

STEP 8: DELETE DOCUMENTS FROM OPTIMIZER

API reference: Delete All Documents

⚠ Since the service does not delete uploaded files unless explicitly requested through an API call, it is strongly recommended that you backup any file you want to preserve using an alternative system.

Delete all documents associated to a finished digital signature request.

curl -X DELETE https://one-shot.developers.uanataca.com/oneshot/api/v1/documents/388141

Asynchronous mode flow

This functionality is focused on providing the user with more transparency about the processes running in the background. Through a webhook designated by the user it is possible to collect state changes and the information they carry in order to enhance the end-user experience. Asynchronous flow includes shorter API response times to save resources, but the overall processing time is still the same as classic workflow.

The asynchronous signature process involves the following steps:

  1. RETRIEVE AN EXISTING TOKEN FOR THE RAO

  1. CREATE A NEW DIGITAL SIGNATURE REQUEST

  1. UPLOAD A DOCUMENT

  1. RETRIEVE SERVICE CONTRACT

  1. GENERATE AN OTP (only for Uanataca SMS)

  1. SIGN THE DOCUMENT

  1. RETRIEVE SIGNED DOCUMENT

  1. DELETE DOCUMENTS FROM OPTIMIZER

STEP 1: RETRIEVE AN EXISTING TOKEN FOR THE RAO

API Reference: List Tokens

The test-mode One-Shot Optimizer is pre-configured with a Registration Authority Officer (RAO) account ready to be used within sandbox environment. This account has an associated token that can be used to identify the RAO in API calls.

curl -X GET https://one-shot.developers.uanataca.com/oneshot/api/v1/tokens

This call should return the following JSON object:

{
    "status": "success",
    "detail": {
        "3bf8d8eb-d96c-41ea-83ad-d78a7016c7da": {
            "username": "1125824",
            "password": true,
            "pin": true,
            "rao_id": 44,
            "env": "sandbox"
        }
    }
}

This output tells us that a single token "3bf8d8eb-d96c-41ea-83ad-d78a7016c7da" exists. This token is associated to the RAO account with id "1125824" and can be used instead of the password and pin.

To use tokens in a production environment, you will need to create them first using the corresponding Create token API call.

STEP 2: CREATE A NEW DIGITAL SIGNATURE REQUEST

API Reference: Create Request

In One-Shot Signature Service, all data corresponding to a given digital signature is collected within a Digital Signature Request. This includes both the identifying information of the signing user -provided when you create the signature request- and the document or documents to be signed, to be uploaded in an upcoming step.

This call must include enough information to identify both the signing user and the RAO approving the request. The full description of the arguments accepted by this endpoint can be found in the API call detailed documentation, but for now it is enough to include at least the following:

curl --location --request POST 'https://one-shot.developers.uanataca.com/oneshot/api/v1/create' \
     --form 'token=3bf8d8eb-d96c-41ea-83ad-d78a7016c7da' \
     --form 'profile=PFnubeAFCiudadano' \
     --form 'given_name=name_of_the_user' \
     --form 'surname_1=surname_of_the_user' \
     --form 'email=user-example@domain.com' \
     --form 'mobile_phone_number=+343391234567' \
     --form 'document_front=@document_front.png' \
     --form 'document_rear=@document_rear.png' \
     --form 'document_owner=@document_owner.png'
     --form 'useasync=true'
     --form 'callback=https://callback.com'

where "token" is the token representing the RAO's credentials obtained in the previous step.

If the signature request is completed successfully, we will get the unique identifier assigned to it:

{
    "status": "success",
    "message": "Request created with pk 388184",
    "detail": {
        "status": "CREATED",
        "asyncmode": true,
        "pk": 388184
    }
}

The code shown above will be used to identify the created signature request in subsequent calls.

STEP 3: UPLOAD A DOCUMENT

API Reference: Upload Document

After creating the the signature request, we can associate all pdf documents that must be signed by the user.

curl -F "file=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141

#For multiple documents
curl -F "file=@doc.pdf" -F "file2=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141

Note that the number at the end of the call is the request id we obtained in the previous step.

If the upload is successful, the response will contain the identifier assigned to each document:

{
    "status": "success",
    "detail": [
        {
            "name": "file0",
            "uid": "aead990f-3c31-4a58-b8bd-49136f72e739"
        }
    ]
}

# Multiple documents response
{
    "status": "success",
    "detail": [
        {
            "name": "file0",
            "uid": "3a8f49de-37a2-48eb-99cb-621ad2db5b5c"
        },
        {
            "name": "file1",
            "uid": "e00a3bd4-87ab-414b-b359-e2bdc0c6a196"
        },
        {
            "name": "file2",
            "uid": "882c64a1-847b-4c96-b0b2-dd4f2b388407"
        }
    ]
}

STEP 4: RETRIEVE SERVICE CONTRACT

API Reference: Retrieve Contract

As a Trusted Service Provider, Uanataca must inform certificate requesters about terms and conditions ruling the issuance of certificates.

A service contract is generated for each digital certificate issue. The user must view the request-associated service contract to be signed in the same step as the documents, using the one-time certificate just issued.

curl -X GET https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141/contract

The response by the server will be the service contract document file in binary format:

%PDF
...

STEP 5: GENERATE AN OTP (only for Uanataca SMS)

API Reference: Generate OTP code

This step applies only for signatures made using Uanataca SMS method.

Once the documents to be signed are ready, we need to generate a secure One-time password (OTP) that allows the user to sign them. The OTP code is generated by executing the Generate OTP call and the resulting OTP is sent as an SMS message directly to the phone number is provided when creating the signature request.

When calling the OTP endpoint you must add the request identifier returned by the Create Request call:

curl -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/otp/388141

A successful call will look like this:

{
    "status": "success",
    "detail": "OTP successfully sent to +34666777888"
}

With this call, an SMS with the secret code is sent to the mobile phone number associated to the signature request.

STEP 6: SIGN THE DOCUMENT

API Reference: Sign

In this step the digital signature certificate is issued, then it signs all documents previously uploaded for the signature request.

Execute the sign call with the request id and json parameters containing the OTP code sent:

curl -d @params.json -H "Content-Type: application/json -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/sign/388141

params.json for Uanataca SMS:

{
    "secret": "123456",
    "signature": {
        "appearance": {
            "text": ["Firmado por: %(CN)s", "%(EMAIL)s %(L)s %(S)s %(SUBJECT)s", "Fecha: %(DATE)s"],
            "date": "%d/%m/%Y %H:%M:%S %z",
            "timezone": "Europe/Madrid",
            "position": "30, 100, 165, 150",
            "horizontal": false,
            "image": "a4c1ad3d-bd34-43c4-8913-ca80548c3181",
            "page": 0
        }
    }
}

params.json for other authentication methods:

{
    "secret": "123456",
    "ext_unlock_type": "biometric"
    "ext_unlock_value": "12345678-12345678"
    "signature": {
        "appearance": {
            "text": ["Firmado por: %(CN)s", "%(EMAIL)s %(L)s %(S)s %(SUBJECT)s", "Fecha: %(DATE)s"],
            "date": "%d/%m/%Y %H:%M:%S %z",
            "timezone": "Europe/Madrid",
            "position": "30, 100, 165, 150",
            "horizontal": false,
            "image": "a4c1ad3d-bd34-43c4-8913-ca80548c3181",
            "page": 0
        }
    }
}

A successful call will result in the following response:

{
    "status": "success",
    "message": "Your documents are going to be signed"
}

STEP 7: RETRIEVE SIGNED DOCUMENT

API reference: Retrieve Document

Once the signature is done, the next step is to get all signed documents.

To do this, query with an HTTP GET request the endpoint /api/v1/document/{pk}/{type}/{uid}, where {pk} is the Request's unique identifier, {type} is the type of the document (it can be "original" for the uploaded document or "signed" for the digitally-signed version) and {uid} is the document unique identifier.

curl -X GET https://one-shot.developers.uanataca.com/oneshot/api/v1/document/388141/712c29ac-a2dc-4530-8c67-d0f227d8294b?document_type=signed

The response obtained by the server will be the document in binary format:

%PDF
...

STEP 8: DELETE DOCUMENTS FROM OPTIMIZER

API reference: Delete All Documents

⚠ Since the service does not delete uploaded files unless explicitly requested through an API call, it is strongly recommended that you backup any file you want to preserve using an alternative system.

Delete all documents associated to a finished digital signature request.

curl -X DELETE https://one-shot.developers.uanataca.com/oneshot/api/v1/request/388141

Video ID Workflows

eIDAS VideoID

This workflow defines the complete process of issuing eIDAS certificates.

image-20241115-075554.png

This process involves the following steps:

  1. CREATE A NEW VIDEO ID SIGNATURE REQUEST

  1. REQUEST APPROVAL

  1. UPLOAD A DOCUMENT

  1. RETRIEVE SERVICE CONTRACT

  1. GENERATE AN OTP (only for Uanataca SMS)

  1. SIGN THE DOCUMENT

  1. RETRIEVE SIGNED DOCUMENT

  1. DELETE DOCUMENTS FROM OPTIMIZER

STEP 1: CREATE A NEW VIDEO ID SIGNATURE REQUEST

API Reference: Create Video ID Request

This call must include preliminary information to identify the signer.

curl -i -X POST https://one-shot.developers.uanataca.com/oneshot/api/v1/videoid \
    -H 'Content-Type: application/json' \
    -d '{
        "mobile_phone_number": "+34699999999",
        "email": "mail@domain",
        "registration_authority": "44",
        "profile": "PFnubeAFCiudadano",
        "videoid_mode": 1,
        "billing_username": "user@user",
        "billing_password": "password",
    }'

If the signature request is completed successfully, both video and request unique identifiers are returned, as well as the corresponding video id link:

{
    "status": "success",
    "message": "VideoID created with pk 12259",
    "detail": {
        "videoid_link": "https://www.sandbox.uanataca.com/lcmpl/videoid/ZjIxYTQyMjdlZWEwNDA5NzgyYWY4VlpwSWpfcUpNTnBJUnV4TXdrRkJsTE0ySkcyZ3JmVDFEUjg9OjRiZDM0Y2Y1NjJkZjMxMQ==",
        "videoid_pk": 12259,
        "request_pk": 388189
    }
}

The request starts at VIDEOPENDING status after creation. The request_pk output parameter will be used to identify this digital signature request in subsequent calls.

At this point, the workflow progress will depend on the video-identification successful completion. This action will change request status from VIDEOPENDING to VIDEOREVIEW.

In case the process is not totally completed or has failed for any reason, the request will change to VIDEOINCOMPLETE or VIDEOERROR respectively.

To inform business app and validation RAO about this change at the time it takes place, we recommend the implementation of a Webhook. Check our documentation for Webhook Configuration.

If request data needs to be modified, use the Update Request call. Check API Reference.
If request data needs to be retrieved, use the Get Request call. Check API Reference.

STEP 2: REQUEST APPROVAL

API Reference: Approve Request

This call makes the request ready for signature. Its status changes to ENROLLREADY and webhook intervention at this point is important for status update. In 1-step mode, both validation and approval occur when executing this call.

curl -i -X POST 'https://one-shot.developers.uanataca.com/api/v1/request/45836/approve' \
    -H 'Content-Type: application/json' \
    -d '{
        "username": "1000279",
        "password": "3DPTm:N4",
        "pin": "23bYQq9a",
        "rao": "1400"
    }'

OR

curl -i -X POST 'https://one-shot.developers.uanataca.com/api/v1/request/45836/approve' \
    -H 'Content-Type: application/json' \
    -d '{
        "token": "f734066d1ce36f9cae4d55be4cdac50e",
        "rao": "1400"
    }'

In case of using a token containing RAO's credentials.

The response is a JSON object with added request approval information.

{
    "status": "200 OK",
    "details": "Request approved successfully"
}

In case of not approving a request for any reason, the call Cancel Request must be executed. Check API Reference.

STEP 3: UPLOAD A DOCUMENT

API Reference: Upload Document

After creating the the signature request, we can associate all pdf documents that must be signed by the user.

curl -F "file=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/api/v1/document/1464

#For multiple documents
curl -F "file=@doc.pdf" -F "file2=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/api/v1/document/1464

Note that the number at the end of the call is the request id we obtained in the previous step.

If the upload is successful, the response will contain the identifier assigned to each document:

{
    "status": "200 OK",
    "details": "712c29ac-a2dc-4530-8c67-d0f227d8294b"
}

#Multiple documents response
{
"status": "200 OK",
"details": [
{
"digest": "8cb5502501c9e5c9fb6869670fd83ad4f7df948f01826a41e6e5649fa0d8b3ad",
"uid": "ec27331a-a78a-4461-b897-8e2ca158cef7",
"key": "file2",
"filename": "doc.pdf"
},
{
"digest": "8cb5502501c9e5c9fb6869670fd83ad4f7df948f01826a41e6e5649fa0d8b3ad",
"uid": "7c0acde7-2f56-49b3-a129-a00d910912ef",
"key": "file",
"filename": "doc.pdf"
        }
    ]
}

STEP 4: RETRIEVE SERVICE CONTRACT

API Reference: Retrieve Contract

As a Trusted Service Provider, Uanataca must inform certificate requesters about terms and conditions ruling the issuance of certificates.

A service contract is generated for each digital certificate issue. The user must view the request-associated service contract to be signed in the same step as the documents, using the one-time certificate just issued.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/contract

The response by the server will be the service contract document file in binary format:

%PDF
...

STEP 5: GENERATE AN OTP (only for Uanataca SMS)

API Reference: Generate OTP code

This step applies only for signatures made using Uanataca SMS method.

Once the documents to be signed are ready, we need to generate a secure One-time password (OTP) that allows the user to sign them. The OTP code is generated by executing the Generate OTP call and the resulting OTP is sent as an SMS message directly to the phone number is provided when creating the signature request.

When calling the OTP endpoint you must add the request identifier returned by the Create Request call:

curl -X POST https://one-shot.developers.uanataca.com/api/v1/otp/1464

A successful call will look like this:

{
    "status": "200 OK",
    "details": "OTP generated"
}

With this call, an SMS with the secret code is sent to the mobile phone number associated to the signature request.

STEP 6: SIGN THE DOCUMENT

API Reference: Sign

In this step the digital signature certificate is issued, then it signs all documents previously uploaded for the signature request.

Execute the sign call with the request id and json parameters containing the OTP code sent:

curl -d @params.json -H "Content-Type: application/json -X POST https://one-shot.developers.uanataca.com/api/v1/sign/1464

params.json for Uanataca SMS:

{
    "secret": "123456"
}

params.json for other authentication methods:

{
    "secret": "123456"
    "ext_unlock_type": "biometric"
    "ext_unlock_value": "12345678-12345678"
}

A successful call will result in the following response:

{
    "status": "200 OK",
    "details": "Documents correctly signed"
}

STEP 7: RETRIEVE SIGNED DOCUMENT

API reference: Retrieve Document

Once the signature is done, the next step is to get all signed documents.

To do this, query with an HTTP GET request the endpoint /api/v1/document/{pk}/{type}/{uid}, where {pk} is the Request's unique identifier, {type} is the type of the document (it can be "original" for the uploaded document or "signed" for the digitally-signed version) and {uid} is the document unique identifier.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/signed/712c29ac-a2dc-4530-8c67-d0f227d8294b

The response obtained by the server will be the document in binary format:

%PDF
...

STEP 8: DELETE DOCUMENTS FROM OPTIMIZER

API reference: Delete All Documents

Since the service does not delete uploaded files unless explicitly requested through an API call, it is strongly recommended that you backup any file you want to preserve using an alternative system.

Delete all documents associated to a finished digital signature request.

curl -X DELETE https://one-shot.developers.uanataca.com/api/v1/documents/1464

External Mode

In External mode Video ID, digital evidences are uploaded to an independent Video ID platform.

image-20241115-080924.png

This process involves the following steps:

  1. CREATE A NEW VIDEO ID SIGNATURE REQUEST

  1. UPLOAD DATA & VIDEO

  1. REQUEST APPROVAL

  1. UPLOAD A DOCUMENT

  1. RETRIEVE SERVICE CONTRACT

  1. GENERATE AN OTP (only for Uanataca SMS)

  1. SIGN THE DOCUMENT

  1. RETRIEVE SIGNED DOCUMENT

  1. DELETE DOCUMENTS FROM OPTIMIZER

STEP 1: CREATE A NEW VIDEO ID SIGNATURE REQUEST

API Reference: Create Video ID Request

This call must include preliminary information to identify the signer.

curl -i -X POST https://one-shot.developers.uanataca.com/api/v1/videoid \
    -H 'Content-Type: application/json' \
    -d '{
        "mobile_phone_number": "+34699999999",
        "email": "mail@domain",
        "registration_authority": "44",
        "profile": "PFnubeQAFCiudadano",
        "videoid_mode": 1
    }'

If the signature request is completed successfully, we will get the unique identifier assigned to it:

{
    "status": "200 OK",
    "details": {
        "videoid_pk": 150,
        "videoid_link": "",
        "request_pk": 45836
    }
}

The response is the a JSON containing important request parameters, in VIDEOPENDING status after creation. The request_pk output parameter will be used to identify this digital signature request in subsequent calls.

If request data needs to be modified, use the Update Request call. Check API Reference.

If request data needs to be retrieved, use the Get Request call. Check API Reference.

STEP 2: UPLOAD DATA & VIDEO

A previously created Video ID Request needs a set of information defined as evidences.

  • The successful upload of ALL information will change the request status to VIDEOREVIEW.

  • The partial upload of the information will change the request status to VIDEOINCOMPLETE.

  • If the upload process fails for any reason, the request status will change to VIDEOERROR.

Data and images are uploaded by using the Upload Data Evidence call.

API Reference: Upload Data Evidence

Data objects in detail:

acceptance : Client acceptance parameters (e.g. Terms & Conditions, Privacy Policy). This is a customizable JSON object.
videoid_data : Set of information about the Request. Contains:

  • images: Pictures associated to the client's ID document plus a face selfie of him/her.

  • ocr_data : Text information extracted from the client's ID document via Optical Character Recognition (OCR).

  • security_checks : Set of validation fields associated to the client's identity (underaging, matching info, liveliness, etc)

  • similarity_level : Similarity level between document picture and face selfie. Ranges within 0 to 100

This call must include all the information mentioned above.

curl -i -X POST https://one-shot.developers.uanataca.com/api/v1/videoid/45836/evidences \
    -H 'Content-Type: application/json' \
    -d '{
        "acceptance": {
            "description": "User Accepted Terms and Conditions and Privacy Policy",
            "url-doc-privacypolicy": "https://www.uanataca.com/public/pki/privacidad-PSC/",
            "ip": "186.0.91.53",
            "url-web-videoid": "https://cms.sandbox.uanataca.com/lcmpl/videoid/46b92251-4ba8-4930-a5aa-8631ec4666b6",
            "user-agent": "Mozilla/5.0 (Linux; Android 11; AC2003)",
            "date": 1622823879708,
            "url-doc-termsconditions": "https://www.uanataca.com/public/pki/terminos-VID/"
        },
        "videoid_data": {
            "images": {
                "document_front": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAM (...)",
                "document_rear": "/I7ye60+aOKS0mVGVSD9RVfyXukjmnS3cAEbpMVm6M1ncWqS3FszptO1lPRRDJ+orI8b (...)",
                "document_photo": "AkjOOwFfHFrrNlpXxcbU9QuIIIkvR56yddgHpX3GEj1PmanmdS/xV1ySVlv/AIbXLPO (...)",
                "document_owner": "SSVnovgCZ4Lhk+R3lJPUDJr5t/Z/wBV1DWfjRbeI75B5iQytcykc7yMEAV2/iwC0T34 (...)"
            },
            "ocr_data": {
                "given_name": "Name",
                "surname_1": "Surname 1",
                "surname_2": "Surname 2",
                "mobile_phone_number": "+34999999999",
                "email": "mail@domain",
                "serial_number": "A9999999E",
                "id_document_type": "IDC",
                "id_document_country": ES
            },
            "security_checks": {
                "otp_validation": true,
                "documents_match": true,
                "data_integrity": true,
                "document_notcopy": true,
                "document_notexpired": true,
                "document_notunderage": true,
                "liveliness": true
            },
            "similarity_level": "high"
        }
    }'

Successful response status

{
    "status": "200 OK",
    "details": "Videoid evidences uploaded"
}

In the same way, binary multiformat Video is uploaded by using the Upload Video call.

API Reference: Upload Video

curl -i -X POST https://one-shot.developers.uanataca.com/v1/upload/video/30e57b02819a430d8386fd85be9f499f/ \
    -H 'Content-Type: multipart/form-data' \
    -F video=@sample_folder/sample_video.mp4

Successful response status

{
    "status": "200 OK",
    "details": "Videoid video upload completed"
}

If the uploaded video needs to be retrieved, use Download Video

STEP 3: REQUEST APPROVAL

API Reference: Approve Request

This call makes the request ready for signature. Its status changes to ENROLLREADY.

curl -i -X POST 'https://api.uanataca.com/api/v1/request/45836/approve' \
    -H 'Content-Type: application/json' \
    -d '{
        "username": "1000279",
        "password": "3DPTm:N4",
        "pin": "23bYQq9a",
        "rao": 972
    }'

The response is a JSON object with added request approval information.

{
    "status": "200 OK",
    "details": "Request approved successfully"
}

In case of not approving a request for any reason, the call Cancel Request must be executed. Check API Reference.

STEP 4: UPLOAD A DOCUMENT

API Reference: Upload Document

After creating the the signature request, we can associate all pdf documents that must be signed by the user.

curl -F "file=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/api/v1/document/1464

#For multiple documents
curl -F "file=@doc.pdf" -F "file2=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/api/v1/document/1464

Note that the number at the end of the call is the request id we obtained in the previous step.

If the upload is successful, the response will contain the identifier assigned to each document:

{
    "status": "200 OK",
    "details": "712c29ac-a2dc-4530-8c67-d0f227d8294b"
}

#Multiple documents response
{
"status": "200 OK",
"details": [
{
"digest": "8cb5502501c9e5c9fb6869670fd83ad4f7df948f01826a41e6e5649fa0d8b3ad",
"uid": "ec27331a-a78a-4461-b897-8e2ca158cef7",
"key": "file2",
"filename": "doc.pdf"
},
{
"digest": "8cb5502501c9e5c9fb6869670fd83ad4f7df948f01826a41e6e5649fa0d8b3ad",
"uid": "7c0acde7-2f56-49b3-a129-a00d910912ef",
"key": "file",
"filename": "doc.pdf"
        }
    ]
}

STEP 5: RETRIEVE SERVICE CONTRACT

API Reference: Retrieve Contract

As a Trusted Service Provider, Uanataca must inform certificate requesters about terms and conditions ruling the issuance of certificates.

A service contract is generated for each digital certificate issue. The user must view the request-associated service contract to be signed in the same step as the documents, using the one-time certificate just issued.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/contract

The response by the server will be the service contract document file in binary format:

%PDF
...

STEP 6: GENERATE AN OTP (only for Uanataca SMS)

API Reference: Generate OTP code

This step applies only for signatures made using Uanataca SMS method.

Once the documents to be signed are ready, we need to generate a secure One-time password (OTP) that allows the user to sign them. The OTP code is generated by executing the Generate OTP call and the resulting OTP is sent as an SMS message directly to the phone number is provided when creating the signature request.

When calling the OTP endpoint you must add the request identifier returned by the Create Request call:

curl -X POST https://one-shot.developers.uanataca.com/api/v1/otp/1464

A successful call will look like this:

{
    "status": "200 OK",
    "details": "OTP generated"
}

With this call, an SMS with the secret code is sent to the mobile phone number associated to the signature request.

STEP 7: SIGN THE DOCUMENT

API Reference: Sign

In this step the digital signature certificate is issued, then it signs all documents previously uploaded for the signature request.

Execute the sign call with the request id and json parameters containing the OTP code sent:

curl -d @params.json -H "Content-Type: application/json -X POST https://one-shot.developers.uanataca.com/api/v1/sign/1464

params.json for Uanataca SMS:

{
    "secret": "123456"
}

params.json for other authentication methods:

{
    "secret": "123456"
    "ext_unlock_type": "biometric"
    "ext_unlock_value": "12345678-12345678"
}

A successful call will result in the following response:

{
    "status": "200 OK",
    "details": "Documents correctly signed"
}

STEP 8: RETRIEVE SIGNED DOCUMENT

API reference: Retrieve Document

Once the signature is done, the next step is to get all signed documents.

To do this, query with an HTTP GET request the endpoint /api/v1/document/{pk}/{type}/{uid}, where {pk} is the Request's unique identifier, {type} is the type of the document (it can be "original" for the uploaded document or "signed" for the digitally-signed version) and {uid} is the document unique identifier.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/signed/712c29ac-a2dc-4530-8c67-d0f227d8294b

The response obtained by the server will be the document in binary format:

%PDF
...

STEP 9: DELETE DOCUMENTS FROM OPTIMIZER

API reference: Delete All Documents

Since the service does not delete uploaded files unless explicitly requested through an API call, it is strongly recommended that you backup any file you want to preserve using an alternative system.

Delete all documents associated to a finished digital signature request.

curl -X DELETE https://one-shot.developers.uanataca.com/api/v1/documents/1464

Configuration

One-Shot Optimizer can be supplied as a Docker image. See the configuration description in:
One-Shot Optimizer on Docker

Hardware requirements

CPU: modern multicore (minimum 4 core)

RAM: 8GB

HDD: 200 GB

One-Shot Optimizer on Docker

This configuration requires a server with a Linux operating system.

The commands show belown are suitable for Ubuntu. Each Linux distribution will require it's own commands.

STEP 1: Install Docker and Docker-Compose.

Docker and Docker-Compose

Run the following commands in this order.

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Run command sudo docker run hello-world to check the installation.

STEP 2: Extract and copy One-Shot Optimizer zip content to the server.

Extract all uanataca_optimizer_docker.zip content in a local folder.

Copy the folder to /opt path in the server.

The outcome should look like this:

Captura de pantalla 2024-12-11 170055.png

STEP 3: Mapping volumes

In high performance environments working with a pool of Optimizers, service settings, data and logs must be stored in a shared volume outside Optimizer servers. These volumes must be defined in the docker-compose.yml file for each One-Shot Optimizer.

cd /opt/uanataca_optimizer_docker/

Docker-compose.yml settings file:

Captura de pantalla 2024-12-11 170314.png

STEP 4: Load the One-Shot Docker images.

Run the following commands:

cd /opt/uanataca_optimizer_docker
docker image load -i uanataca_optimizer.tar

Remove image files:

rm -rf /opt/uanataca_optimizer_docker/uanataca_optimizer.tar

STEP 5: Launch the service.

Run the following commands:

cd /opt/uanataca_optimizer_docker
docker-compose up -d

Check service status:

docker-compose ps

NAME                                    IMAGE                   COMMAND                  SERVICE     CREATED          STATUS          PORTS
uanataca_optimizer_docker-optimizer-1   uanatacaoptimizer:1.0   "/docker-entrypoint.…"   optimizer   49 minutes ago   Up 49 minutes   0.0.0.0:5678->5678/tcp, 0.0.0.0:16100->16100/tcp
uanataca_optimizer_docker-redis-1       redis                   "docker-entrypoint.s…"   redis       49 minutes ago   Up 49 minutes   0.0.0.0:6379->6379/tcp

All services must be UP.

STEP 6: Service settings.

See service settings configuration section.

Rootstore configuration

As a requirement for LTV/LTVLITE signature level, we must add to the optimizer every chain of trust for each certificate that is involved in the signature.

In case that you don't make use of LTV/LVTLITE signature level, this process is NOT necessary.

This process vary depending on the selected optimizer install method.

Every certificate introduced in the optimizer regarding the rootstore needs to be formatted as a PEM file and introduced in a specific folder. Below an example of the general structure that is needed.

Note: Number of lines below the header are not representative of a real certificate.

-----BEGIN CERTIFICATE-----
MIIIWjCCBkKgAwIBAgIIICfKLtFjrRMwDQYJKoZIhvcNAQELBQAwgbkxCzAJBgNV
BAYTAkVTMUQwQgYDVQQHDDtCYXJjZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3Mg
YXQgd3d3LnVhbmF0YWNhLmNvbS9hZGRyZXNzKTEWMBQGA1UECgwNVUFOQVRBQ0Eg
Uy5BLjEVMBMGA1UECwwMVFNQLVVBTkFUQUNBMRswGQYDVQQDDBJVQU5BVEFDQSBS
K+0fx83luCN81YLsUpdpc3e0URG7eDMKNG54WvtW
-----END CERTIFICATE-----

Docker

STEP 1: Load certificates in the optimizer

Load the PEM files in the following path or your mapped volume:

opt/uanataca_optimizer_docker/optimizer_data/localstore/

STEP 2: Execute the script

It is needed the execution of a command on the optimizer container

docker compose exec optimizer python -m optimizer generate-rootstore

Service settings

Requirements:

  • Billing credentials for the selected environment.

  • Credentials or token generated from these belonging to the authorized operator.

  • Certificate (.cer) and key (.key) files for connection to the selected environment.

  • The Id number for the Registration Authority that will issue the certificates.

This steps are for both sandbox or production environment.

You should have received a certificate (.cer) and a key (.key) file to be used to identify your application in communications with Uanataca signature services. Place both files in the certificates folder.

Path: /opt/uanataca_optimizer_docker/optimizer_data/certs/<sandbox/prod>

Captura de pantalla 2024-12-11 180848.png

Settings.ini file

This is the file that contains all the optimizer setting variables, here you can set values that will be taken as default in case that they did not get sent directly through the api call. There are some shared values between the API call and this file, and some regarding background configurations. You can find a brief explanation below.

The following is a view of the settings.ini file:

[general]
environment = prod

[tsa]
url = https://tsa.uanataca.com/tsa/tss03

[billing]
username = 
password = 

[proxy]
use = false
host = 192.168.1.78
port = 8888
protocol = http
username = asi
password = password
usecredentials = true
24|proxy_password = password
25|useproxycredentials = true

environment: Work environment of the optimizer, taken as default if not send through API
tsa_url: Timestamping to apply on signatures
username: Billing username of the desired environment
password: Billing password codified in base64

Except by tsa_url, all parameters shown below are replaced every time the Create Video ID Request call is executed.

Once you are done editing the file, restart the One-Shot Optimizer service to changes take effect.

Docker:

cd /opt/uanataca_optimizer_docker
docker-compose restart

Webhook Configuration

One-Shot API requires a Webhook implemented on customer business side to manage our service callbacks. Every request status change will trigger a simple event-notification via HTTP POST, consisting on a JSON object to an URL that must be explicitly included as an optional parameter in the Create Video ID Request call. Keep in mind that the webhook passed as parameter will be only for testing purposes, the definitive webhook has to be set in your belonging RA by Operations Department.

The following is a sample view of the JSON object that is sent as a callback at every status change:

{
    "status": "VIDEOINCOMPLETE", 
    "date": "2021-07-20T08:08:21.132394", 
    "previous_status": "VIDEOPENDING", 
    "request": 46760, 
    "registration_authority": 139
}

Where: status is the most recent status, this is, the status that triggered the notification.
date is the date of the request status change in datetime format.
previous_status is the status inmediately previous to last change.
request is the request unique id.
registration_authority is the Registration Authority id number the request is associated.

Sample code

In this sample, every JSON object is stored in a file named 'videoid'.

The webhook parameter used in the Create Video ID Request call is defined as:

{host}/videoid

where {host} is the IP or domain from the server exposing the webhook.

Python

import web
import datetime

urls = (
        '/videoid, 'videoid',
        )

app = web.application(urls, globals())
app = app.wsgifunc()

class video:
    def POST(self):
        data = web.data()
        f = open("status.json",'a+')
        f.write(data)
        f.close()
        return ''

if __name__ == "__main__":
    app.run()

PHP

<?php

//videoid.json

$post = file_get_contents('php://input',true);
$file_handle = fopen('/videoid/status.json', 'w');
fwrite($file_handle, $post);
fclose($file_handle);

?>

Logs

Service logs are stored in the running docker container. You can reach them executing:

docker-compose logs

Postman collection

A postman collection is available as a support for a quick start.
It is only required to edit hostvariable in Postman environment with the IP or domain of One-Shot Optimizer.

One-Shot Postman collection download

API Reference

https://cdn.developers.uanataca.com/oneshot/oneshot.html

  • No labels