UANATACA ONE-SHOT SIGNATURE API DOCUMENTATION (v1)

What it is

One-Shot represents the solution for electronic signatures based on a single-use certificate issuance. One-Shot API is the solution for Uanataca One-Shot Signature service, a complete option that can be implemented as part of your application or web.

It is designed in such a way that no sensitive data has to be sent away from your premises, as only hashes of the documents to be signed need to be transmitted to the signature service. Documents are signed by means of the creation of single-use digital certificates, which are created at the moment of the signature operation for immediate use to electronically sign all documents included.

Electronic signatures include a time stamp, providing a document signature with a reliable date and time.

How it works

The API is given with a module called One-Shot Optimizer, a server system that exposes our One-Shot HTTP RESTful API through which business applications are able to process their electronic signature requests.

One-Shot Optimizer performs the most computationally expensive workload of the signature process, thus reducing data traffic on the local network and performing most cryptographic hardware acceleration. The documents to be signed are processed in the customer business layer and are not send to Uanataca Services since a hash of the document is sent, created from a hash algorithm.

Uanataca is a Qualified Trusted Service Provider that issues digital certificates by means of its own trusted Certification Authority (CA). Additionally, the role of the Registration Authority Officials (RAO) is vital in the process as they manage every request for new digital certificates that is received from new users. Issued certificates can be used to electronically sign documents.

One-Shot Signature certificates are generated on the spot every time a new set of documents requires a signature. Through One-Shot Signature service you will play RAO's role, providing identification data for each user and requesting the generation of signature certificates. Once user registration data has been provided and the certificate is ready to be issued, the end user triggers the generation of the digital certificate. This action completes the signature procedure.

The electronic signatures are performed on Uanataca Trusted Service Center side, where signature keys are generated and stored in a Qualified Electronic Signature Creation Device (QSCD) system.


img

Test Environment

For testing purposes, Uanataca provides integrators of a pre-configured test-mode One-Shot Optimizer accessible at the following URL:


https://one-shot.developers.uanataca.com

In test environment, requests can be easily created, validated or approved by using a stored default Operator credentials set represented by an alfanumeric string called token. This token can be found when executing the List Tokens call.


List Tokens call output:

{
    "status": "200 OK",
    "details": {
        "6d1cae4d55be4cdf9cac50ee36f73406": {
            "username": "9001800",
            "password": true,
            "pin": true,
            "NOTE": "On this demo environment, this method will only return the demo token"
        }
    }
}

When using our test-mode Optimizer, you must consider:

  1. No Billing credentials are required.
  2. The Registration Authority id number will be explicitly assigned by our staff.
  3. The token ´6d1cae4d55be4cdf9cac50ee36f73406´ is valid for using in Create Request call. Cannot be deleted.

Want to configure your own test-mode Optimizer? Find instructions in the configuration section.

Classic Workflow

In a common One-Shot Signature service, an OTP (One-Time Password) code is sent via SMS to the end user, directly from Uanataca services. The OTP verification method is used to trigger the issuance of the single-use digital signature certificate, which is inmediately used to sign the request associated documents e.g. the service contract.

One-Shot Signature can use other external authentication methods instead of Uanataca SMS. This alternative methods are subjected to approval.

The following images summarize One-Shot Signature flow involving both authentication methods:


Uanataca SMS

img


  1. The business application creates a new digital signature request, providing all required user data
  2. One-Shot Optimizer returns an identifier for the certificate request
  3. The business application provides the documents to be signed by the end user
  4. The business application retrieves the service contract
  5. The business application shows the documents to be signed and the service contract to its end user
  6. After reviewing the documents, the end user agrees to sign them
  7. The business application starts the signature process by requesting the generation of an One-Time Password (OTP) token for the signature
  8. Uanataca services sends the OTP code directly to the end user through an SMS message
  9. By introducing the OTP code, the end user identifies himself as the subject of the signature certificate
  10. The business application provides the OTP and the identifier of the signature request to the One-Shot Optimizer
  11. One-Shot Optimizer takes care of computing the hash of the documents to be signed in the business layer
  12. Hashes are sent with the request identifier and OTP code to Uanataca Services
  13. The end user signature certificate is generated and used to sign the hashes
  14. The signed hashes and the signature identifier are returned to the One-Shot Optimizer
  15. One-Shot Optimizer generates the signed document envelopment, combining the original documents with the signed hashes
  16. Finallly, the business application calls One-Shot Optimizer API to obtain the signed documents

Other authentication methods

img


  1. The business application creates a new digital signature request, providing all required user data
  2. One-Shot Optimizer returns an identifier for the certificate request
  3. The business application provides the documents to be signed by the end user
  4. The business application retrieves the service contract
  5. The business application shows the documents to be signed and the service contract to its end user
  6. After reviewing the documents, the end user agrees to sign them
  7. The client application starts the signature process with an authentication method provided by the client
  8. One-Shot Optimizer takes care of computing the hash of the documents to be signed in the business layer
  9. Hashes are sent together with the request identifier and an id of the business authentication method to Uanataca Services
  10. The end user signature certificate is generated and used to sign the hashes
  11. The signed hashes and the signature identifier are returned to the One-Shot Optimizer
  12. One-Shot Optimizer generates the signed document envelopment, combining the original documents with the signed hashes
  13. Finally, the business application calls One-Shot Optimizer API to obtain the signed documents

The next section presents the workflow for a simple use case of the One-Shot Signature service with a step-by-step description of the API calls required to allow a user to digitally sign a document provided by the client application.


The basic digital signature process involves the following steps:

1) RETRIEVE AN EXISTING TOKEN FOR THE RAO

2) CREATE A NEW DIGITAL SIGNATURE REQUEST

3) UPLOAD A DOCUMENT

4) RETRIEVE SERVICE CONTRACT

5) GENERATE AN OTP (only for Uanataca SMS)

6) SIGN THE DOCUMENT

7) RETRIEVE SIGNED DOCUMENT

8) DELETE DOCUMENTS FROM OPTIMIZER


STEP 1: RETRIEVE AN EXISTING TOKEN FOR THE RAO


API Reference: List Tokens

The test-mode One-Shot Optimizer is pre-configured with a Registration Authority Officer (RAO) account ready to be used within the test environment. This account has an associated token that can be used to identify the RAO in API calls.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/tokens

This call should return the following JSON object:

{
    "status": "200 OK",
    "details": {
        "6d1cae4d55be4cdf9cac50ee36f73406": {
            "username": "9001800",
            "password": true,
            "pin": true
        }
    }
}

This output tells us that a single token "6d1cae4d55be4cdf9cac50ee36f73406" exists. This token is associated to the RAO account with id "9001800" and can be used instead of the password and pin.

To use tokens in a production environment, you will need to create them first using the corresponding Create token API call.


STEP 2: CREATE A NEW DIGITAL SIGNATURE REQUEST


API Reference: Create Request

In One-Shot Signature Service, all data corresponding to a given digital signature is collected within a Digital Signature Request. This includes both the identifying information of the signing user -provided when you create the signature request- and the document or documents to be signed, to be uploaded in an upcoming step.

This call must include enough information to identify both the signing user and the RAO approving the request. The full description of the arguments accepted by this endpoint can be found in the API call detailed documentation, but for now it is enough to include at least the following:

curl --location --request POST 'https://one-shot.developers.uanataca.com/api/v1/request' \
     --form 'token=6d1cae4d55be4cdf9cac50ee36f73406' \
     --form 'profile=PFnubeQAFCiudadano' \
     --form 'given_name=name_of_the_user' \
     --form 'surname_1=surname_of_the_user' \
     --form 'email=user-example@domain.com' \
     --form 'mobile_phone_number=+343391234567' \
     --form 'document_front=@document_front.png' \
     --form 'document_rear=@document_rear.png' \
     --form 'document_owner=@document_owner.png'

where "token" is the token representing the RAO's credentials obtained in the previous step.

If the signature request is completed successfully, we will get the unique identifier assigned to it:

{
    "status": "201 Created",
    "details": 1464
}

The code shown above will be used to identify the created signature request in subsequent calls.


STEP 3: UPLOAD A DOCUMENT


API Reference: Upload Document

After creating the the signature request, we can associate all pdf documents that must be signed by the user.

curl -F "file=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/api/v1/document/1464

Note that the number at the end of the call is the request id we obtained in the previous step.

If the upload is successful, the response will contain the identifier assigned to each document:

{
    "status": "200 OK",
    "details": "712c29ac-a2dc-4530-8c67-d0f227d8294b"
}

STEP 4: RETRIEVE SERVICE CONTRACT


API Reference: Retrieve Contract

As a Trusted Service Provider, Uanataca must inform certificate requesters about terms and conditions ruling the issuance of certificates.

A service contract is generated for each digital certificate issue. The user must view the request-associated service contract to be signed in the same step as the documents, using the one-time certificate just issued.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/contract

The response by the server will be the service contract document file in binary format:

%PDF
...

STEP 5: GENERATE AN OTP (only for Uanataca SMS)


API Reference: Generate OTP code

This step applies only for signatures made using Uanataca SMS method.

Once the documents to be signed are ready, we need to generate a secure One-time password (OTP) that allows the user to sign them. The OTP code is generated by executing the Generate OTP call and the resulting OTP is sent as an SMS message directly to the phone number is provided when creating the signature request.

When calling the OTP endpoint you must add the request identifier returned by the Create Request call:

curl -X POST https://one-shot.developers.uanataca.com/api/v1/otp/1464

A successful call will look like this:

{
    "status": "200 OK",
    "details": "OTP generated"
}

With this call, an SMS with the secret code is sent to the mobile phone number associated to the signature request.


STEP 6: SIGN THE DOCUMENT


API Reference: Sign

In this step the digital signature certificate is issued, then it signs all documents previously uploaded for the signature request.

Execute the sign call with the request id and json parameters containing the OTP code sent:

curl -d @params.json -H "Content-Type: application/json -X POST https://one-shot.developers.uanataca.com/api/v1/sign/1464

params.json for Uanataca SMS:

{
    "secret": "123456"
}

params.json for other authentication methods:

{
    "secret": "123456"
    "ext_unlock_type": "biometric"
    "ext_unlock_value": "12345678-12345678"
}

A successful call will result in the following response:

{
    "status": "200 OK",
    "details": "Documents correctly signed"
}

STEP 7: RETRIEVE SIGNED DOCUMENT


API reference: Retrieve Document

Once the signature is done, the next step is to get all signed documents.

To do this, query with an HTTP GET request the endpoint /api/v1/document/{pk}/{type}/{uid}, where {pk} is the Request's unique identifier, {type} is the type of the document (it can be "original" for the uploaded document or "signed" for the digitally-signed version) and {uid} is the document unique identifier.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/signed/712c29ac-a2dc-4530-8c67-d0f227d8294b

The response obtained by the server will be the document in binary format:

%PDF
...

STEP 8: DELETE DOCUMENTS FROM OPTIMIZER


API reference: Delete All Documents

⚠ Since the service does not delete uploaded files unless explicitly requested through an API call, it is strongly recommended that you backup any file you want to preserve using an alternative system.

Delete all documents associated to a finished digital signature request.

curl -X DELETE https://one-shot.developers.uanataca.com/api/v1/documents/1464

Video ID Workflows

eIDAS VideoID

This workflow defines the complete process of issuing eIDAS certificates.


img


This process involves the following steps:

1) CREATE A NEW VIDEO ID SIGNATURE REQUEST

2) REQUEST APPROVAL

3) UPLOAD A DOCUMENT

4) RETRIEVE SERVICE CONTRACT

5) GENERATE AN OTP (only for Uanataca SMS)

6) SIGN THE DOCUMENT

7) RETRIEVE SIGNED DOCUMENT

8) DELETE DOCUMENTS FROM OPTIMIZER


STEP 1: CREATE A NEW VIDEO ID SIGNATURE REQUEST


API Reference: Create Video ID Request

This call must include preliminary information to identify the signer.

curl -i -X POST https://one-shot.developers.uanataca.com/api/v1/videoid \
    -H 'Content-Type: application/json' \
    -d '{
        "mobile_phone_number": "+34699999999",
        "email": "mail@domain",
        "registration_authority": "139",
        "profile": "PFnubeQAFCiudadano",
        "videoid_mode": 1,
        "webhook_url": "my-webhook-url.com"
    }'

If the signature request is completed successfully, both video and request unique identifiers are returned, as well as the corresponding video id link:

{
    "status": "200 OK",
    "details": {
        "videoid_pk": 150,
        "videoid_link": "https://cms.access.bit4id.org:13035/lcmpl/videoid/ZWxlY3Ryb25pY2lkOkl3YlBNdTktcXpBTU1yd0ROeUR0VWNRNk02bVVmVV9SQnZqYnFOR0Vhc2(...)",
        "request_pk": 45836
    }
}

The request starts at VIDEOPENDING status after creation. The request_pk output parameter will be used to identify this digital signature request in subsequent calls.


At this point, the workflow progress will depend on the video-identification successful completion. This action will change request status from VIDEOPENDING to VIDEOREVIEW.

⚠ In case the process is not totally completed or has failed for any reason, the request will change to VIDEOINCOMPLETE or VIDEOERROR respectively.

To inform business app and validation RAO about this change at the time it takes place, we recommend the implementation of a Webhook. Check our documentation for Webhook Configuration.

If request data needs to be modified, use the Update Request call. Check API Reference.
If request data needs to be retrieved, use the Get Request call. Check API Reference.


STEP 2: REQUEST APPROVAL


API Reference: Approve Request

This call makes the request ready for signature. Its status changes to ENROLLREADY and webhook intervention at this point is important for status update. In 1-step mode, both validation and approval occur when executing this call.

curl -i -X POST 'https://one-shot.developers.uanataca.com/api/v1/request/45836/approve' \
    -H 'Content-Type: application/json' \
    -d '{
        "username": "1000279",
        "password": "3DPTm:N4",
        "pin": "23bYQq9a",
        "rao": "1400"
    }'

OR

curl -i -X POST 'https://one-shot.developers.uanataca.com/api/v1/request/45836/approve' \
    -H 'Content-Type: application/json' \
    -d '{
        "token": "f734066d1ce36f9cae4d55be4cdac50e",
        "rao": "1400"
    }'    

In case of using a token containing RAO's credentials.

The response is a JSON object with added request approval information.

{
    "status": "200 OK",
    "details": "Request approved successfully"
}

In case of not approving a request for any reason, the call Cancel Request must be executed. Check API Reference.


STEP 3: UPLOAD A DOCUMENT


API Reference: Upload Document

After creating the the signature request, we can associate all pdf documents that must be signed by the user.

curl -F "file=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/api/v1/document/1464

Note that the number at the end of the call is the request id we obtained in the previous step.

If the upload is successful, the response will contain the identifier assigned to each document:

{
    "status": "200 OK",
    "details": "712c29ac-a2dc-4530-8c67-d0f227d8294b"
}

STEP 4: RETRIEVE SERVICE CONTRACT


API Reference: Retrieve Contract

As a Trusted Service Provider, Uanataca must inform certificate requesters about terms and conditions ruling the issuance of certificates.

A service contract is generated for each digital certificate issue. The user must view the request-associated service contract to be signed in the same step as the documents, using the one-time certificate just issued.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/contract

The response by the server will be the service contract document file in binary format:

%PDF
...

STEP 5: GENERATE AN OTP (only for Uanataca SMS)


API Reference: Generate OTP code

This step applies only for signatures made using Uanataca SMS method.

Once the documents to be signed are ready, we need to generate a secure One-time password (OTP) that allows the user to sign them. The OTP code is generated by executing the Generate OTP call and the resulting OTP is sent as an SMS message directly to the phone number is provided when creating the signature request.

When calling the OTP endpoint you must add the request identifier returned by the Create Request call:

curl -X POST https://one-shot.developers.uanataca.com/api/v1/otp/1464

A successful call will look like this:

{
    "status": "200 OK",
    "details": "OTP generated"
}

With this call, an SMS with the secret code is sent to the mobile phone number associated to the signature request.


STEP 6: SIGN THE DOCUMENT


API Reference: Sign

In this step the digital signature certificate is issued, then it signs all documents previously uploaded for the signature request.

Execute the sign call with the request id and json parameters containing the OTP code sent:

curl -d @params.json -H "Content-Type: application/json -X POST https://one-shot.developers.uanataca.com/api/v1/sign/1464

params.json for Uanataca SMS:

{
    "secret": "123456"
}

params.json for other authentication methods:

{
    "secret": "123456"
    "ext_unlock_type": "biometric"
    "ext_unlock_value": "12345678-12345678"
}

A successful call will result in the following response:

{
    "status": "200 OK",
    "details": "Documents correctly signed"
}

STEP 7: RETRIEVE SIGNED DOCUMENT


API reference: Retrieve Document

Once the signature is done, the next step is to get all signed documents.

To do this, query with an HTTP GET request the endpoint /api/v1/document/{pk}/{type}/{uid}, where {pk} is the Request's unique identifier, {type} is the type of the document (it can be "original" for the uploaded document or "signed" for the digitally-signed version) and {uid} is the document unique identifier.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/signed/712c29ac-a2dc-4530-8c67-d0f227d8294b

The response obtained by the server will be the document in binary format:

%PDF
...

STEP 8: DELETE DOCUMENTS FROM OPTIMIZER


API reference: Delete All Documents

⚠ Since the service does not delete uploaded files unless explicitly requested through an API call, it is strongly recommended that you backup any file you want to preserve using an alternative system.

Delete all documents associated to a finished digital signature request.

curl -X DELETE https://one-shot.developers.uanataca.com/api/v1/documents/1464

External Mode

In External mode Video ID, digital evidences are uploaded to an independent Video ID platform. External mode Video ID can be executed in 1 or 2 steps.


img


This process involves the following steps:

1) CREATE A NEW VIDEO ID SIGNATURE REQUEST

2) UPLOAD DATA & VIDEO

3) REQUEST VALIDATION

4) REQUEST APPROVAL

5) UPLOAD A DOCUMENT

6) RETRIEVE SERVICE CONTRACT

7) GENERATE AN OTP (only for Uanataca SMS)

8) SIGN THE DOCUMENT

9) RETRIEVE SIGNED DOCUMENT

10) DELETE DOCUMENTS FROM OPTIMIZER


STEP 1: CREATE A NEW VIDEO ID SIGNATURE REQUEST


API Reference: Create Video ID Request

This call must include preliminary information to identify the signer.

curl -i -X POST https://one-shot.developers.uanataca.com/api/v1/videoid \
    -H 'Content-Type: application/json' \
    -d '{
        "mobile_phone_number": "+34699999999",
        "email": "mail@domain",
        "registration_authority": "139",
        "profile": "PFnubeQAFCiudadano",
        "videoid_mode": 1
    }'

If the signature request is completed successfully, we will get the unique identifier assigned to it:

{
    "status": "200 OK",
    "details": {
        "videoid_pk": 150,
        "videoid_link": "",
        "request_pk": 45836
    }
}

The response is the a JSON containing important request parameters, in VIDEOPENDING status after creation. The request_pk output parameter will be used to identify this digital signature request in subsequent calls.

If request data needs to be modified, use the Update Request call. Check API Reference.

If request data needs to be retrieved, use the Get Request call. Check API Reference.


STEP 2: UPLOAD DATA & VIDEO


A previously created Video ID Request needs a set of information defined as evidences.

  • The successful upload of ALL information will change the request status to VIDEOREVIEW.
  • The partial upload of the information will change the request status to VIDEOINCOMPLETE.
  • If the upload process fails for any reason, the request status will change to VIDEOERROR.

Data and images are uploaded by using the Upload Data Evidence call.


API Reference: Upload Data Evidence

Data objects in detail:

acceptance : Client acceptance parameters (e.g. Terms & Conditions, Privacy Policy). This is a customizable JSON object.
videoid_data : Set of information about the Request. Contains:

  • images: Pictures associated to the client's ID document plus a face selfie of him/her.

  • ocr_data : Text information extracted from the client's ID document via Optical Character Recognition (OCR).

  • security_checks : Set of validation fields associated to the client's identity (underaging, matching info, liveliness, etc)

  • similarity_level : Similarity level between document picture and face selfie. Ranges within 0 to 100]

    curl -i -X POST https://one-shot.developers.uanataca.com/api/v1/videoid/45836/evidences
    -H 'Content-Type: application/json'
    -d '{ "acceptance": { "description": "User Accepted Terms and Conditions and Privacy Policy", "url-doc-privacypolicy": "https://www.uanataca.com/public/pki/privacidad-PSC/", "ip": "186.0.91.53", "url-web-videoid": "https://cms.access.bit4id.org:13035/lcmpl/videoid/46b92251-4ba8-4930-a5aa-8631ec4666b6", "user-agent": "Mozilla/5.0 (Linux; Android 11; AC2003)", "date": 1622823879708, "url-doc-termsconditions": "https://www.uanataca.com/public/pki/terminos-VID/" }, "videoid_data": { "images": { "document_front": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAM (...)", "document_rear": "/I7ye60+aOKS0mVGVSD9RVfyXukjmnS3cAEbpMVm6M1ncWqS3FszptO1lPRRDJ+orI8b (...)", "document_photo": "AkjOOwFfHFrrNlpXxcbU9QuIIIkvR56yddgHpX3GEj1PmanmdS/xV1ySVlv/AIbXLPO (...)", "document_owner": "SSVnovgCZ4Lhk+R3lJPUDJr5t/Z/wBV1DWfjRbeI75B5iQytcykc7yMEAV2/iwC0T34 (...)" }, "ocr_data": { "given_name": "Name", "surname_1": "Surname 1", "surname_2": "Surname 2", "mobile_phone_number": "+34999999999", "email": "mail@domain", "serial_number": "A9999999E", "id_document_type": "IDC", "id_document_country": ES }, "security_checks": { "otp_validation": true, "documents_match": true, "data_integrity": true, "document_notcopy": true, "document_notexpired": true, "document_notunderage": true, "liveliness": true }, "similarity_level": "high" } }'

Successful response status

{
    "status": "200 OK",
    "details": "Videoid evidences uploaded"
}

In the same way, binary multiformat Video is uploaded by using the Upload Video call.


API Reference: Upload Video

curl -i -X POST https://one-shot.developers.uanataca.com/v1/upload/video/30e57b02819a430d8386fd85be9f499f/ \
    -H 'Content-Type: multipart/form-data' \
    -F video=@sample_folder/sample_video.mp4 

Successful response status

{
    "status": "200 OK",
    "details": "Videoid video upload completed"
}

If the uploaded video needs to be retrieved, use Download Video


STEP 4: REQUEST VALIDATION 2-step mode only


API Reference: Validate Request

A Registration Authority Officer must validate the request data and evidences before approval. This call is used only for 2-step mode.

curl -i -X POST https://api.uanataca.com/api/v1/videoid/45836/validate \
    -H 'Content-Type: application/json' \
    -d '{
        "username": "5012345",
        "password": "Gy6F37xK",
        "pin": "belorado74",
        "rao": "1400"
    }'

OR

curl -i -X POST 'https://api.uanataca.com/api/v1/request/45836/validate' \
    -H 'Content-Type: application/json' \
    -d '{
        "token": "f734066d1ce36f9cae4d55be4cdac50e"
    }'    

In case of using a token containing RAO's credentials.

The validation successful response status is a JSON object containing request information, as the request status changes to CREATED.

{
    "status": "200 OK",
    "details": "Videoid validated"
}

For unsuccessful validations leading to a request refusal, the corresponding call is Refuse Request. Check API Reference.


STEP 5: REQUEST APPROVAL


API Reference: Approve Request

This call makes the request ready for signature. Its status changes to ENROLLREADY. In 1-step mode, both validation and approval occur when executing this call.

curl -i -X POST 'https://api.uanataca.com/api/v1/request/45836/approve' \
    -H 'Content-Type: application/json' \
    -d '{
        "username": "1000279",
        "password": "3DPTm:N4",
        "pin": "23bYQq9a",
        "rao": 972
    }'

The response is a JSON object with added request approval information.

{
    "status": "200 OK",
    "details": "Request approved successfully"
}

In case of not approving a request for any reason, the call Cancel Request must be executed. Check API Reference.


STEP 6: UPLOAD A DOCUMENT


API Reference: Upload Document

After creating the the signature request, we can associate all pdf documents that must be signed by the user.

curl -F "file=@doc.pdf" -X POST https://one-shot.developers.uanataca.com/api/v1/document/1464

Note that the number at the end of the call is the request id we obtained in the previous step.

If the upload is successful, the response will contain the identifier assigned to each document:

{
    "status": "200 OK",
    "details": "712c29ac-a2dc-4530-8c67-d0f227d8294b"
}

STEP 7: RETRIEVE SERVICE CONTRACT


API Reference: Retrieve Contract

As a Trusted Service Provider, Uanataca must inform certificate requesters about terms and conditions ruling the issuance of certificates.

A service contract is generated for each digital certificate issue. The user must view the request-associated service contract to be signed in the same step as the documents, using the one-time certificate just issued.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/contract

The response by the server will be the service contract document file in binary format:

%PDF
...

STEP 8: GENERATE AN OTP (only for Uanataca SMS)


API Reference: Generate OTP code

This step applies only for signatures made using Uanataca SMS method.

Once the documents to be signed are ready, we need to generate a secure One-time password (OTP) that allows the user to sign them. The OTP code is generated by executing the Generate OTP call and the resulting OTP is sent as an SMS message directly to the phone number is provided when creating the signature request.

When calling the OTP endpoint you must add the request identifier returned by the Create Request call:

curl -X POST https://one-shot.developers.uanataca.com/api/v1/otp/1464

A successful call will look like this:

{
    "status": "200 OK",
    "details": "OTP generated"
}

With this call, an SMS with the secret code is sent to the mobile phone number associated to the signature request.


STEP 9: SIGN THE DOCUMENT


API Reference: Sign

In this step the digital signature certificate is issued, then it signs all documents previously uploaded for the signature request.

Execute the sign call with the request id and json parameters containing the OTP code sent:

curl -d @params.json -H "Content-Type: application/json -X POST https://one-shot.developers.uanataca.com/api/v1/sign/1464

params.json for Uanataca SMS:

{
    "secret": "123456"
}

params.json for other authentication methods:

{
    "secret": "123456"
    "ext_unlock_type": "biometric"
    "ext_unlock_value": "12345678-12345678"
}

A successful call will result in the following response:

{
    "status": "200 OK",
    "details": "Documents correctly signed"
}

STEP 10: RETRIEVE SIGNED DOCUMENT


API reference: Retrieve Document

Once the signature is done, the next step is to get all signed documents.

To do this, query with an HTTP GET request the endpoint /api/v1/document/{pk}/{type}/{uid}, where {pk} is the Request's unique identifier, {type} is the type of the document (it can be "original" for the uploaded document or "signed" for the digitally-signed version) and {uid} is the document unique identifier.

curl -X GET https://one-shot.developers.uanataca.com/api/v1/document/1464/signed/712c29ac-a2dc-4530-8c67-d0f227d8294b

The response obtained by the server will be the document in binary format:

%PDF
...

STEP 11: DELETE DOCUMENTS FROM OPTIMIZER


API reference: Delete All Documents

⚠ Since the service does not delete uploaded files unless explicitly requested through an API call, it is strongly recommended that you backup any file you want to preserve using an alternative system.

Delete all documents associated to a finished digital signature request.

curl -X DELETE https://one-shot.developers.uanataca.com/api/v1/documents/1464

Configuration

One-Shot Optimizer can be supplied as a Docker or as a Virtual Machine image. See the configuration description in:
One-Shot Optimizer on Docker
One-Shot Optimizer on Virtual Machine

Hardware requirements

CPU: modern multicore (minimum 4 core)

RAM: 8GB

HDD: 200 GB

One-Shot Optimizer on Docker

This configuration requires a server with a Linux CentOS operating system.

 Watch on video!

STEP 1: Install Docker and Docker-Compose.

Docker

Run the following commands in this order.

sudo yum update -y
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl start docker

Docker-Compose

Run the following commands in this order.

sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

Run command docker-compose version to check the installation. The outcome should show this information:

img


STEP 2: Extract and copy One-Shot Optimizer zip content to the server.

Extract all oneshot_optimizer_docker.zip content in a local folder.

Move One-Shot Optimizer folder to the path /opt in the server.

The outcome should look like this:

img


STEP 3: Mapping volumes (for environments with a pool of One-Shot Optimizer).

In high performance environments working with a pool of Optimizers, service settings, data and logs must be stored in a shared volume outside Optimizer servers. These volumes must be defined in the docker-compose.yml file for each One-Shot Optimizer.

cd /opt/oneshot_optimizer

Docker-compose.yml settings file:

img


STEP 4: Load the One-Shot Docker images.

Run the following commands:

cd /opt/oneshot_optimizer
docker image load -i oneshot_optimizer.tar
docker image load -i oneshot_imgconverter.tar

Remove image files:

rm -rf /opt/oneshot_optimizer/oneshot_optimizer.tar
rm -rf /opt/oneshot_optimizer/oneshot_imgconverter.tar

STEP 5: Launch the service.

Run the following commands:

cd /opt/oneshot_optimizer
docker-compose up -d

Check service status:

docker-compose ps

                Name                            Command               State                Ports
--------------------------------------------------------------------------------------------------------------------------------------------------
oneshot_optimizer_imgconverter_1   /opt/bit4id/imgconverter/b ...   Up      0.0.0.0:49153->5013/tcp,:::49153->5013/tcp
oneshot_optimizer_nginx_1          /docker-entrypoint.sh ngin ...   Up      0.0.0.0:443->443/tcp,:::443->443/tcp, 0.0.0.0:80->80/tcp,:::80->80/tcp
oneshot_optimizer_optimizer_1      oneshot_optimizer start          Up

All services must be UP.


STEP 6: Service settings.

See service settings configuration section.


One-Shot Optimizer on Virtual Machine

The Virtual Machine is supplied in an OVA file. One-Shot Optimizer image is compatible with common virtual environments such as VMWare, AWS, Azure or VirtualBox.

STEP 1: Import One-Shot Optimizer (VM) in the virtual environment.

Adjust the system requirements for optimal usage considering host terminal resources described in hardware requirements.

STEP 2: Network configuration.

The network settings are configured in the file ifcfg-ens33, which can be found in the path /etc/sysconfig/network-scripts. Edit the file and insert the correct IP address, network mask, gateway and DNS for your network.

Then restart network services with command service network restart.

Example:

img


STEP 3: Service settings.

See service settings configuration section.


Service settings

One-Shot Signature can be configured for usage over test or production environment.


TEST environment

Requirements:

  • Billing credentials for Uanataca test environment.

The settings.ini file contains default parameters that can also be adjusted via API using Update Settings call.

Except by tsa_url, all parameters shown below are replaced every time the Create Video ID Request call is executed.

settings.ini file location:

/opt/oneshot_optimizer/common/etc/settings.ini or custom mapped volume (Docker)
/opt/bit4id/oneshot_optimizer/etc/settings.ini (Virtual Machine)

⚠ If billing password is specified, it must be previously converted into Base64 format.

Run the following command to convert your password to base64:

echo -n <<billing_password>> | base64

The following is a view of the settings.ini file:

1 |    [general]
2 |    environment = test
3 |
4 |    [tsa]
5 |    tsa_url = https://tsa.access.bit4id.org:13035/tsa/test01
6 |
7 |    [billing]
8 |    billing_username = user@uanataca.com
9 |    billing_password = ejVxTnFrZkI=
10|
11|    [request]
12|    default_profile = PFnubeQAFCiudadano
13|    default_ra = 1000

Once you are done editing the file, restart the One-Shot Optimizer service to make changes take effect.

Virtual Machine:

systemctl restart optimizer

Docker:

cd /opt/oneshot_optimizer
docker-compose restart optimizer



PRODUCTION environment

Requirements:

  • Billing credentials for Uanataca production environment.
  • Certificate (.cer) and key (.key) files for connection to the Uanataca production environment.
  • The Id number for the Registration Authority that will issue the certificates.
⚠ We recommend starting from a clean copy of One-Shot Optimizer for this step. This prevents test environment leftover files from causing errors in production.

You should have received a certificate (.cer) and a key (.key) file to be used to identify your application in communications with the production signature service. Place both files in the certificates folder.

settings.ini file location:

/opt/oneshot_optimizer/common/etc/certs/prod or custom mapped volume (Docker)
/opt/bit4id/oneshot_optimizer/etc/certs/prod (Virtual Machine)

img

The following is a view of the settings.ini file. Important: If billing password is specified, it must be previously converted into Base64 format. Run the following command to convert your password to base64:

echo -n <<billing_password>> | base64

settings.ini file:

1 |    [general]
2 |    environment = prod
3 |
4 |    [tsa]
5 |    tsa_url = https://tsa.uanataca.com/tsa/tss03
6 |
7 |    [billing]
8 |    billing_username = user@uanataca.com
9 |    billing_password = ejVxTnFrZkI=
10|
11|    [request]
12|    default_profile = PFnubeQAFCiudadano
13|    default_ra = 1000

The file settings.ini contains default parameters that can also be adjusted via API using the Update Settings call.

Except by tsa_url, all parameters shown below are replaced every time the Create Video ID Request call is executed.

Once you are done editing the file, restart the One-Shot Optimizer service to changes take effect.

Virtual Machine:

systemctl restart optimizer

Docker:

cd /opt/oneshot_optimizer
docker-compose restart optimizer



Webhook Configuration

One-Shot API requires a Webhook implemented on customer business side to manage our service callbacks. Every request status change will trigger a simple event-notification via HTTP POST, consisting on a JSON object to an URL that must be explicitly included as a required parameter in the Create Video ID Request call, when using Uanataca 1-step or 2-step mode.

The following is a sample view of the JSON object that is sent as a callback at every status change:

{
    "status": "VIDEOINCOMPLETE", 
    "date": "2021-07-20T08:08:21.132394", 
    "previous_status": "VIDEOPENDING", 
    "request": 46760, 
    "registration_authority": 139
}

Where:

status is the most recent status, this is, the status that triggered the notification.
date is the date of the request status change in datetime format.
previous_status is the status inmediately previous to last change.
request is the request unique id.
registration_authority is the Registration Authority id number the request is associated.


Sample code

In this sample, every JSON object is stored in a file named 'videoid'.

The webhook parameter used in the Create Video ID Request call is defined as:

{host}/videoid

where {host} is the IP or domain from the server exposing the webhook.


Python

import web
import datetime

urls = (
        '/videoid, 'videoid',
        )

app = web.application(urls, globals())
app = app.wsgifunc()

class video:
    def POST(self):
        data = web.data()
        f = open("status.json",'a+')
        f.write(data)
        f.close()
        return ''

if __name__ == "__main__":
    app.run()

PHP

<?php

//videoid.json

$post = file_get_contents('php://input',true);
$file_handle = fopen('/videoid/status.json', 'w');
fwrite($file_handle, $post);
fclose($file_handle);

?>

Logs

Service logs file optimizer.log is stored in a One-Shot Optimizer local folder.

Docker path:

/opt/oneshot_optimizer/common/logs or custom mapped volume

Virtual Machine path:

/opt/bit4id/oneshot_optimizer/logs

Postman collection

A postman collection is available as a support for a quick start.
It is only required to edit hostvariable in Postman environment with the IP or domain of One-Shot Optimizer.

One-Shot Postman collection download

API Reference

Settings

Configure Settings to modify default parameters on settings.ini file. Check Service Settings section.
MethodEndpointAction
GET/helloChecks for server UP status
POST/settingsUpdate Settings
GET/settingsGet Settings
GET/versionRetrieve Optimizer version

HELLO

Checks if server is UP.

Responses
200

Successful Response

get/api/v1/hello
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Hello"
}

GET SETTINGS

Retrieves the content of the settings.ini file.

Responses
200

Successful Response

get/api/v1/settings
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

UPDATE SETTINGS

Updates configuration parameters present in settings.ini file.

Request
Request Body schema: application/json
object

Timestamp Authority Settings

object

Request Settings

object

Billing Settings

object

General Settings

Responses
200

Successful Response

400

Invalid JSON

post/api/v1/settings
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/settings \
  -H 'Content-Type: application/json' \
  -d '{
    "tsa": {
      "tsa_url": "https://tsa.access.bit4id.org:13035/tsa/test01"
    },
    "request": {
      "default_profile": "PFnubeQAFCiudadano",
      "default_ra": "1000"
    },
    "billing": {
      "billing_username": "user@uanataca.com",
      "billing_password": "ejVxTnFrZkI="
    },
    "general": {
      "environment": "test"
    }
  }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Settings saved successfully"
}

VERSION

Retrieves the current Optimizer version.

Responses
200

Successful Response

get/api/v1/version
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

Metadata

Metadata can be prepared to be added as part of the One-Shot Signature.

To inspect Metadata from a signed file, please download our Metadata extraction tool available here.
Execute /bin/metadataextractor.exe.
MethodEndpointAction
POST/metadataUpload Metadata
GET/settingsList Metadata
DELETE/versionDelete Metadata
GET/settingsGet Metadata
DELETE/versionDelete All Metadata

LIST METADATA

Lists all metadata objects available.

Responses
200

Successful Response

get/api/v1/metadata
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

UPLOAD METADATA

Uploads all metadata information previously converted into Base64 format.

Request
Request Body schema: application/json
metadata
required
string

The metadata information previously converted into Base64 format

metadata_oid
required
string

The metadata associated OID

Responses
200

Successful Response

400

Invalid JSON

post/api/v1/metadata
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/metadata \
  -H 'Content-Type: application/json' \
  -d '{
    "metadata": "bmF2ZWdhZG9yIMOhw6HDocOhw6EKMTIzNAplc3RvIGVzIHVuYSBwcnVlYmE6IGhveSBlcwptYXJ0ZXNzcwp4eXoxMjM0",
    "metadata_oid": "1.8.6.7.4.1.47289.100.2.9"
  }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

DELETE ALL METADATA

Deletes all metadata objects available.

Responses
200

Successful Response

delete/api/v1/metadata
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "All metadata deleted"
}

GET METADATA

Retrieves the metadata associated to an specific id.

Request
path Parameters
metadata_uid
required
string

The metadata object unique identifier

Responses
200

Successful Response

404

Invalid metadata uid

get/api/v1/metadata/{metadata_uid}
Request samples
curl -i -X GET https://one-shot.developers.uanataca.com/api/v1/metadata/1b8eac803b75418e8e1a9cad0e342949
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

DELETE METADATA

Deletes the metadata associated to an specific id.

Request
path Parameters
metadata_uid
required
string

The metadata object unique identifier

Responses
200

Successful Response

404

Invalid metadata uid

delete/api/v1/metadata/{metadata_uid}
Request samples
curl -i -X DELETE https://one-shot.developers.uanataca.com/api/v1/metadata/1b8eac803b75418e8e1a9cad0e342949
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Metadata successfully deleted"
}

Tokens

A token is a string that can be used in place of the Registration Authority Officer (RAO) credentials.
MethodEndpointAction
POST/tokenCreate a new token
GET/token/{pk}Retrieve a token
DELETE/token/{uid}Delete a token
GET/tokensList all available tokens

CREATE TOKEN

Creates a new token that contains the Registration Authority Officer (RAO) credentials.

Request
Request Body schema: application/json
username
required
string

The RAO's digital identity username

password
string

The RAO's digital identity password. If not included in this call, must be included in calls that require RAO's credentials

pin
string

The RAO's digital identity PIN. If not included in this call, must be included in calls that require RAO's credentials

env
required
string

The API work environment.

⚠ Required only if not set at settings.ini file. Check Update Settings call.

Enum: "test" "prod"
Responses
200

Successful Response

400

Invalid JSON | Token already exists

404

Invalid username

post/api/v1/token
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/token \
  -H 'Content-Type: application/json' \
  -d '{
    "username": "9001800",
    "password": "Gy6F89xK",
    "pin": "belorado74",
    "env": "test"
  }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "a44765ab8ca04e429a565f02d22179a0"
}

GET TOKEN

Retrieves the token associated credentials with the given unique identifier.
The response gets a true or false value regarding if password and PIN parameters are associated to the token.

Request
path Parameters
uid
required
string

The token unique identifier

Responses
200

Successful Response

404

uid not found

get/api/v1/token/{uid}
Request samples
curl -i -X GET \ 
  https://one-shot.developers.uanataca.com/api/v1/token/a44765ab8ca04e429a565f02d22179a0
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

DELETE TOKEN

Deletes the token with the specified unique identifier.

Request
path Parameters
uid
required
string

The token unique identifier

Responses
200

Successful Response

404

uid not found

delete/api/v1/token/{uid}
Request samples
curl -i -X DELETE \
  https://one-shot.developers.uanataca.com/api/v1/token/a44765ab8ca04e429a565f02d22179a0
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Token deleted successfully"
}

LIST TOKENS

Returns a list of all tokens available and their associated data.

Responses
200

Successful Response

get/api/v1/tokens
Request samples
curl -i -X GET \
  https://one-shot.developers.uanataca.com/api/v1/tokens
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

Requests

A digital signature request contains user identification data and associated documents to be signed.
MethodEndpointAction
POST/requestCreate a new request
GET/request/{pk}Retrieve a new request
POST/otp/{pk}Generate a new OTP
POST/sign/{pk}Start the signature process

CREATE REQUEST

Creates a new digital signature request for the user identified.

Request
Request Body schema: multipart/form-data
given_name
required
string

The user's given name

surname_1
required
string

The user's first surname

surname_2
string

The user's second surname

id_document_type
string

Document types allowed for the user identification:

  • IDC - Identification based on national identity card number. Default when this field is not specified.
  • PAS - Identification based on passport number
  • PNO - Identification based on national personal number (national civic registration number)
  • TIN - Tax Identification Number according to the European Commission
Enum: "IDC" "PAS" "PNO" "TIN"
id_document_country
string

The user's id document country two-letters code (ISO 3166-1 alpha-2). Default "ES" if field is not included.

serial_number
required
string

User's id document serial number

email
required
string

The user's email

mobile_phone_number
required
string

The user's mobile phone number including the international prefix

registration_authority
required
string

The Registration Authority id number.

⚠ Required only if not set at settings.ini file. Check Update Settings call.

profile
required
string

Digital certificate profiles allowed:
* PFnubeQAFCiudadano - Uanataca's eIDAS qualified digital certificate used for qualified signature in the European Union
* PFnubeNC - Uanataca's normalized digital certificate used for advanced signature

⚠ Required only if not set at settings.ini file. Check Update Settings call.

Enum: "PFnubeQAFCiudadano" "PFnubeNC"
token
required
string

The Registration Authority Officer (RAO)'s token unique id containing RAO's digital identity credentials.

⚠ Not required when RAO's credentials (username, password, pin) are included as fields in this call.

username
required
string

The RAO's digital identity username.

⚠ Not required when included in token.

password
required
string

The RAO's digital identity password.

⚠ Not required when included in token.

pin
required
string

The RAO's digital identity PIN.

⚠ Not required when included in token.

document_front
string <binary>

Front side image of the user's identification document (JPEG or PNG).

document_rear
string <binary>

Rear side image of the user's identification document (JPEG or PNG)

document_owner
string <binary>

A selfie image of the user holding the identifying document below his/her chin (JPEG or PNG)

extra_document
string <binary>

An extra document to upload.

env
required
string

The API work environment.

⚠ Required only if not set at settings.ini file. Check Update Settings call.

Enum: "test" "prod"
billing_username
required
string

The client billing username.

⚠ Required only if not set at settings.ini file. Check Update Settings call.

billing_password
required
string

The client billing password in Base64 format.

⚠ Required only if not set at settings.ini file. Check Update Settings call.

useasync
boolean

This parameter enables the One-Shot asynchronous workflow. When set to true, the callback parameter can be set by specifying a Webhook URL.

callback
string

The Webhook URL for the asynchronous service.

Responses
201

Successful Response

400

Missing username/password/pin | Invalid profile

403

Invalid username | password | PIN | registration authority

404

Invalid username/password/pin

412

Missing parameters

500

Invalid environment | Invalid registration authority | Invalid certificates | Invalid billing credentials

post/api/v1/request
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/request \
  -H 'Content-Type: multipart/form-data' \
  -F given_name=John \
  -F surname_1=Smith \
  -F surname_2=Lopez \
  -F id_document_type=IDC \
  -F id_document_country=ES \
  -F serial_number=12345678A \
  -F email=john_smithlop@uanataca.com \
  -F mobile_phone_number=+34999999999 \
  -F registration_authority=124 \
  -F profile=PFnubeQAFCiudadano \
  -F token=a44765ab8ca04e429a565f02d22179a0 \
  -F username=9001800 \
  -F password=Gy6F89xK \
  -F pin=belorado74 \
  -F document_front=@sample_folder/img_front.png \
  -F document_rear=@sample_folder/img_rear.png \
  -F document_owner=@sample_folder/img_owner.png \
  -F env=test \
  -F billing_username=user@uanataca.com \
  -F billing_password=ejVxTnFrZkI= \
Response samples
application/json
{
  • "status": "201 Created",
  • "details": 29571
}

GET REQUEST

Retrieve request information with the id obtained in the CREATE REQUEST response.

Request
path Parameters
request_pk
required
string

The request unique identifier

Responses
200

Successful Response

get/api/v1/request/{request_pk}
Request samples
curl -i -X GET \
  https://one-shot.developers.uanataca.com/api/v1/request/29571
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

GET REQUEST ASYNCHRONOUS

Shows the status of a Request executed under asynchronous mode.

Request
path Parameters
pk
required
string

The request unique identifier

Responses
200

Successful Response

400

Request id not found

get/api/v1/async/status/{pk}
Request samples
curl -i -X GET \
  https://one-shot.developers.uanataca.com/api/v1/async/status/29571
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "approved"
}

GENERATE OTP

Generates a One-Time Password (OTP) code for the user. The OTP is sent directly to the user's mobile phone as an SMS message.

⚠This method is only required and available for requests using Uanataca SMS method

Request
path Parameters
pk
required
string

The request unique identifier

Responses
200

Successful Response

post/api/v1/otp/{pk}
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/otp/29571
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "OTP generated"
}

SIGN

Signs all documents associated to a request using a single-use certificate generated for the signature request.

Request
path Parameters
pk
required
string

The request unique identifier

Request Body schema: application/json
secret
required
string

The OTP code sent to the user.
For external authenticacion method, a customer code is provided.

use_signature_text
boolean
Default: true

This parameter disables the signature image text

metadata
string

The metadata unique id code obtained from Upload Metadata call.

ext_unlock_type
string

The external authentication method type. This field is required for requests using external authenticacion methods.

ext_unlock_value
string

The id of the external authentication request. This field is required for requests using external authenticacion methods.

object

Visual graphic signature properties.
It is required prior to image upload. See images api reference

Responses
200

Successful Response

post/api/v1/sign/{pk}
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/sign/29571 \
  -H 'Content-Type: application/json' \
  -d '{
        "secret"   : "052174",
        "options": {
            "5f04778a-54f6-426a-b204-5573eb01e5da": {
                "position": "300, 100, 500, 150",
                "image": "b0b6370e-8b54-4d8b-ab6f-a002cf08dd28",
                "page": 0
            }
      }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Documents correctly signed"
}

ASYNCHRONOUS SIGN

(Asynchronous mode) Signs all documents associated to a request using a single-use certificate generated for the signature request.

Request
path Parameters
pk
required
string

The request unique identifier

Request Body schema: application/json
secret
required
string

The OTP code sent to the user.
For external authenticacion method, a customer code is provided.

use_signature_text
boolean
Default: true

This parameter disables the signature image text

metadata
string

The metadata unique id code obtained from Upload Metadata call.

ext_unlock_type
string

The external authentication method type. This field is required for requests using external authenticacion methods.

ext_unlock_value
string

The id of the external authentication request. This field is required for requests using external authenticacion methods.

object

Visual graphic signature properties.
It is required prior to image upload. See images api reference

Responses
200

Successful Response

post/api/v1/async/sign/{pk}
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/async/sign/29571 \
  -H 'Content-Type: application/json' \
  -d '{
        "secret"   : "052174",
        "options": {
            "5f04778a-54f6-426a-b204-5573eb01e5da": {
                "position": "300, 100, 500, 150",
                "image": "b0b6370e-8b54-4d8b-ab6f-a002cf08dd28",
                "page": 0
            }
      }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Documents correctly signed"
}

Documents

Manage documents associated to a signature request.
MethodEndpointAction
POST/document/{pk}Upload a document to be signed
GET/document/{pk}/{type}/{uid}Retrieve a document
DELETE/document/{pk}/{type}/{uid}Delete a document
GET/documents/{pk}List all request associated documents
DELETE/documents/{pk}Delete all request associated documents
GET/document/{pk}/contractRetrieve the service contract

UPLOAD DOCUMENT

Uploads a pdf document to be signed. The document is associated to a signature request.

Request
path Parameters
pk
required
string

The request unique identifier

Request Body schema: multipart/form-data
file
Array of strings <binary>

Local path of the pdf file to be signed

Responses
200

Successful Response

post/api/v1/document/{pk}
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/document/29571 \
  -H 'Content-Type: multipart/form-data' \
  -F file=@sample_folder/document.pdf
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "a73b1253-838f-4340-8ae8-e0a1524f7472"
}

RETRIEVE DOCUMENT

Retrieves the specified original or signed document.

Request
path Parameters
pk
required
string

The request unique identifier

type
required
string

Types of documents for retrieval:

  • original - The original document
  • signed - The signed document
Enum: "original" "signed"
uid
required
string

The document unique identifier

Responses
200

Successful Response

get/api/v1/document/{pk}/{type}/{uid}
Request samples
curl -i -X GET \
  https://one-shot.developers.uanataca.com/api/v1/document/29571/signed/a73b1253-838f-4340-8ae8-e0a1524f7472
Response samples
application/octet-stream
 %PDF-1.7
 %����
 1 0 obj
 <</Type/Catalog/Pages 2 0 R/Lang(es-ES) /StructTreeRoot 10 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>
 endobj


2 0 obj
 <</Type/Pages/Count 1/Kids[ 3 0 R] >>
 endobj


3 0 obj
 <</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>
 endobj
 (...)
 

DELETE DOCUMENT

Deletes the specified original or signed document.

Request
path Parameters
pk
required
string

The request unique identifier

type
required
string

Types of documents for retrieval:

  • original - The original document
  • signed - The signed document
Enum: "original" "signed"
uid
required
string

The document unique identifier

Responses
200

Successful Response

delete/api/v1/document/{pk}/{type}/{uid}
Request samples
curl -i -X DELETE \
  https://one-shot.developers.uanataca.com/api/v1/document/29571/signed/a73b1253-838f-4340-8ae8-e0a1524f7472
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Document successfully deleted"
}

LIST DOCUMENTS

Lists all documents associated to a specific request.

Request
path Parameters
pk
required
string

The request unique identifier

Responses
200

Successful Response

get/api/v1/documents/{pk}
Request samples
curl -i -X GET \
  https://one-shot.developers.uanataca.com/api/v1/documents/29571
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

DELETE ALL DOCUMENTS

Deletes all documents associated to a specific request.

Request
path Parameters
pk
required
string

The request unique identifier

Responses
200

Successful Response

delete/api/v1/documents/{pk}
Request samples
curl -i -X DELETE \
  https://one-shot.developers.uanataca.com/api/v1/documents/29571
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Documents deleted successfully"
}

RETRIEVE CONTRACT

Retrieve the service contract regarding the user's digital certificate issuing.

Request
path Parameters
pk
required
string

The request unique identifier

Responses
200

Successful Response

get/api/v1/document/{pk}/contract
Request samples
curl -i -X GET \
  https://one-shot.developers.uanataca.com/api/v1/document/29571/contract
Response samples
text/plain
 %PDF-1.7
 %����
 1 0 obj
 <</Type/Catalog/Pages 2 0 R/Lang(es-ES) /StructTreeRoot 10 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>
 endobj


2 0 obj
 <</Type/Pages/Count 1/Kids[ 3 0 R] >>
 endobj


3 0 obj
 <</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>
 endobj
 (...)
 

Images

Manage images associated to a visual graphic signature placed in the signed document.
MethodEndpointAction
POST/imageUpload a new image
GET/image/{uid}Retrieve an image
DELETE/image/{uid}Delete an image
GET/imagesList all uploaded images
DELETE/imagesDelete all uploaded images

UPLOAD IMAGE

Uploads an image for using in a visual graphic signature.

Request
Request Body schema: multipart/form-data
image
Array of strings <binary>

The image to add in the visual graphic signature in PNG format

Responses
200

Successful Response

post/api/v1/image
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/image \
  -H 'Content-Type: multipart/form-data' \
  -F image=@sample_folder/image.png
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "bfd74f73-7b22-40a6-ad37-6fc867263309"
}

RETRIEVE IMAGE

Retrieves a previously uploaded image.

Request
path Parameters
uid
required
string

The image unique identifier

Responses
200

Successful Response

get/api/v1/image/{uid}
Request samples
curl -i -X GET \
  https://one-shot.developers.uanataca.com/api/v1/image/bfd74f73-7b22-40a6-ad37-6fc867263309
Response samples
text/png
The retrieved image in png format

DELETE IMAGE

Deletes a previously uploaded image.

Request
path Parameters
uid
required
string

The image unique identifier

Responses
200

Successful Response

delete/api/v1/image/{uid}
Request samples
curl -i -X DELETE \
  https://one-shot.developers.uanataca.com/api/v1/image/bfd74f73-7b22-40a6-ad37-6fc867263309
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Image deleted"
}

LIST IMAGES

Lists all uploaded images.

Responses
200

Successful Response

get/api/v1/images
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

DELETE ALL IMAGES

Deletes all uploaded images.

Responses
200

Successful Response

delete/api/v1/images
Request samples
curl -i -X DELETE \
  https://one-shot.developers.uanataca.com/api/v1/images
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Images deleted successfully"
}

Video ID

This allows the management of One-Shot signature by establishing a video call for identity verification.
MethodEndpointAction
POST/videoidCreate Video ID Request
POST/videoid/{request_pk}/evidencesUpload Data Evidences
POST/videoid/{request_pk}/evidences/videoUpload Video
PUT/request/{request_pk}Update Request
DELETE/request/{request_pk}Cancel Request
POST/videoid/{request_pk}/refuseRefuse Request
POST/request/{request_pk}/approveApprove Request
GET/download/video/{video_identifier}Download Video

CREATE VIDEO ID REQUEST

Creates a new signature request to be used over Video ID validation process.

Request
Request Body schema: application/json
mobile_phone_number
required
string

The signer's mobile phone number

email
required
string

The signer's email

registration_authority
string

The Registration Authority ID number

⚠ Required only if not set at settings.ini file. Check Update Settings call.

profile
required
string

The certificate profile

⚠ Required only if not set at settings.ini file. Check Update Settings call.

billing_username
required
string

The client billing username.

⚠ Required only if not set at settings.ini file. Check Update Settings call.

billing_password
required
string

The client billing password in Base64 format.

⚠ Required only if not set at settings.ini file. Check Update Settings call.

webhook_url
string

The webhook URL.

⚠ Not required for external authentication. See Webhook Configuration section

env
required
string

The API work environment.

⚠ Required only if not set at settings.ini file. Check Update Settings call.

Enum: "test" "prod"
Responses
200

Successful Response

400

Invalid JSON | Missing required parameters

403

Permission Denied

404

Invalid Registration Authority

500

Invalid Billing Credentials

post/api/v1/videoid
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/videoid \
  -H 'Content-Type: application/json' \
  -d '{
    "mobile_phone_number": "+34699999999",
    "email": "mail@domain",
    "registration_authority": "139",
    "profile": "PFnubeQAFCiudadano",
    "billing_username": "user@uanataca.com",
    "billing_password": "ejVxTnFrZkI=",
    "webhook_url": "my-webhook-url.com",
    "env": "test"
  }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

UPLOAD DATA EVIDENCES

Upload Request associated data

Request
path Parameters
request_pk
required
string

The Request unique identifier

Request Body schema: application/json
object

A set of acceptance parameters.

⚠ Customizable object for external authentication.

object

Data to upload for Video ID

⚠ Customizable object for external authentication.

Responses
200

Successful Response

400

Invalid JSON | Missing required parameters

404

Invalid Request pk

500

Missing information | Evidences already uploaded

post/api/v1/videoid/{request_pk}/evidences
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/videoid/45836/evidences \
  -H 'Content-Type: application/json' \
  -d '{
    "acceptance": {
      "description": "User Accepted Terms and Conditions and Privacy Policy",
      "url-doc-privacypolicy": "https://www.uanataca.com/public/pki/privacidad-PSC/",
      "ip": "186.0.91.53",
      "url-web-videoid": "https://cms.access.bit4id.org:13035/lcmpl/videoid/46b92251-4ba8-4930-a5aa-8631ec4666b6",
      "user-agent": "Mozilla/5.0 (Linux; Android 11; AC2003)",
      "date": 1622823879708,
      "url-doc-termsconditions": "https://www.uanataca.com/public/pki/terminos-VID/"
    },
    "videoid_data": {
      "images": {
        "document_front": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAM (...)",
        "document_rear": "/I7ye60+aOKS0mVGVSD9RVfyXukjmnS3cAEbpMVm6M1ncWqS3FszptO1lPRRDJ+orI8b (...)",
        "document_photo": "AkjOOwFfHFrrNlpXxcbU9QuIIIkvR56yddgHpX3GEj1PmanmdS/xV1ySVlv/AIbXLPO (...)",
        "document_owner": "SSVnovgCZ4Lhk+R3lJPUDJr5t/Z/wBV1DWfjRbeI75B5iQytcykc7yMEAV2/iwC0T34 (...)"
      },
      "ocr_data": {
        "given_name": "Name",
        "surname_1": "Surname 1",
        "surname_2": "Surname 2",
        "mobile_phone_number": "+34999999999",
        "email": "mail@domain",
        "serial_number": "A9999999E",
        "id_document_type": "IDC",
        "id_document_country": ES
      },
      "security_checks": {
        "otp_validation": true,
        "documents_match": true,
        "data_integrity": true,
        "document_notcopy": true,
        "document_notexpired": true,
        "document_notunderage": true,
        "liveliness": true
      },
      "similarity_level": "high"
    }
  }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Videoid evidences uploaded"
}

UPLOAD VIDEO

Upload Request associated video

Request
path Parameters
request_pk
required
string

The Request unique identifier

Request Body schema: multipart/form-data
video
required
string

The video to be uploaded

Responses
200

Successful Response

404

Invalid Request pk

post/api/v1/videoid/{request_pk}/evidences/video
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/videoid/45836/evidences/video/ \
  -H 'Content-Type: multipart/form-data' \
  -F video=@sample_folder/sample_video.mp4 
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Videoid video upload completed"
}

UPDATE REQUEST

Updates a Video ID signature request.

Request
path Parameters
request_pk
required
string

The request unique identifier

Request Body schema: application/json
scratchcard
required
string

The request scratchcard id.

⚠ The scratchcard id can be found as a field of the object details when executing Get Request call.

given_name
string

The signer's given name

surname_1
string

The signer's first surname

surname_2
string

The signer's second surname

birth_date
string

The signer's birth date

email
required
string

The signer's email

mobile_phone_number
string

The signer's mobile phone number

serial_number
string

The signer's document ID number

registration_authority
required
string

The Registration Authority id number

profile
required
string

The certificate profile

country_name
required
string

The user's id document country two-letters code (ISO 3166-1 alpha-2)

Responses
200

Successful Response

400

JSON syntax error

403

Forbidden

404

Invalid Registration Authority

500

Invalid Request pk | Missing required parameters

put/api/v1/request/{request_pk}
Request samples
curl -i -X PUT \
  https://one-shot.developers.uanataca.com/api/v1/request/45836 \
  -H 'Content-Type: application/json' \
  -d '{
    "scratchcard": "1234567",
    "given_name": "John",
    "surname_1": "Smith",
    "surname_2": "Lopez",
    "birth_date": "01/01/2000",
    "email": "mail@domain.com",
    "mobile_phone_number": "+34999999999",
    "serial_number": "A9999999E",
    "registration_authority": "1234",
    "profile": "PFnubeQAFCiudadano",
    "country_name": "ES"
  }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": {
    }
}

CANCEL REQUEST

Cancels the Video ID One-Shot Signature request

Request
path Parameters
request_pk
required
string

The unique identifier of the Request

Responses
200

Successful Response

404

Invalid Request pk

delete/api/v1/request/{request_pk}
Request samples
curl -i -X DELETE \
  https://one-shot.developers.uanataca.com/api/v1/request/45836/
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Request directory removed successfully"
}

REFUSE REQUEST

Refuse validation for a Video ID Request

Request
path Parameters
request_pk
required
string

The Request unique identifier

Request Body schema: application/json
token
required
string

The token containing RAO's credentials.

⚠ Not required when RAO's credentials (username, password, pin) are included as fields in this call.

username
required
string

The RAO's username

⚠ Not required when included in token.

password
required
string

The RAO's password

⚠ Not required when included in token.

pin
required
string

The RAO's PIN

⚠ Not required when included in token.

rao
string

The RAO's id

⚠ Not required when included in token.

reason
required
string

Reason that caused Video ID refusal

Responses
200

Successful Response

400

Invalid JSON | Missing required parameters

403

Invalid RAO credentials

500

Missing required parameters

post/api/v1/videoid/{request_pk}/refuse
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/videoid/45836/refuse \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "6d1cae4d55be4cdf9cac50ee36f73406",
    "username": "9001800",
    "password": "Gy6F37xK",
    "pin": "belorado74",
    "rao_id": "1400",
    "reason": "Expired document"
  }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Videoid refuse completed"
}

APPROVE REQUEST

Approval of a request by a RAO. At this moment the RAO will sign the receipt and the contract.

Request
path Parameters
request_pk
required
string

The Request unique identifier

Request Body schema: application/json
token
required
string

The token containing RAO's credentials.

⚠ Not required when RAO's credentials (username, password, pin) are included as fields in this call.

username
required
string

The RAO's username

⚠ Not required when included in token.

password
required
string

The RAO's password

⚠ Not required when included in token.

pin
required
string

The RAO's PIN

⚠ Not required when included in token.

rao
string

The RAO's id

⚠ Not required when included in token.

Responses
200

Successful Response

400

Invalid JSON | Missing required parameters

403

Invalid RAO credentials

500

Missing required parameters | Invalid Request pk

post/api/v1/requests/{request_pk}/approve
Request samples
curl -i -X POST \
  https://one-shot.developers.uanataca.com/api/v1/request/45836/approve/ \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "6d1cae4d55be4cdf9cac50ee36f73406",
    "username": "9001800",
    "password": "Gy6F89xK",
    "pin": "belorado74",
    "rao": "898"
  }'
Response samples
application/json
{
  • "status": "200 OK",
  • "details": "Request approved successfully"
}

DOWNLOAD VIDEO

Download the video file associated to a Request

Request
path Parameters
request_pk
required
string

The video unique identifier

Responses
200

Successful Response

400

Invalid Request pk

get/api/v1/videoid/{request_pk}/download/video
Request samples
curl -i -X GET \
  https://one-shot.developers.uanataca.com/api/v1/videoid/45836/download/video
Response samples
application/json
{
  • "title": "404 Not Found",
  • "description": "Request not found"
}