The fastest cryptographic signature API on the market. The ‘Signature API’ is a high-speed, convenient, purpose-built API which can be integrated with any web-service where it is required for the signatory to digitally sign a document, using a third-party application.
Unlike standard SignFlow APIs and DLLs, the ‘Signature API’ does not utilise standard SignFlow functions, workflow engine functions or the standard SignFlow user-authentication process, in-stead, it relies on the third-party application to perform certain, or all of these functions and pass the information (trust) to the ‘Signature API’ which will use the trust data received from the application to cryptographically sign the document and embed said information in the digital signature.
Trust in the form of authentication is transferred to the third-party application by reference and only the signature operation is performed by the Signature API. It is therefore expected that the application performs multi-factor authentication of the user, before calling the API. This may include one or more of the following:
- Identity verification – Name, Surname etc. (face-to-face ID verification against ID book, or third-party data source) – Mandatory field. At least one additional field is required.
- Mobile number verification (OTP or USSD verification of the mobile number) – Possible additional field.
- Email address verification (OTP or token verification of the user’s email address) - Possible additional field.
Once the application has performed the above authentication, the verified details are transmitted to the API, together with image/s (i.e signature image from a signature pad and/or the signatory’s photo, fingerprint, company logo etc. (Optional)), the .PDF document, the name of the application that performed the Trust services (i.e your application name), the unique reference number referencing the transaction in the application, the X and Y coordinates of the signature placing, the signature appearance settings and the Signature API will return the cryptographically signed document to the application with all information passed embedded in the digital signature certificate.
The API is hosted within the following location:
Production environment: https://flow.signflow.co.za
Development environment: https://dev.signflow.co.za