Secure Authentication and Digital Signing with ThrivoSign: A Developer's Guide

Authentication for Secure Connection to Server-Signer REST API

To establish a secure connection with the Server-Signer REST API, developers must adhere to the following authentication process:

  • API Key Authentication: Developers need to obtain and securely store API keys provided by ThrivoSign. These keys are essential for authenticating requests to the Server-Signer REST API.

  • Secure Connection: All communications with the Server-Signer REST API should occur over secure channels such as HTTPS. This ensures the confidentiality and integrity of the data exchanged during the authentication process.

  • Token-based Authentication: Enhance request security using token-based authentication. Secure and incorporate valid tokens into your API requests to authenticate the identity of the calling application effectively.

User Digital Certificate Issuance

The Certificate Issuance API plays a crucial role in generating user digital certificates. These certificates serve as a cryptographic key pair, enabling secure interactions between the client application and the ThrivoSign PKI system. Follow these steps for user digital certificate issuance:

  • API Endpoint: Make requests to the designated API endpoint for certificate issuance provided by ThrivoSign.

  • User Authentication: Include user authentication details in the request payload to ensure that the certificate is issued to the correct user.

  • Key Pair Generation: Upon successful authentication, the PKI system will generate a key pair, consisting of a private key securely stored on the user's device and a corresponding public key embedded in the digital certificate.

User Agreement PDF Signing API

After obtaining the user's digital certificate, developers can utilize the User Agreement PDF Signing API for digitally signing PDF documents. This is particularly useful for scenarios such as signing loan applications, facility agreements, and other critical documents. Follow these steps for PDF signing:

  • API Invocation: Call the designated API endpoint for PDF signing, providing the necessary details, including the PDF document to be signed and the user's digital certificate.

  • Signature Embedding: The PKI system will digitally sign the PDF document using the user's private key, embedding a verifiable signature within the document.

  • Validation Mechanism: Implement a validation mechanism within the client application to verify the authenticity of the signed PDF documents using the user's digital certificate.

Conclusion

By following these guidelines, developers can seamlessly integrate the ThrivoSign remote signing solution into their applications, ensuring secure user authentication and streamlined PDF document signing processes. For any further assistance or clarifications, refer to the official documentation or contact the IDTHRIVO support team.

For ThrivoSign Remote Signing Solution Demo Server, click here!

PreviousT-SIGNING APINextPAdES Signature Type