In this tutorial we will use the Woleet API to generate an e-signature workflow. The goal is to get an external signatory to sign a document and have the proof of this signature anchored in the Bitcoin blockchain.
Let’s say you have a document, any kind of document. It could be a PDF, a MP3, a 3D model or any kind of digital content. The starting point should be a file.
In the end you want someone to digitally sign this document. With Woleet there is 3 ways someone can sign a document :
- using digital signature delegation : here woleet generate a key pair and associate it with signatory identity. Digital signature is done by the user by using email and OTP SMS validation
- using an external (possibly your own) identity server. The Woleet Identity Server’s role is to assign keys to identities and manage their lifecycle (creation, deletion, revocation). The Woleet ID server is also used for signature verification as it will the one knowin ang an proving signatories’ identities.
- using his own keys : with Woleet it’s possible for the user to sign with key pairs in its own control. This is done using either a Ledger Nano S or the Woleet ID Mobile application (which is basically a wallet protecting one’s own keys).
In order to create a signature with API you’ll need :
In this example we will create a simple signature request with only one signatory. It’s possible to have as many signatories you want. Note that one signature credit will be used for each signature. If you have a document with 10 signatories you will use 10 signatures credits each time a signature is completed.
- The file you want them to sign
- the signatory common name (firstname and lastname)
- the signatory email
- the signatory phone number
- A Woleet subscription with signature credits. We strongly recommend to do this on the sandbox environment accessible from Business plan only.
Building the request
Step 1 – Calculating file hash
Woleet e-signature works from files hashes only. You don’t need to upload the document anywhere so you can keep it completely confidential. Note that in order to complete the signature process, the signatory will need the same document.
Here we will use openssl to calculate file’s hash using SHA256 algorithm :
>openssl dgst -sha256 test.pdf
Step 2 – Creating the request
When you have your API key you can build the API call following the signature request documentation. Check it here
-X POST --header 'Content-Type: application/json'
--header 'Accept: application/json' --header 'authorization: Bearer [API_TOKEN]'
Here are some explanations about the parameters used in this request made with curl :
- [API_TOKEN] is your own API token used for authentication
- [REQUEST_NAME] is the name of the signature request. This name identifies the request and can be anything, it could be fore example “Test.pdf request”
- [FILE_HASH] is the SHA256 hash of the target document
- [SIGNATORY_COMMON_NAME] is the name identifying the signatory, usually first name last name, but you can actually use any string e.g: “John Doe”
- [SIGNATORY_EMAIL] is the signatory’s email
- [SIGNATORY_PHONE_COUNTRY_CODE] is the mandatory country code of the signatory mobile phone number e.g.:
- [SIGNATORY_PHONE_NUMBER] is the signatory phone number e.g.:
The signature process
As long as the API call is done, an email is sent automatically to the signatory. The email will look like this :
The recipient of that email will need to complete the signature. By clicking on the “Sign” green button he will end on a web page like this
This tutorial is voluntarily simple in order to help you learning our API quick. It describes a minimal configuration workflow but it’s important to note that you can build much more complex things with the API and create your own signature workflow exactly how you want it. You can change the notifications you want to send to signatories, emails look and feel so it could fit your own branding, you can even build your own signature page and many other things!
If you want to go further, go and check our advanced e-signature customization capabilities in our documentation here