Signing flow overview

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude

A typical eSAW One-Shot envelope process has three main steps. It is assumed that an envelope template already exists on the eSAW platform with the required signature fields and recipients.

1. Create and approve the certificate request (Uanataca) — Get req_pk and esaw_token.
2. Upload the document to be signed (eSAW) — Get FileId.
3. Create and send the envelope (eSAW) — Fill the template with the FileId and the esaw_token in the signing activity, then send. The user signs with the One-Shot certificate.

Step 1: Create certificate request

API: POST /api/v1/esawoneshot Host: Uanataca (e.g. https://api.sandbox.modernpki.com) Authentication: Client certificate (e.g. --cert cert.pem --key key.pem).

This call creates the certificate request for the signer. The request body must include enough information to identify the requester (e.g. rao, documents, request with profile, registration_authority, user data, id_document_type, etc.). Full argument details are in the API reference.

Example request (conceptual):

{
  "rao": { "username": "...", "password": "...", "pin": "..." },
  "documents": { ... },
  "request": {
    "profile": "PFnubeNC",
    "registration_authority": 1012,
    "communication_language": "ES",
    "id_document_type": "IDC",
    "id_document_country": "ES",
    "serial_number": "12976587A",
    "given_name": "John",
    "surname_1": "Smith",
    "surname_2": "Smith",
    "email": "test@test.com",
    "mobile_phone_number": "+34666777888"
  }
}

Example response:

{
  "status": "ok",
  "req_pk": 113929,
  "esaw_token": "ba4019803aaf2cd0a9755a688c8963901bfef4b942d7d2179e4e1e44c602"
}

Use esaw_token in Step 3 as requestToken in the envelope's signature plugin data.

Step 2: Upload file

API: POST /Api/v6/file/upload Host: eSignAnywhere (e.g. https://demo.esignanywhere.net) Authentication: Header ApiToken: <your-token>.

Upload the document to be signed. Call this endpoint once per document you want to include in the envelope.

Example:

curl -i -X POST \
  https://demo.esignanywhere.net/Api/v6/file/upload \
  -H "ApiToken: 1234fedq" \
  -F 'File=@"path/to/document"'

Example response:

{
  "FileId": "aa4e3300-c254-4430-ac16-2f2d96090b3a"
}

Use this FileId in Step 3 in the envelope's Documents array.

Step 3: Create and send envelope

API: POST /Api/v6/envelope/send Host: eSignAnywhere (e.g. https://demo.esignanywhere.net) Authentication: Header ApiToken: <your-token>.

Create and send the envelope. In the request:

• Set Documents to include the FileId from Step 2 (and DocumentNumber as required by the template).
• In the Sign activity, set SignaturePluginData for the One-Shot plugin (GenericSigningPluginBit4idOneShot) with a field Key: "requestToken" and Value: the esaw_token from Step 1.

This links the envelope signature to the Uanataca certificate request. When the user signs in eSAW, the One-Shot certificate is issued and applied.

Example (relevant parts):

• Documents: [{ "FileId": "aa4e3300-c254-4430-ac16-2f2d96090b3a", "DocumentNumber": 1 }]
• In the Sign activity, SignatureDataConfiguration.SignaturePluginData:
  • PluginId: "GenericSigningPluginBit4idOneShot"
  • Fields: [{ "Key": "requestToken", "Value": "ba4019803aaf2cd0a9755a688c8963901bfef4b942d7d2179e4e1e44c602" }]

Example response:

{
  "EnvelopeId": "bc6752b7-f761-4b88-91f6-5e3112a716a3"
}

The envelope is sent to the user; they open it in eSAW and sign with the One-Shot certificate.

Related documentation

• Architecture — Uanataca and eSAW roles
• Get started — Endpoints and authentication
• API reference — Full endpoint documentation and OpenAPI spec
• Postman collection — Quick testing