# FAQ Frequently asked questions and troubleshooting for **One-Shot** end users and integrators. Short answers are given below; for more integration and API details, see [Developer documentation](/products/namirialpkiaas/one-shot/enterprise-documentation/developer-documentation/overview). ## What are billing credentials and where can I get them? **Billing credentials** are the credentials used by the platform to meter and bill your usage of One-Shot (and other services such as SignBox and Timestamp). They are separate from the credentials you use for the Registration Authority Operator (RAO) or for signing. To obtain billing credentials, contact your **commercial contact** or **Operations** directly. They will provide the username and password (or the appropriate authentication method for your contract). ## Can I send a token in the API call instead of username, password and PIN? Yes. You can use a **token** instead of sending RAO username, password and PIN in each request. In both sandbox and production you create the token with the [Create Token](/products/namirialpkiaas/one-shot/openapi) API and use the returned token in subsequent calls (e.g. Create Request). This is not a Bearer or API key—it is the token returned by the create-token operation. See [Get started](/products/namirialpkiaas/one-shot/enterprise-documentation/get-started/get-started) and the [One-Shot OpenAPI specification](/products/namirialpkiaas/one-shot/openapi) for parameters. ## How do I configure the graphic signature? Is there an example? How do I add an image? You configure the **graphic signature** (visual appearance of the signature in the signed PDF) in the **Sign** call. In the request body, use the `signature.appearance` object to set text, position, and an optional image (e.g. base64 or reference). For the full set of parameters and examples, see the [Sign](/products/namirialpkiaas/one-shot/openapi) operation in the [One-Shot OpenAPI specification](/products/namirialpkiaas/one-shot/openapi). The structure is similar to signature appearance in other Uanataca services; use the OpenAPI schema for the exact field names and formats. ## How long does the OTP last before I call Sign? The OTP generated before the Sign call is valid for **5 minutes**. Use it in the Sign request as soon as it is received to avoid expiry. ## Is the Redis container required? Yes. The **Redis container is required** for One-Shot Optimizer. See [Docker installation](/products/namirialpkiaas/one-shot/enterprise-documentation/administrator-guides/installation/docker) and [Service settings](/products/namirialpkiaas/one-shot/enterprise-documentation/administrator-guides/configuration/service-settings). ## Do my documents leave my infrastructure? No. With One-Shot, only the **hash** of each document is sent to the signature service; the original document content does not leave your infrastructure. Documents are processed in your environment (or in the Optimizer you operate), and the signed result is returned to you. See [Architecture](/products/namirialpkiaas/one-shot/enterprise-documentation/get-started/architecture) and [Signing flow](/products/namirialpkiaas/one-shot/enterprise-documentation/get-started/signing-flow). ## How many documents can I load in a One-Shot process? You can load **up to 10 documents** in a single One-Shot transaction. You can do it in one or several [Upload Document](/products/namirialpkiaas/one-shot/openapi) calls, but the total must not exceed 10 documents per transaction. ## How do I enable the asynchronous flow? To use **asynchronous mode**, set **`useasync=true`** and provide a **`callback`** URL when calling [Create Request](/products/namirialpkiaas/one-shot/openapi) (`POST /oneshot/api/v1/create`). The API returns quickly; processing continues on the server, and status changes are sent to your callback URL. The flow steps are the same as the [classic workflow](/products/namirialpkiaas/one-shot/enterprise-documentation/products-and-modules/workflows/classic-workflow). For the full flow and webhook payload, see [Asynchronous flow](/products/namirialpkiaas/one-shot/enterprise-documentation/products-and-modules/workflows/asynchronous-flow). ## Are document_front, document_rear and document_owner mandatory? Their **obligatoriness varies** depending on the configuration of the Registration Authority you are using and the specific conditions of each case. For more information, contact your **commercial contact** or **Operations** directly. ## Which registration authority do I use? The **Registration Authority (RA) id** to use is always the one **provided by your commercial contact or Operations**, or, if applicable, the one included in the dataset you received to use the service. This applies in both sandbox and production. You need this RA id when creating requests and when using RAO credentials or tokens. See [Get started](/products/namirialpkiaas/one-shot/enterprise-documentation/get-started/get-started). ## I get error 500 related to certificates. What should I do? The **500 error** related to certificates is usually due to one of the following: - The certificates are **malformed** or do not follow the **naming convention** required for the certificate. - The certificates are **expired or invalid**. - You are using a **Registration Authority (RA)** to which those certificates **do not belong**. Check the certificate format, naming, validity, and that they correspond to the RA you are using. If the problem persists, contact your **commercial contact** or **Operations** directly with the request id and error details (without exposing secrets). For more integration and API details, see [Developer documentation](/products/namirialpkiaas/one-shot/enterprise-documentation/developer-documentation/overview).