Skip to content
One-Shot
/
/
/
Classic workflow
Last updated

Classic workflow overview

In the classic One-Shot Signature workflow, an OTP is sent via SMS by Uanataca to the end user (or another approved authentication method is used). You upload PDF documents; the Optimizer hashes them, sends the hashes to Uanataca, and returns signed PDFs.

Steps

  1. Retrieve an existing token for the RAO Call List Tokens (GET /oneshot/api/v1/tokens) to list tokens. In sandbox, use the preconfigured token (e.g. 3bf8d8eb-d96c-41ea-83ad-d78a7016c7da) in the Create Request call. In production, create tokens via Create Token.

  2. Create a new digital signature request Call Create (POST /oneshot/api/v1/create) with the token (or RAO credentials), user data (e.g. profile, given_name, surname_1, email, mobile_phone_number), and identity document images (document_front, document_rear, document_owner). The response returns a request pk (e.g. 388141).

  3. Upload documents Call Upload Document (POST /oneshot/api/v1/document/{request_pk}) with file=@doc.pdf (or multiple file, file2, …). The response returns a uid per document.

  4. Retrieve service contract Call Get Request Contract (GET /oneshot/api/v1/contract/{request_pk}/) to obtain the service contract PDF (binary). The user must view this together with the documents to be signed.

  5. Generate OTP (Uanataca SMS only) Call Generate OTP (POST /oneshot/api/v1/otp/{request_pk}). An SMS with the OTP is sent to the mobile number associated with the request.

  6. Sign the documents Call Sign (POST /oneshot/api/v1/sign/{request_pk}) with a JSON body. For Uanataca SMS: {"secret": "123456", "signature": { "appearance": { ... } } }. For other auth: include ext_unlock_type and ext_unlock_value. The certificate is issued and all uploaded documents are signed.

  7. Retrieve signed documents Call Get Document (GET /oneshot/api/v1/document/{request_pk}/{document_uid}?document_type=signed) for each document to get the signed PDF (binary).

  8. Delete documents from the Optimizer Call Delete Document (DELETE /oneshot/api/v1/document/{request_pk}/{document_uid}) for each document when no longer needed. The service does not delete files automatically; back up any file you want to keep before deleting.

Other authentication methods

One-Shot can use authentication methods other than Uanataca SMS (subject to approval). In the sign call, send ext_unlock_type and ext_unlock_value instead of (or in addition to) the OTP secret. The exact values depend on the approved method (e.g. biometric).

Previous page
Next page