In hash signature flow, you do not upload PDF files. Instead, you upload a JSON file that contains a message digest and its properties. The One-Shot Optimizer signs the hash and returns a P7M structure (CMS object) rather than a full built PDF. This modality requires a specific message digest format.
The uploaded JSON must contain at least:
{
"messageDigest": "<base64-encoded digest>",
"digestAlgorithm": "sha256WithRSAEncryption",
"addAuthAttribute": 1,
"addSigningTime": 1,
"otherAuthAttributes": []
}messageDigest: The extracted message digest in base64.digestAlgorithm: Algorithm used (e.g.sha256WithRSAEncryption).addAuthAttribute,addSigningTime,otherAuthAttributes: Control CMS attributes.
The exact structure is defined in the API; use the same format as in the One-Shot API documentation for hash signing.
Retrieve an existing token for the RAO — Same as classic workflow: List Tokens (
GET /oneshot/api/v1/tokens).Create a new digital signature request — Same as classic: Create (
POST /oneshot/api/v1/create) with token and user data.Upload the hash document — Call Upload Document (
POST /oneshot/api/v1/document/{request_pk}) withhashfile=@test.json(the JSON containing the message digest). The response returns the documentuid.Retrieve service contract — Get Request Contract (
GET /oneshot/api/v1/contract/{request_pk}/).Generate OTP (Uanataca SMS only) — Generate OTP (
POST /oneshot/api/v1/otp/{request_pk}).Sign the hash — Sign (
POST /oneshot/api/v1/sign/{request_pk}) with JSON body (e.g.{"secret": "123456"}for OTP). The response indicates completion; no signature appearance is applied to a hash.Retrieve signed P7M — Get Document (
GET /oneshot/api/v1/document/{request_pk}/{document_uid}?document_type=signed). The response is the signed hash in P7M format; add the.p7mextension when saving.Delete documents from the Optimizer — Delete Document (
DELETE /oneshot/api/v1/document/{request_pk}/{document_uid}). Back up any data you need before deleting.
Use this flow when you already compute the digest in your application and only need the signed CMS (P7M) for integration with your own document or archival system, rather than a full PDF envelope.