One-Shot Signature supports several workflows. Choose the one that matches how you identify the signer and how you provide document data (full PDFs or precomputed hashes).
| Workflow | Description | When to use |
|---|---|---|
| Classic workflow | OTP sent by Uanataca via SMS (or other approved method). You upload PDF documents; the Optimizer hashes them and returns signed PDFs. | Standard in-app signing with SMS OTP or similar. |
| Hash signature flow | You upload a JSON containing a message digest and options. The service signs the hash and returns a P7M (CMS) structure, not a full PDF. | You already compute hashes and need only the signed CMS. |
| Asynchronous mode flow | Same sequence as classic, but the Create Request includes a callback URL and useasync=true. The API responds quickly; processing continues in the background and status updates are sent via webhook. | When you want shorter API response times; total processing time is unchanged. |
| eIDAS VideoID | User completes video identification on a Uanataca VideoID link. Request moves to VIDEOREVIEW; RAO approves it; then you upload documents, retrieve contract, send OTP, sign, and retrieve signed documents. | eIDAS-compliant identification via Uanataca's VideoID. |
| VideoID External mode | You create a VideoID request and then upload identification data and video (evidences) to the API. After RAO approval, the flow continues as in eIDAS VideoID (documents, contract, OTP, sign, retrieve). | VideoID when your platform collects the evidence and video. |
RAO (Registration Authority Officer) The operator that approves certificate requests. In One-Shot you act as RAO: you provide user data and request certificate issuance. Sandbox provides a default token for the RAO; in production you create tokens or use credentials.
Service contract As a Trusted Service Provider, Uanataca provides a service contract (PDF) per certificate issuance. The user must be able to view it together with the documents to be signed.
OTP (One-Time Password) For Uanataca SMS flow, an OTP is generated and sent to the user's mobile; the user enters it in the sign step. Other authentication methods (e.g. biometric, external) can be used when approved.
Webhooks For asynchronous flow and VideoID, a webhook URL receives status changes (e.g. VIDEOPENDING → VIDEOREVIEW → ENROLLREADY). See Webhook configuration.
For a high-level view of the signing process, see Signing flow. For full API details, see the API reference.