Skip to main content
Certyneo
REST API — eIDAS

The electronic signature API for developers

Integrate eIDAS electronic signature into your application in a few hours. REST, reliable webhooks, Node/Python/Ruby SDK, unlimited free sandbox.

Create a developer account API Documentation

Free sandbox · 99.95% uptime · EU sovereign hosting

REST + OpenAPI 3.1

Predictable endpoints, clean JSON, standard HTTP codes. Downloadable OpenAPI 3.1 spec to generate your own clients.

Reliable webhooks

Automatic retry with exponential backoff, HMAC SHA-256 signature, queryable event log. No polling to code.

Native eIDAS compliance

AES, AES-Q and QES signatures available via API flag. Qualified audit trail included, EU qualified TSP certificates.

Latency < 200 ms

API hosted in Strasbourg (EU), p95 < 200 ms from Europe. 99.95% uptime SLA, real-time public status.

Get started in 5 minutes

Create your first envelope with a single HTTP request.

cURL — Creating an envelope
curl https://api.certyneo.com/v1/envelopes \
  -H "Authorization: Bearer $CERTYNEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Contrat de prestation",
    "documents": [{"file_url": "https://your.app/contract.pdf"}],
    "recipients": [{"email": "client@example.com", "name": "Jane Doe"}],
    "webhook_url": "https://your.app/webhooks/sign"
  }'

A single POST request is enough to create an envelope, add a document, a signer and a webhook URL. The API returns a sign_url ready to share.

Official Node.js SDK
import Certyneo from '@certyneo/sdk';

const client = new Certyneo({ apiKey: process.env.CERTYNEO_API_KEY });

const envelope = await client.envelopes.create({
  title: 'Contrat de prestation',
  documents: [{ file_url: 'https://your.app/contract.pdf' }],
  recipients: [{ email: 'client@example.com', name: 'Jane Doe' }],
});

console.log(envelope.sign_url); // ready to share with the signer

The Node TypeScript SDK provides complete typing, automatic error handling with retry, and a fluent envelope builder. Also available in Python and Ruby.

Webhooks — react in real time

Six events (envelope.sent, viewed, signed, completed, declined, expired) with verifiable HMAC signature and automatic retry.

envelope.completed
{
  "event": "envelope.completed",
  "envelope_id": "env_3a2f...",
  "signed_at": "2026-05-25T14:32:18Z",
  "evidence_url": "https://api.certyneo.com/v1/envelopes/env_3a2f.../audit-trail.pdf",
  "signers": [
    { "email": "client@example.com", "signed": true, "ip": "82.x.x.x" }
  ]
}
  • HMAC SHA-256 signature of each payload — verify authenticity server-side.
  • Automatic retry on failure: 5 attempts over 24 hours with exponential backoff.
  • Event log queryable from the dashboard: see each attempt, the HTTP status returned, the body.
  • Webhook URL configurable per envelope (override) or global in the project.

Why a dedicated API for electronic signature?

Integrating electronic signature into your product is not trivial. You need guarantees on legal compliance (eIDAS), technical reliability (webhooks that actually arrive), and data sovereignty (European hosting to avoid the Cloud Act). The Certyneo API covers all three.

Designed by and for developers, it follows modern REST conventions: cursor-based pagination, idempotency keys, URL versioning, OpenAPI 3.1 to auto-generate your clients. No SOAP, no XML, no surprises.

eIDAS compliance explained for developers

The eIDAS regulation defines three signature levels: simple (SES), advanced (AES) and qualified (QES). The Certyneo API allows you to choose the level per envelope via a `signature_level` field. The default value is AES (sufficient for 95% of B2B cases). QES is available for acts requiring strict legal equivalence with manual handwritten signature (notarial acts, public procurement).

On the technical side, AES requires strong signer authentication (SMS OTP by default, optional video KYC) and a timestamped audit trail. QES adds a qualified certificate issued by an EU qualified TSP. All of this is handled by the API — you call the endpoint, we handle the rest.

Recommended integration architecture

The most common integration pattern follows this flow:

  • Your backend calls POST /v1/envelopes to create the envelope and receives a sign_url to present to the user.
  • You redirect the user to the sign_url or embed it in an iframe (with your branding via the Pro plan).
  • Once signing is complete, Certyneo calls your webhook with the envelope.completed event.
  • You update your database and notify the user (email, in-app, etc.).

Unlimited free sandbox

The sandbox environment is free and unlimited. All production features are available, except that signatures have no legal value (the PDF is marked SANDBOX). Great for automated tests, client demos, local development. Sandbox keys are separate from prod keys, total isolation between the two.

Migrate from DocuSign or Yousign

If you already have a DocuSign or Yousign integration, the API mapping is direct: envelopes → envelopes, recipients → recipients, status webhooks → status webhooks. Our migration guide documents the equivalences endpoint by endpoint. Plan 1 to 3 days for a complete migration, much less if you use an internal wrapper.

FAQ — API

What is the API rate limit?

1,000 requests per minute by default, increasable on demand for high-volume usage (factories, multi-tenant platforms). The X-RateLimit-Remaining header on each response indicates the remaining quota. If exceeded, the API returns 429 with a Retry-After.

How much does the API cost?

The sandbox is free and unlimited. Production operates on pay-per-signature (starting from €0.40 for AES signature with volume discounts), with no minimum subscription. The Enterprise plan includes enhanced SLA, IP whitelisting and a dedicated technical account.

Is there an SLA?

99.95% uptime on Business and Enterprise plans (maximum downtime of 4 hours per year). Public status page with incident history: status.certyneo.com. The Enterprise plan includes automatic credit if SLA is not met.

What authentication do you use?

Bearer token (API key) in the Authorization header. Keys are rotatable from the dashboard, with immediate revocation. For OAuth integrations (multi-tenant platform), we offer OAuth 2.0 Client Credentials on the Enterprise plan.

How do you verify the HMAC signature of a webhook?

Each webhook includes an X-Certyneo-Signature header containing an HMAC SHA-256 of the payload, signed with your webhook secret. On the server side, recalculate the HMAC and compare in constant time (timing-safe comparison). The official SDK does this automatically via webhook.verify(payload, signature, secret).

Are the SDKs open source?

Yes. The Node, Python and Ruby SDKs are on GitHub under the MIT license. You can fork, contribute or simply audit them. Binaries are published on npm, PyPI and RubyGems under the @certyneo / certyneo namespace.

Can I test without signing up?

Yes, via the interactive examples in the API documentation: /developers/playground. Requests run against a shared sandbox instance, no key required. For serious use, create a free developer account (unlimited sandbox).

Ready to integrate electronic signatures?

Unlimited free sandbox, complete documentation, official SDKs. Get started now.

Read the documentation Talk to a Certyneo developer