Gara contentu guddichaa seeni
Certyneo
API REST — eIDAS

API signature elektronikii ogeeyyii ta'aniif

Signature elektronikii eIDAS seentii kee keessatti yeroo dhibba tokkotii keessatti galchuu. REST, webhooks amalaa, SDK Node/Python/Ruby, sandbox kaffaltii baasuu baasuu hin qabne.

Akkaawun developer uumi Dokumentaashinii API

Sandbox kaffaltii · 99,95 % uptime · Hosting soveraa EU

REST + OpenAPI 3.1

Endpoints predictable, clean JSON, standard HTTP codes. Downloadable OpenAPI 3.1 spec to generate your own clients.

Reliable webhooks

Automatic retry with exponential backoff, HMAC SHA-256 signature, queryable event log. No polling to code.

Native eIDAS compliance

AES, AES-Q and QES signatures available via API flag. Qualified audit trail included, EU-qualified TSP certificates.

Latency < 200 ms

API hosted in Strasbourg (EU), p95 < 200 ms from Europe. 99.95% uptime SLA, real-time public status.

Get started in 5 minutes

Create your first envelope with a single HTTP request.

cURL — Creating an envelope
curl https://api.certyneo.com/v1/envelopes \
  -H "Authorization: Bearer $CERTYNEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Contrat de prestation",
    "documents": [{"file_url": "https://your.app/contract.pdf"}],
    "recipients": [{"email": "client@example.com", "name": "Jane Doe"}],
    "webhook_url": "https://your.app/webhooks/sign"
  }'

A single POST request is enough to create an envelope, add a document, a signer and a webhook URL. The API returns a sign_url ready to share.

Official Node.js SDK
import Certyneo from '@certyneo/sdk';

const client = new Certyneo({ apiKey: process.env.CERTYNEO_API_KEY });

const envelope = await client.envelopes.create({
  title: 'Contrat de prestation',
  documents: [{ file_url: 'https://your.app/contract.pdf' }],
  recipients: [{ email: 'client@example.com', name: 'Jane Doe' }],
});

console.log(envelope.sign_url); // ready to share with the signer

The Node TypeScript SDK provides full typing, automatic error handling with retry, and a fluent envelope builder. Also available in Python and Ruby.

Webhooks — react in real time

Six events (envelope.sent, viewed, signed, completed, declined, expired) with verifiable HMAC signature and automatic retry.

envelope.completed
{
  "event": "envelope.completed",
  "envelope_id": "env_3a2f...",
  "signed_at": "2026-05-25T14:32:18Z",
  "evidence_url": "https://api.certyneo.com/v1/envelopes/env_3a2f.../audit-trail.pdf",
  "signers": [
    { "email": "client@example.com", "signed": true, "ip": "82.x.x.x" }
  ]
}
  • HMAC SHA-256 signature of each payload — verify authenticity on your server.
  • Automatic retry on failure: 5 attempts over 24 hours with exponential backoff.
  • Event log queryable from the dashboard: see each attempt, the HTTP status returned, the body.
  • Webhook URL configurable per envelope (override) or globally in the project.

Why a dedicated API for electronic signatures?

Integrating electronic signatures into your product is not trivial. You need guarantees on legal compliance (eIDAS), technical reliability (webhooks that actually arrive), and data sovereignty (European hosting to avoid the Cloud Act). The Certyneo API covers all three.

Designed by and for developers, it follows modern REST conventions: cursor-based pagination, idempotency keys, URL versioning, OpenAPI 3.1 to automatically generate your clients. No SOAP, no XML, no surprises.

eIDAS compliance explained for developers

The eIDAS regulation defines three signature levels: simple (SES), advanced (AES) and qualified (QES). The Certyneo API allows you to choose the level per envelope via a `signature_level` field. The default value is AES (sufficient for 95% of B2B cases). QES is available for acts requiring strict legal equivalence with manual handwritten signatures (notarized acts, public procurement).

On the technical side, AES requires strong signer authentication (SMS OTP by default, optional KYC video) and a timestamped audit trail. QES adds a qualified certificate issued by an EU-qualified TSP. All of this is managed by the API — you call the endpoint, we take care of the rest.

Recommended integration architecture

The most common integration pattern follows this flow:

  • Your backend calls POST /v1/envelopes to create the envelope and receives a sign_url to present to the user.
  • You redirect the user to the sign_url or embed it in an iframe (with your branding via the Pro plan).
  • Once signing is complete, Certyneo calls your webhook with the envelope.completed event.
  • You update your database and notify the user (email, in-app, etc.).

Free unlimited sandbox

The sandbox environment is free and unlimited. All production features are available, except that signatures have no legal value (the PDF is marked SANDBOX). Perfect for automated tests, client demos, local development. Sandbox keys are separate from prod keys, complete isolation between the two.

Migrating from DocuSign or Yousign

If you already have a DocuSign or Yousign integration, the API mapping is direct: envelopes → envelopes, recipients → recipients, status webhooks → status webhooks. Our migration guide documents endpoint-by-endpoint equivalences. Plan for 1 to 3 days for a complete migration, much less if you use an internal wrapper.

Frequently asked questions — API

What is the API rate limit?

1,000 requests per minute by default, increasable on demand for high usage (factories, multi-tenant platforms). The X-RateLimit-Remaining header on each response indicates the remaining quota. If exceeded, the API returns 429 with a Retry-After.

How much does the API cost?

Sandbox is free and unlimited. Production runs on pay-per-signature (starting from €0.40 per AES signature with volume discounts), with no minimum subscription. The Enterprise plan includes enhanced SLA, IP whitelisting and a dedicated technical account.

Is there an SLA?

99.95% uptime on Business and Enterprise plans (maximum downtime of 4 hours per year). Public status page with incident history: status.certyneo.com. The Enterprise plan includes automatic credit if the SLA is not met.

What authentication do you use?

Bearer token (API key) in the Authorization header. Keys are rotatable from the dashboard, with immediate revocation. For OAuth integrations (multi-tenant platform), we offer OAuth 2.0 Client Credentials on the Enterprise plan.

How do I verify the HMAC signature of a webhook?

Each webhook includes an X-Certyneo-Signature header containing an HMAC SHA-256 of the payload, signed with your webhook secret. On your server, recalculate the HMAC and compare in constant time (timing-safe comparison). The official SDK does this automatically via webhook.verify(payload, signature, secret).

Are the SDKs open source?

Yes. The Node, Python and Ruby SDKs are on GitHub under the MIT license. You can fork, contribute or simply audit them. Binaries are published on npm, PyPI and RubyGems under the @certyneo / certyneo namespace.

Can I test without signing up?

Yes, via the interactive examples in the API documentation: /developers/playground. Requests run against a shared sandbox instance, no key required. For serious use, create a free developer account (unlimited sandbox).

Qophii galte mallattoo elektirooniksaa seenuuf?

Sandbox bilisaa hin xumuramin, gargaarsa guutuu, SDK ofisiyal. Amma jalqabi.

Gargaarsa dubbisuu Ogeessa Certyneo waliin haasaa