Главон контентмæ цæуын
Certyneo
REST API — eIDAS

The electronic signature API for developers

Integrate eIDAS electronic signature into your application in a few hours. REST, reliable webhooks, Node/Python/Ruby SDKs, unlimited free sandbox.

Create a developer account API documentation

Free sandbox · 99.95% uptime · EU sovereign hosting

REST + OpenAPI 3.1

Predictable endpoints, clean JSON, standard HTTP codes. Downloadable OpenAPI 3.1 spec to generate your own clients.

Reliable webhooks

Automatic retry with exponential backoff, HMAC SHA-256 signature, queryable event log. No polling to code.

Native eIDAS compliance

AES, AES-Q, and QES signatures available via API flag. Qualified audit trail included, EU qualified TSP certificates.

Latency < 200 ms

API hosted in Strasbourg (EU), p95 < 200 ms from Europe. 99.95% uptime SLA, real-time public status.

Get started in 5 minutes

Create your first envelope with a single HTTP request.

cURL — Creating an envelope
curl https://api.certyneo.com/v1/envelopes \
  -H "Authorization: Bearer $CERTYNEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Contrat de prestation",
    "documents": [{"file_url": "https://your.app/contract.pdf"}],
    "recipients": [{"email": "client@example.com", "name": "Jane Doe"}],
    "webhook_url": "https://your.app/webhooks/sign"
  }'

A single POST request is enough to create an envelope, add a document, a signer, and a webhook URL. The API returns a sign_url ready to share.

Official Node.js SDK
import Certyneo from '@certyneo/sdk';

const client = new Certyneo({ apiKey: process.env.CERTYNEO_API_KEY });

const envelope = await client.envelopes.create({
  title: 'Contrat de prestation',
  documents: [{ file_url: 'https://your.app/contract.pdf' }],
  recipients: [{ email: 'client@example.com', name: 'Jane Doe' }],
});

console.log(envelope.sign_url); // ready to share with the signer

The TypeScript Node SDK provides full typing, automatic error handling with retry, and a fluent envelope builder. Also available in Python and Ruby.

Webhooks — react in real time

Six events (envelope.sent, viewed, signed, completed, declined, expired) with verifiable HMAC signature and automatic retry.

envelope.completed
{
  "event": "envelope.completed",
  "envelope_id": "env_3a2f...",
  "signed_at": "2026-05-25T14:32:18Z",
  "evidence_url": "https://api.certyneo.com/v1/envelopes/env_3a2f.../audit-trail.pdf",
  "signers": [
    { "email": "client@example.com", "signed": true, "ip": "82.x.x.x" }
  ]
}
  • HMAC SHA-256 signature of each payload — verify authenticity on the server side.
  • Automatic retry on failure: 5 attempts over 24 hours with exponential backoff.
  • Event log queryable from the dashboard: see each attempt, the HTTP status returned, the body.
  • Webhook URL configurable per envelope (override) or globally in the project.

Why a dedicated API for electronic signature?

Integrating electronic signature into your product is not trivial. You need guarantees on legal compliance (eIDAS), technical reliability (webhooks that actually arrive), and data sovereignty (European hosting to avoid the Cloud Act). The Certyneo API covers all three.

Designed by and for developers, it follows modern REST conventions: cursor-based pagination, idempotency keys, URL versioning, OpenAPI 3.1 to auto-generate your clients. No SOAP, no XML, no surprises.

eIDAS compliance explained for developers

The eIDAS regulation defines three signature levels: simple (SES), advanced (AES), and qualified (QES). The Certyneo API lets you choose the level per envelope via a `signature_level` field. The default value is AES (sufficient for 95% of B2B cases). QES is available for deeds requiring strict legal equivalence with manual handwritten signature (notarial deeds, public contracts).

On the technical side, AES requires strong authentication of the signer (SMS OTP by default, optional video KYC) and a timestamped audit trail. QES adds a qualified certificate issued by an EU qualified TSP. All of this is handled by the API — you call the endpoint, we take care of the rest.

Recommended integration architecture

The most common integration pattern follows this flow:

  • Your backend calls POST /v1/envelopes to create the envelope and receives a sign_url to present to the user.
  • You redirect the user to the sign_url or embed it in an iframe (with your branding via the Pro plan).
  • Once signing is complete, Certyneo calls your webhook with the envelope.completed event.
  • You update your database and notify the user (email, in-app, etc.).

Free unlimited sandbox

The sandbox environment is free and unlimited. All production features are available, except signatures have no legal value (the PDF is marked SANDBOX). Useful for automated testing, client demos, local development. Sandbox keys are distinct from prod keys, complete isolation between the two.

Migrate from DocuSign or Yousign

If you already have a DocuSign or Yousign integration, the API mapping is direct: envelopes → envelopes, recipients → recipients, status webhooks → status webhooks. Our migration guide documents endpoint-by-endpoint equivalences. Plan on 1 to 3 days for a complete migration, much less if you use an internal wrapper.

Frequently Asked Questions — API

What is the API rate limit?

1,000 requests per minute by default, increasable on demand for high usage (factories, multi-tenant platforms). The X-RateLimit-Remaining header on each response indicates remaining quota. If exceeded, the API returns 429 with a Retry-After.

How much does the API cost?

Sandbox is free and unlimited. Production operates on pay-per-signature (from €0.40 per AES signature with volume discounts), no minimum subscription. The Enterprise plan includes enhanced SLA, IP whitelisting, and a dedicated technical account.

Is there an SLA?

99.95% uptime on Business and Enterprise plans (maximum downtime of 4 hours per year). Public status page with incident history: status.certyneo.com. The Enterprise plan includes automatic credit if SLA is not met.

What authentication do you use?

Bearer token (API key) in the Authorization header. Keys are rotatable from the dashboard, with immediate revocation. For OAuth integrations (multi-tenant platform), we offer OAuth 2.0 Client Credentials on the Enterprise plan.

How to verify the HMAC signature of a webhook?

Each webhook includes an X-Certyneo-Signature header containing an HMAC SHA-256 of the payload, signed with your webhook secret. On the server side, recalculate the HMAC and compare in constant time (timing-safe comparison). The official SDK does this automatically via webhook.verify(payload, signature, secret).

Are the SDKs open source?

Yes. The Node, Python, and Ruby SDKs are on GitHub under the MIT license. You can fork, contribute, or simply audit them. Binaries are published on npm, PyPI, and RubyGems under the @certyneo / certyneo namespace.

Can I test without signing up?

Yes, via the interactive examples in the API documentation: /developers/playground. Requests run against a shared sandbox instance, no key required. For serious use, create a free developer account (unlimited sandbox).

Ready to integrate electronic signature?

Free unlimited sandbox, complete documentation, official SDKs. Get started now.

Read the documentation Talk to a Certyneo developer