Table of Contents

1 Authorization
2 Environments
- 2.1 Smart-ID
  - 2.1.1 Smart-ID levels
  - 2.1.2 Test accounts for automated testing
  - 2.1.3 Endpoints
    - 2.1.3.1 post Create Authentication Session
      - 2.1.3.1.1 Request parameters
      - 2.1.3.1.2 Response structure
      - 2.1.3.1.3 Example
    - 2.1.3.2 get Get Authentication Session Status
      - 2.1.3.2.1 Preconditions
      - 2.1.3.2.2 Response structure
      - 2.1.3.2.3 Example
    - 2.1.3.3 post Create Signature Session
      - 2.1.3.3.1 Request parameters
      - 2.1.3.3.2 Response parameters
      - 2.1.3.3.3 Example
    - 2.1.3.4 get Get Signed Document
      - 2.1.3.4.1 Preconditions
      - 2.1.3.4.2 Example
- 2.2 Mobile-ID
  - 2.2.1 Test accounts for automated testing
  - 2.2.2 Endpoints
    - 2.2.2.1 post Create Authentication Session
      - 2.2.2.1.1 Request parameters
      - 2.2.2.1.2 Response parameters
      - 2.2.2.1.3 Example
    - 2.2.2.2 get Get Authentication Session Status
      - 2.2.2.2.1 Response parameters
      - 2.2.2.2.2 Example
    - 2.2.2.3 post Create Signature Session
      - 2.2.2.3.1 Request parameters
      - 2.2.2.3.2 Response parameters
      - 2.2.2.3.3 Example
    - 2.2.2.4 get Get Signed Document
      - 2.2.2.4.1 Preconditions
      - 2.2.2.4.2 Example

Authorization

You'll need your API key. If you don't have it, please contact support@ondato.com.
Remember to include an x-api-key header in every request.

Think of your API key as a password:

Securely store it.
Refrain from sharing it with anyone outside of your organization.
Avoid placing it in the source code.

Environments

Environment	Swagger URL	Base URL

Environment	Swagger URL	Base URL
Sandbox	https://sandbox-esignature.ondato.com/swagger/index.html	`https://sandbox-esignature.ondato.com`
Production	https://esignature.ondato.com/swagger/index.html	`https://esignature.ondato.com`

Smart-ID

Smart-ID is a universal, app-based strong authentication and digital signing solution.

Smart-ID levels

Smart-ID service is being offered on two levels:

Smart-ID Basic
- User’s identity has been verified by a third party authentication and the identity details has been verified by national population registry;
Smart-ID
- User’s identity has been verified by strong authentication, which is based on the government issued eID (ID-card, Mobile-ID) during the on-line registration or the government issued physical ID document has been verified by two RA employees during the on-site registration.

Test and production accounts have no access to Smart-ID Basic accounts.

Test accounts for automated testing

Country	National identity number	Certificate level	Response description

Country	National identity number	Certificate level	Response description
EE \|	30303039914	QUALIFIED	Successful signing and identification
LV \|	030303-10012	QUALIFIED	Successful signing and identification
LT \|	30303039914	QUALIFIED	Successful signing and identification
EE \|	30403039917	QUALIFIED	User cancelled session
LV \|	030403-10016	QUALIFIED	User cancelled session
LT \|	30403039917	QUALIFIED	User cancelled session
EE \|	30403039983	QUALIFIED	User does not react
LV \|	030403-10083	QUALIFIED	User does not react
LT \|	30403039983	QUALIFIED	User does not react

Endpoints

post Create Authentication Session

https://sandbox-esignature.ondato.com/smart-id/authentication

Request parameters

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
country	Required	Country code here conforms to ISO 3166-1 alpha-2 code and as such must be in upper case ("LT", "LV", "EE").
nationalIdentityNumber	Required	National identification number
certificateLevel	Required	Level of certificate requested "QUALIFIED".
displayText	Optional	Text to display for authentication consent dialog on the mobile device. Limited to 60 characters or 128 bytes in UTF-8 encoding, whichever is reached first.

Response structure

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
sessionId	Required	A string that can be used to request operation result.
verificationCode	Required	Verification code is needed, so that user can bind together the session on the browser and the authentication request on the Smart-ID app.

Example

curl --location 'https://sandbox-esignature.ondato.com/smart-id/authentication' \
--header 'Content-Type: application/json' \
--header 'x-api-key: {apiKey}' \
--data '{
	"countryCode": "LT",
    "certificateLevel": "QUALIFIED",
	"nationalIdentityNumber": "30303039914",
	"displayText": "Please confirm transaction"
}'

{
    "sessionId": "8c00e8b378b848bbbc3cd1e2c018ef39",
    "verificationCode": "0818"
}

get Get Authentication Session Status

https://sandbox-esignature.ondato.com/smart-id/authentication/{sessionId}

Preconditions

Session is present in the system, and the request is either running or has been completed less than 5 minutes ago. Timeout period is 120 seconds.

Response structure

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
countryCode	Required	Country code
nationalIdentityNumber	Required	National identification number
name	Required	Person name
surname	Required	Person surname

Example

curl --location 'https://sandbox-esignature.ondato.com/smart-id/authentication/{sessionId}' \
--header 'x-api-key: {your-api-key}'

post Create Signature Session

https://sandbox-esignature.ondato.com/smart-id/document-signature

Request parameters

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
countryCode	Required	Country code here conforms to ISO 3166-1 alpha-2 code and as such must be in upper case ("LT", "LV", "EE").
nationalIdentityNumber	Required	National identification number
displayText	Optional	Text to display for authentication consent dialog on the mobile device. Limited to 60 characters or 128 bytes in UTF-8 encoding, whichever is reached first.
file	Required	Data to sign

Response parameters

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
sessionId	Required	A string that can be used to request operation result.
verificationCode	Required	Verification code is needed, so that user can bind together the session on the browser and the authentication request on the Smart-ID app.

Example

get Get Signed Document

https://sandbox-esignature.ondato.com/smart-id/document-signature/{sessionId}

Preconditions

Session is present in the system, and the request is either running or has been completed less than 5 minutes ago.

Example

Mobile-ID

Mobile-ID is a SIM card based digital signature solution (and requires a special Mobile-ID SIM card which your mobile operator will provide). It is recognised by governments and it grants access to online services in a similar manner to an ID card.

Test accounts for automated testing

Country	Phone number	National identity number	Response description

Country	Phone number	National identity number	Response description
EE \|	+37269930366	51307149560	Successful signing and identification
LT \|	+37069930366	60706225732	Successful signing and identification
EE \|	+37200000266	60001019939	User has no active certificates
LT \|	+37060000266	50001018832	User has no active certificates
EE \|	+37207110066	60001019947	Sending authentication request to phone failed
LT \|	+37067110066	50001018843	Sending authentication request to phone failed
EE \|	+37201100266	60001019950	User cancelled authentication
LT \|	+37061100266	50001018854	User cancelled authentication
EE \|	+37201200266	60001019972	SIM application error
LT \|	+37061200266	50001018876	SIM application error
EE \|	+37213100266	60001019983	Phone is not in coverage area
LT \|	+37063100266	50001018887	Phone is not in coverage area
EE \|	+37266000266	50001018908	User does not react
LT \|	+37066000266	50001018908	User does not react

Endpoints

post Create Authentication Session

https://sandbox-esignature.ondato.com/mobile-id/authentication

Request parameters

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
phoneNumber	Required	Phone number of the signer with the country code in the format of +xxxxxxxxx
nationalIdentityNumber	Required	National identification number
language	Required	Language for user dialog in mobile phone. 3-letters capitalized acronyms are used. Possible values: EST, ENG, RUS, LIT. NB! If you use language="LIT" to send to Estonian number (+372...) or you use language="EST" to send to Lithuanian number (+370...) then internally language is replaced with "ENG".
displayText	Optional	Text to display for authentication consent dialog on the mobile device. Limited to 40 characters including up to 5 characters from extension table ( €[]^\|{}\ ).

Response parameters

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
sessionId	Required	A string that can be used to request operation result.
verificationCode	Required	Verification code is needed, so that user can bind together the session on the browser and the authentication request on mobile device.

Example

get Get Authentication Session Status

https://sandbox-esignature.ondato.com/mobile-id/authentication/{sessionId}

Response parameters

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
countryCode	Required	Country code
nationalIdentityNumber	Required	National identification number
name	Required	Person name
surname	Required	Person surname

Example

post Create Signature Session

https://sandbox-esignature.ondato.com/mobile-id/document-signature

Request parameters

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
phoneNumber	Required	Phone number of the signer with the country code in the format of +xxxxxxxxx
nationalIdentityNumber	Required	National identification number
language	Required	Language for user dialog in mobile phone. 3-letters capitalized acronyms are used. Possible values: EST, ENG, RUS, LIT. NB! If you use language="LIT" to send to Estonian number (+372...) or you use language="EST" to send to Lithuanian number (+370...) then internally language is replaced with "ENG".
displayText	Optional	Text to display for authentication consent dialog on the mobile device. Limited to 60 characters or 128 bytes in UTF-8 encoding, whichever is reached first.
file	Required	File to sign

Response parameters

Parameter	Required or Optional?	Description

Parameter	Required or Optional?	Description
sessionId	Required	A string that can be used to request operation result.
verificationCode	Required	Verification code is needed, so that user can bind together the session on the browser and the authentication request on mobile device.

Example

get Get Signed Document

https://sandbox-esignature.ondato.com/mobile-id/document-signature/{sessionId}

Preconditions

Session is present in the system, and the request is either running or has been completed less than 5 minutes ago.

Ondato

E-Signature API

Authorization

Environments

Smart-ID

Smart-ID levels

Test accounts for automated testing

Endpoints

post Create Authentication Session

Request parameters

Response structure

Example

get Get Authentication Session Status

Preconditions

Response structure

Example

post Create Signature Session

Request parameters

Response parameters

Example

get Get Signed Document

Preconditions

Example

Mobile-ID

Test accounts for automated testing

Endpoints

post Create Authentication Session

Request parameters

Response parameters

Example

get Get Authentication Session Status

Response parameters

Example

post Create Signature Session

Request parameters

Response parameters

Example

get Get Signed Document

Preconditions

Example