Accept Success Signing Webhook

Upon successful signing, Sign will notify the relying party (RP) via a webhook. The RP must implement and expose a webhook endpoint on their server to receive this notification. The webhook will inform the RP that a signing transaction has been successfully completed and provide the URL to download the signed document.

Path

A POST request to the webhook URL that was provided to us during your .

Body

A JSON object with only 1 field token .

{
  "token": "xxxx"
}

The token is a standard with payload:

request_type: Always signed_doc_url
signed_doc_url: Where you can download the signed document. This link will expire after 2 minutes.
request_id: Same as the request id returned during initiate sign request
iat & exp: Standard Issued At / Expiration timestamp of JWT. The expiry of the token is set to 2 minutes. The signed_doc_url will expire within the exp as well.

RP are required to implement token validation by fetching the , and verify the signature, expiration, and claims contained in the JWT.

RP are required to download the document immediately as the signed_doc_url will expires in 2 minutes. We do not recommend RP to send the signed_doc_url to user for the same reason.

Example:

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InNpZ24tZGV2LTAxIn0.eyJyZXF1ZXN0X3R5cGUiOiJzaWduZWRfZG9jX3VybCIsInNpZ25lZF9kb2NfdXJsIjoiaHR0cHM6Ly9kZW1vLnVybCIsInJlcXVlc3RfaWQiOiJzaWdudjMtMDE5NjE5ODctYWIyMi03YWJkLWI1YTktNDM3NjQ1MmI5ZGJiIiwiaWF0IjoxNzQ0MTg2Nzc1LCJleHAiOjE3NDQxODY4OTV9.O5XjIEBN4DzeXiVuqGvbUenwAl_dESbRsaCfxSAsffy2YTRXJkCaiyjAv0fVTi81ANrX_yNQGhhJC0Nns3PY3Q

Response

It is sufficient to respond with only 2XX HTTP status code without any response body.

Retry Settings

Singpass will perform automated retries of webhook calls in the case of timeouts or certain errors.

Per try timeout: 2s
Delay between each retry: 2s
Max attempts: 3

RP are required to respond to the webhook request within 2 seconds.

IP Address

We strive to maintain consistent egress IPs, but please note that they are subject to change with short notice.

Staging:
- 54.169.20.186
Production:
- 18.143.229.39
- 54.179.76.90
- 3.0.39.45

PreviousRedirect From Sign with Singpass NextGet Signing Result

Last updated 7 days ago

Was this helpful?

Body

A JSON object with only 1 field token .

{
  "token": "xxxx"
}

The token is a standard with payload:

request_type: Always signed_doc_url

signed_doc_url: Where you can download the signed document. This link will expire after 2 minutes.

request_id: Same as the request id returned during initiate sign request

iat & exp: Standard Issued At / Expiration timestamp of JWT. The expiry of the token is set to 2 minutes. The signed_doc_url will expire within the exp as well.

RP are required to implement token validation by fetching the , and verify the signature, expiration, and claims contained in the JWT.

RP are required to download the document immediately as the signed_doc_url will expires in 2 minutes. We do not recommend RP to send the signed_doc_url to user for the same reason.

Example:

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InNpZ24tZGV2LTAxIn0.eyJyZXF1ZXN0X3R5cGUiOiJzaWduZWRfZG9jX3VybCIsInNpZ25lZF9kb2NfdXJsIjoiaHR0cHM6Ly9kZW1vLnVybCIsInJlcXVlc3RfaWQiOiJzaWdudjMtMDE5NjE5ODctYWIyMi03YWJkLWI1YTktNDM3NjQ1MmI5ZGJiIiwiaWF0IjoxNzQ0MTg2Nzc1LCJleHAiOjE3NDQxODY4OTV9.O5XjIEBN4DzeXiVuqGvbUenwAl_dESbRsaCfxSAsffy2YTRXJkCaiyjAv0fVTi81ANrX_yNQGhhJC0Nns3PY3Q