Get Signing Result

This endpoint allows the relying party (RP) to actively query the signing results and obtain the signed document after completion.

It is not recommended to use this endpoint for status polling as the webhook is more efficient. RPs do not need to invoke this API if the success signing webhook was captured.

Path

GET /sign-requests/:request_id/signed-doc

Headers

Name

Value

Content-Type

application/json

Authorization

<token>

Authorization token

RP should sign the signature parameter into a JWT token as authorization token.

Token Type: Standard JWT (JSON Web Token)
Payload:
- exchange_code: The exchange_code returned when initiate sign request.
- jti: Standard JWT ID, a unique identifier for the JWT, must be a UUID.
- iat & exp: Standard Issued At / Expiration timestamp of JWT. Must issued within 2 minutes.

Example:

eyJhbGciOiJFUzI1NiIsImtpZCI6IjEyMDUwMzM5LWUzNTktNGUyYy04YTc2LWY0Nzk0MDZmZDliMyJ9.eyJleGNoYW5nZV9jb2RlIjoiY2JlNzM3MWMtZjExMC00OTEzLWE3YmQtNjQwOTk0YjA4MDczIiwianRpIjoiY2IyYTk5NmQtZjk3ZS00YzJiLWE5ZDAtZDM0NzgxNzhjY2RmIiwiaWF0IjoxNzQ3Mzc3NzIyLCJleHAiOjE3NDczNzc4NDJ9.ZLQTMnSiqRfFE1w2jDjQgOVDKWY2Fv-HTSn976dZXmt2FVNMEzOfTdV8qCWnw8mOE5aJzIi2DQyIDZqwKAFJ4Q

Body

Empty

Response

{
    "signed_doc_url": "XXXX",
    "signer_info": 
        {
            "signer_name": <Name as per the CN in the user certifiate>,
            "signer_partial_uinfin": "123A",
            "signed_at": <Timestamp of the user completing the sign request>
        }
    "exp": 1744190335
}

signed_doc_url: Where you can download the signed document.
signer_info : an object containing the following information:
- signer_name : Name of the signer as per the user cert CN
- signer_partial_uinfin : The last 4 alphanumerical value of the signer's NRIC
- signed_at : Unix timestamp in milliseconds of when the user completed the sign request.
exp: Expiration time (in UNIX second) of signed_doc_url .

Similar to the successful signing webhook, the signed_doc_urlwill only be valid for 2 minutes. RPs should download the document immediately for their own application. We do not recommend forwarding this URL to the user.

There may be a few scenarios under which you will receive a 400 error:

DOCUMENT_NOT_SIGNED: The user has not signed the document yet and the request has not expired yet
REQUEST_EXPIRED: The request has expired without the user signing the document.
SIGNED_ACCESS_EXPIRED: The document has been signed, but can no longer be retrieved via this endpoint as the 1h access period has passed.

{
    "id": "91934263-3ad0-4f2d-afb6-441b2e256b64",
    "trace_id": "1747520091621739744",
    "error": "DOCUMENT_NOT_SIGNED",
    "error_description": "Document is not signed yet."
}

{
  "error": "UNAUTHORIZED",
  "error_description": "Unauthorized.",
  "error_details": "JWT validation failed",
  "id": "ca21bb57-8255-46f0-b2f4-80613768ea6e",
  "trace_id": "7755321139078968799"
}

Sample request

curl 'https://staging.sign.singpass.gov.sg/api/v3/sign-requests/<request_id>/signed_doc' \
  -H 'Authorization: <auth_token>'

PreviousAccept Success Signing Webhook NextJWKS Specification

Last updated 2 months ago

Was this helpful?