Documentation

PDF Signing API

Quickstart-first API guide for Adobe-trusted PDF sealing with HMAC authentication and CMS/PKCS#7 responses.

  • HMAC auth
  • SHA-256 digest
  • CMS response
Book Demo CLI Quickstart Book Demo

Implementation proof

Ship faster with predictable trust behavior

Pick API, CLI, Web sealing, workflow automation, or cloud connector path, validate in Acrobat, and use trust documentation for compliance and architecture review.

Trust & Standards

~15m

CLI first success

Best for CI/CD and operations pipelines that need immediate signing output.

~30m

API first success

Recommended for product teams embedding trusted PDF sealing in services.

0

file uploads required

Only digest material is sent to sign endpoint; documents remain in your environment.

6

primary build paths

API, CLI, Web sealing, Zapier, Cloud Connector, and Power Automate paths fit different implementation teams.

API Quickstart

This path is for teams integrating Trusted Signatures directly into existing PDF generation systems.

1. Endpoint

  • Method: POST
  • URL: https://api.trusted-signatures.com/v1/sign
  • Content-Type: application/json

2. Request shape

1
2
3
4

{
  "digestAlgorithm": "SHA256",
  "digest": "<base64-pdf-digest>"
}

3. Authentication headers

  • X-Authorization-Algorithm: HmacSHA256
  • X-Authorization-Time: current UTC ISO-8601
  • X-Authorization-Key: your API key ID
  • X-Authorization: base64 HMAC over raw_body + X-Authorization-Time

4. Expected success response

1
2
3

{
  "signature": "<base64-cms>"
}

signature is the CMS/PKCS#7 payload to embed into your PDF /Contents placeholder.

Copy/Paste Example (Node.js)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

import crypto from "node:crypto";

const body = JSON.stringify({
  digestAlgorithm: "SHA256",
  digest: process.env.PDF_DIGEST_B64,
});

const authTime = new Date().toISOString();
const authorization = crypto
  .createHmac("sha256", Buffer.from(process.env.TS_API_KEY, "hex"))
  .update(body + authTime, "utf8")
  .digest("base64");

const res = await fetch("https://api.trusted-signatures.com/v1/sign", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "X-Authorization-Algorithm": "HmacSHA256",
    "X-Authorization-Time": authTime,
    "X-Authorization-Key": process.env.TS_API_KEY_ID,
    "X-Authorization": authorization,
  },
  body,
});

if (!res.ok) throw new Error(await res.text());
const data = await res.json();
console.log(data.signature);

Minimal Sealing Flow

  1. Build a PDF signature placeholder (recommended ~34 KB).
  2. Compute SHA-256 digest over PDF byte range.
  3. Call POST /v1/sign.
  4. Decode base64 CMS response.
  5. Embed CMS bytes into /Contents and pad remaining bytes with 00.
  6. Save PDF and validate in Acrobat/Reader.

Error handling

Common status codes:

  • 400: invalid body or headers
  • 401: auth failure
  • 403: request blocked
  • 413: payload too large
  • 500: server error

Next steps

Need architectural review?

Book a technical walkthrough

For enterprise rollout, we can review trust model, controls, and integration patterns with your team.

Book Demo See Pricing