Faça o Login no Certillion

Início » API » Online API

Online API

Documentation

Online API

Flow that runs through the entire Certillion API structure, from the initial request steps to response delivery.

Documentation

Online API

Full description, parameters and return codes of all Certillion API methods.

authorize

/css/restful/application/oauth/authorize

The first step is to create an authorization request containing the parameters necessary for the PSC to identify the client application. Next, it is important to request authorization from the user, according to the requested usage permission. Oauth2 Standard

The authorization request is made, including parameters such as response type, application identification, code challenge, challenge method, PSC, redirect URI, scope and other optional parameters. If successful, the response includes an authorization code.

Method: GET

PARAMETERS

code_challenge Value used to protect the authorization code grant, ensuring that the person who initiated the request will be the one who exchanges the authorization code for the access token.
code_challenge_method

fixed value “S256”

Value corresponding to the method used in the proof key (code_verifier) to derive the challenge (code_challenge).
manager_id Token that identifies the application that wants to use the API (Provided by e-Sec)

psc

[optional]

 PSC that will be used.
response_type The fixed value “code”

lifetime

[optional]

 Indicates the desired lifetime for the token to be generated. Integer, in seconds.

login_hint

[optional]

 User identifier

redirect_uri

[optional]

 Must have the URI to redirect the user back to the originating application.

state

[optional]

 Code for identifying the application state.

scope

[optional]

 Available values: single_signature, multi_signature, signature_session

Error codes:

Code HTTP Description Suggested Action
404 (NOT_FOUND) Returned when the Certillion API was unable to communicate with the PSC. First, it is necessary to redo the request; additionally, it is crucial to ensure that the credentials are correct.

In this method, it is necessary to provide a code_challenge.The code_challenge is a SHA256 hash of the code_verifier, encoded in URL Base64. First, the code_verifier is stored in the application for later use, while the code_challenge is sent along with the authorization request. For more information, see the PKCE RFC .

For example, for the Java platform, this information can be generated using the code below, or equivalent:

var crypto = require('crypto')
function base64URLEncode(str) {
    return str.toString('base64')
        .replace(/\+/g, '-')
        .replace(/\//g, ' _')
        .replace(/=/g, '');
}
 var verifier = base64URLEncode(crypto.randomBytes(32));
console.log("verifier: " + verifier);
function sha256(buffer) {
    return crypto.createHash('sha256').update(buffer).digest();
}</span >
var challenge = base64URLEncode(sha256(verifier));
console.log("challenge: " + challenge);

certificate-discovery

/css/restful/application/certificate-discovery

Recovers the certificate authorized by the user to perform digital signature .

Method: GET

The parameters returned by the request are:

Parameter Description
Status Object containing the request status code, name and details</span >
Certificates Array containing the certificates found, contains you fields serial_number, subject_dn, issuer_dn, not_before, not_after, alias, status, certificate, issuer_certificate

Error codes:

HTTP Code Error Code Description Suggested Action
401 (UNAUTHORIZED)

249 (TOKEN_VALIDITY_INVALID)

250 (INVALID_ACCESS_TOKEN)

209 (BAD_AUTHENTICATION)

 Returned when the Authorization field passed is wrong or expired. Redo the request ensuring that the Authorization is correct.

401 (UNAUTHORIZED)</ td>

 218 (USERS_EXCEEDED_MAXIMUM_ALLOWED) Returned when the accesses contracted to the PSC in question have been exhausted. Check the status of your account with the PSC.</ td>
400 (BAD_REQUEST)

205

(REQUEST_BAD_DATA)

 < span style=”font-weight: 400;”>Returned when there is a problem executing the request. Redo the request after review it ensuring that it is in accordance with what is expected by method.
404 (NOT_FOUND) 620 (CERTIFICATE_NOT_FOUND)

Returned when:< /p>

– There is no certificate in the PSC slot;

– The Alias provided does not match any certificate in the PSC slot.

 Remake the request, providing an alias correct.
500 (INTERNAL_SERVER_ERROR)

224

(ERROR_DURING_AUTHENTICATION)

 Returned when there is an unexpected failure in processing the request.

Redo the request after reviewing it, ensuring that it is in accordance with the method’s expectations.</span >

If the error persists, contact Certillion support.
504 (GATEWAY_TIMEOUT) 301 (TIMEOUT) Returned when there is a timeout in communication with the PSC. This may be caused by some unavailability or slowness on the part of the PSC. Wait a few minutes and redo the request.

HEADERS

Authorization Receives the value of the access_token generated by the 2.2 token call.

client_maintenance

/css/restful/application/oauth/client_maintenance

The method allows the maintenance of information of an application. Developers can register or update essential data, such as name and callback addresses, using tokens provided by e-Sec. The server responds with appropriate codes in cases of incorrect authorization or malformed request. Essential for effective application administration in Certillion, the method facilitates secure and reliable integration.

Method: POST

Parameter description:

Parameter Description
client_id Token that identifies the API user application (Provided by e-Sec)
client_secret Application secret token (Provided by e-Sec)
comments General observations on the use of the application being registered
email Email for support in case of unavailability, change of version, among others
name Name/description of the application
redirect_uris Application server callback addresses that the Certillion API should call when the signature is completed

Possible errors returned by the server:

HTTP Codes Description Suggested Action
401 (UNAUTHORIZED) Returned when the authorization field passed is wrong or expired. It is necessary to redo the request to ensure that the authorization is correct.
400 (BAD_REQUEST) Returned when the JSON request sent is malformed. It is necessary to first redo the request after reviewing it, also ensuring that its format is as expected by the method.
500 (INTERNAL_SERVER_ERROR) Returned when there is an unexpected failure in processing the request. Review the submitted request ensuring that its structure is correct. If the error persists, contact Certillion support.


HEADERS:

Authorization

{{token: }}

Receives the value of the access_token that could have been generated by either the 1.1 client_token call or the 2.2 token call.
Content-Type

application/json

The content of the request body must be in JSON format.

{
“client_id”: “{CLIENT_ID}”

“name”: “{NAME}” 

“{REDIRECT_URIS}
],
“email”: “{EMAIL}”
}

client_token

/css/restful/application/oauth/client_token

The method is used to obtain a client token, essential for querying users and preparing signatures to be performed by the signer. The request response includes the access_token, required to use other system resources, along with the token’s validity (expires_in), the token type (token_type – fixed as ‘Bearer’), and the desired lifetime for the generated token (lifetime in seconds), allowing secure and authorized interaction with other system resources.

Method: POST

The request response contains the following data:

Parameter Description
access_token Access token required to use other system resources
expires_in Token validity returned
token_type Token type, fixed value ‘Bearer’
lifetime Indicates the desired lifetime for the generated token. Integer, in seconds.

Error codes:

HTTP Code Description Suggested Action
401 (UNAUTHORIZED) Returned when the credentials passed are incorrect (client_id and/or client_secret) Remake the request ensuring that the credentials are correct.
500 (INTERNAL_SERVER_ERROR) Returned when there is an unexpected failure while processing the request.

Redo the request after reviewing it and ensuring that its format is as expected by the method.

If the error persists, contact Certillion support.

HEADERS

Content-Type

application/x-www-form-urlencoded

The body of the request when sent has the format of a query string separated by &.

BODY

{  
  “client_id”: "{CLIENT_ID}",
  “client_secret”: "{CLIENT_SECRET}",
  “grant_type”: "{GRANT_TYPE}",
  “lifetime”: "{LIFETIME}"
}

document (download)

/css/restful/application/oauth/document/{transaction}

This method of the Certillion API is used to download the signature in attached format. The transaction ID that was returned in the call must be informed in the call/signature in order to download the signed file.

If the operation is successful, the request returns a byte[].

Method: GET

HEADERS

Authorization Receives the value of the access_token that may have been generated by either the call 1.1 client_token and by the 2.2 token call.

Error codes:

HTTP Code Description Suggested Action
401 (UNAUTHORIZED) Returned when the Authorization field passed is wrong or expired. Remake the request ensuring that the Authorization is correct.
404 (NOT_FOUND)

Returned when:

– There is no transaction associated with the passed transaction id;

– The transaction ndoes not belong to the company that made the request;

 Remake the request ensuring that the transaction id passed is valid and that it is linked to a transaction of your company.
400 (BAD_REQUEST)

Returned when:

– There is no valid signature to perform the download;

– The signature pattern used in the transaction does not accept the download;

 Remake the request using another id transaction.
500 (INTERNAL_SERVER_ERROR) Returned when there is an unexpected failure while processing the request.

Redo the request after reviewing it to ensure that it complies with the method’s expectations.

If the error persists, contact Certillion support.

document (upload)

/css/restful/application/oauth/document

This method allows you to request the signing of a batch of documents to the Certillion API, first requiring the upload of all the files that make up the batch. When sending the files to the server, the call returns the status of the operation, including the code, name and details in the status field, in addition to the hash of the uploaded document.

If errors occur, such as problems reading the file, the server returns corresponding HTTP codes with specific descriptions, suggesting actions to correct the identified problems, such as ensuring the authorization is correct or reviewing and resending the request.

Method: POST

Parameters returned by the request:

Parameter Description
document_hash Base64 encoded string of the hash of the document
file Must receive as value the document or documents to be sent to the Certillion API for signature.
status Operation status, object containing the code, name and detail pairs.

Error codes:

HTTP Code Description Suggested Action
401 (UNAUTHORIZED) Returned when the passed Authorization field is wrong or expired. Redo the request ensuring that the authorization is correct.
400 (BAD_REQUEST) Returned when there is a problem reading the sent file. Redo the request ensuring that the file is not corrupted.
500 (INTERNAL_SERVER_ERROR) Returned when there is an unexpected failure in processing the request. Possibly caused by the failure to complete the authorization form or the attempt to upload an empty file.

Redo the request after reviewing it, ensuring that it complies with the method’s expectations.

If the error persists, contact Certillion support.

HEADERS

Accept application/json
Authorization Receives the value of the access_token that may have been generated by either the 1.1 client_token call or the 2.2 token call.
Content-Type

multipart/form-data

Allows the sending of large amounts of binary data, useful for sending large batches of files

BODY:

{

“file”: “{FILE}”

}

find-psc-accounts

/css/restful/application/oauth/find-psc-accounts

Certillion API method that finds PSC accounts by legal identifier, can be a CPF or CNPJ.

Method: POST

Description of the parameters present in the body of the request:

Parameter Description
client_id Token that identifies the application that wants to use the API (Provided by e-Sec)
client_secret Application secret token (Provided by e-Sec)
user_cpf_cnpj Must be filled in according to the search, CPF for CPF search and CNPJ for CNPJ search
val_cpf_cnpj CPF or CNPJ number to be searched

Error codes:

HTTP Code Description Suggested Action
401 (UNAUTHORIZED) Returned when the Authorization field passed is wrong or expired. Remake the request ensuring that the Authorization is correct.
400 (BAD_REQUEST) Returned when the val_cpf_cnpj field is not filled in. Redo the request after reviewing it, ensuring that it complies with the method’s expectations.
500 (INTERNAL_SERVER_ERROR) Returned when there is an unexpected failure in processing the request.  

method.

If the error persists, contact Certillion support.
504 (GATEWAY_TIMEOUT) Returned when there is a timeout in communication with the PSC. It may be caused by some unavailability or slowness on the part of the PSC. Wait a few minutes and redo the request.

HEADERS

Authorization Receives the value of the access_token generated by the 1.1 client_token call.

BODY

{
  “client_id”: "{CLIENT_ID}",
  “client_secret": "{CLIENT_SECRET}",
  “user_cpf_cnpj": "{CPF}",
  “val_cpf_cnpj": "{USERNAME}"
}

psc-info

/css/restful/application/oauth/psc-info

Certillion API method that allows querying the Certification Service Providers (PSC) accepted by Certillion. Users can obtain a complete list of the PSCs that the application recognizes and accepts for digital certification and authentication processes, ensuring that users can easily identify and use the digital certification services compatible with Certillion.

Method: GET

Parameter description:

Step Description
/psc-info Call that fetches all PSCs compatible with the Certillion API

otp_authorize

/css/restful/application/oauth/otp_authorize

Cer API Method Tillion for request the generation of a system access token based on the OTP for using the certificate provided by the Certillion application (available for MacOS, Windows, Linux, Android)and iOS).

Method: POST

Description of the parameters present in the request body:

Parameter Description
client_id Token that identifies the application that wants to use the API (Provided by e-Sec)
client_secret Application secret token (Provided by e-Sec)
lifetime Desired expiration time for the requested access token, in seconds. OTP code for using the certificate provided by the Certillion application
scope “signature_session”
user: name Recipient’s CPF or CNPJ

Error codes:

HTTP Code Description Suggested Action
401 (UNAUTHORIZED)

Returned when:

– The credentials passed are incorrect;

– There is no OTP for the user;

– The OTP passed is invalid.

 Redo the request ensuring that the OTP and authorization credentials are correct.
500 (INTERNAL_SERVER_ERROR) Returned when there is an unexpected failure in processing the request.

Redo the request after reviewing it ensuring that it is in accordance with what is expected by the method.

If the error persists, contact support. Certillion.

HEADERS

Content-Type

application/json

The body content of the request must be in JSON format.

BODY

{
  “client_id”: "{CLIENT_ID},
  “otp”: "{OTP}",
  “scope”: "{SCOPE}",
  “lifetime”: "{LIFETIME}"
}

pwd_authorize

/css/restful/application/oauth/pwd_authorize

Certillion API method that requests the generation of an access token to the system, it is not supported by all PSCs.

Method: POST

Description of the parameters present in the body of the request:

Available values: single_signature, multi_signature, signature_session

Parameter Description
client_id Token that identifies the application that wants to use the API (Provided by e-Sec)
client_secret Application secret token (Provided by e-Sec)
lifetime Desired validity time for the requested access token, in seconds
password OTP code of the recipient

psc_id

[optional]

 Requester identifier provided by PSC.

psc_secret

[optional]

 Applicant password to access PSC

psc</ span>

[optional]

 Name of the psc desired by the requester
scope
username CPF or Recipient’s CNPJ

Error codes:

HTTP Code Description Suggested Action< /b>
400 (BAD_REQUEST)

Returned when:

– The PSC you want to use is disabled;</ span>

– The signature pattern used in the transaction does not accept the download;

 Remake the request using another transaction ID.
401 (UNAUTHORIZED) Returned when the credentials passed are incorrect. Remake the request ensuring that the authorization credentials (both of the company and the user) are correct.
500 (INTERNAL_SERVER_ERROR) Returned when there is an unexpected failure in processing the request.

Redo the request after reviewing it, ensuring that it is in accordance with the method’s expectations.</span >

If the error persists, contact Certillion support.
501 (NOT_IMPLEMENTED) Returned when the pwd_authorize method is not supported by the PSC; Remake the request using another PSC.
504 (GATEWAY_TIMEOUT Returned when there is a timeout in communication with the PSC. It may be caused by some unavailability or slowness on the part of the PSC. Wait a few minutes and redo the request.< /td>

HEADERS

Content-Type

application/json

The content of the request body must be in JSON format.

BODY

{
  “client_id”: "{CLIENT_ID}", 
  “client_secret”: "{CLIENT_SECRET}",
  “username”: "{USERNAME}",
  “password”: "{PASSWORD}",
  “scope”: "{SCOPE} ",
  "lifetime":"{LIFETIME}",
  "psc": "{PSC}"
}

signature

/css/restful/application/oauth/signature

Certillion API method used to sign a batch of documents (one or more). This way the user can sign all the documents in a single step, providing your credentials only once. You must upload the files to be signed beforehand. This method is ideal for signing large documents in PDF (simple and PAdES), XML, DOC, and other formats.

Method: POST

Description of the parameters present in the body of the request. The values in bold are the default: signature_standard

Parameter Description

certificate_alias

[optional]

 Identifier of the certificate corresponding to the key used in the signature.</span >
detached true for detached or false for attached
hashes Hashes of documents previously uploaded to the Certillion server, each document has an id, an alias, a calculated hash, an [optional] hash_algorithm that defines the type of hash generation and, finally, [optional] signature_standard_options that defines more signature options (detailed in the table below)
pki_name ICP_BR
signature_policy AD-RB, AD-RT, AD-RV, AD-RC or AD-RA
PADES, PADES_ICP_BR, CADES or XADESj

Note: The signature_standard PADES does not require signature_policy.

signature_standard_options parameters:

Parameter Description
digest_method SHA1, SHA512, SHA256 (Default)
pdf_options Defines parameters: for signature visible on pdf.
xml_options Defines parameters for xml signature.

visible_signature_options parameters:

Parameter Description
distance_x

Position on the x-axis from the left margin.

Default: 0
distance_y

Position on the y-axis from the bottom margin.

Default: 0
height

Signature field height.

Default: 100
image_data Signature image encoded in Base64. If an image is not provided, the information passed in the image_zoom and image_position fields will be disregarded.
image_position

Position of the signature image on the PDF document page. Possible values: LEFT, RIGHT, TOP, BOTTOM, BACKGROUND

Default: LEFT
image_zoom

Increases or decreases the size of the signature image.

Default 1.0
page_number

The page on which the visual signature will be inserted.

Default: 1
position_on_page

Signature position on the page.

Possible values: TOP_LEFT, TOP_CENTER

< span style=”font-weight: 400;”>TOP_RIGHT, CENTER_LEFT, MIDDLE, CENTER_RIGHT, BOTTOM_LEFT, BOTTOM_CENTER, BOTTOM_RIGHT.

Default: TOP_LEFT
signature_field_name Name of the PDF field where the visible signature will be inserted. If this property is filled in, all fields above it in this table will be disregarded.
text Signature text. If this property is not filled in, all other properties in this table will be disregarded.
text_alignment

Alignment of the signature text.

Possible values: LEFT, RIGHT, CENTER.

Default: LEFT
text_font

Font that will be used in the signature text.

Possible values: HELVETICA, TIMES_ROMAN, COURIER.

Default: HELVETICA
text_font_size

Font size used in the text signature.

Default: 10
text_padding

Signature text padding.

Default: 0
visual_rotation

Signature rotation angle. Possible values: NONE, ROTATION_90 , ROTATION_180 , ROTATION_270

Default: NONE
width

Signature field width.

Default: 200

Signature parameters xml_options:

Parameter Description
add_key_val true/false – To add a key value.
add_subject_name true/false – To add a subject.
attribute_id_name ID attribute name, ex: id, Id or ID (mutually exclusive with elements_id
elements_id List of element IDs to be signed.
elements_name List of element names to be signed (used in conjunction with attribute_id_name)
multiple_signatures true/false – Indicates whether an additional transformation should be applied.
remove_signature_id true/false – Removes signature.

Parameters returned by the request:

Parameter Description
policy_id ID of the policy used in the signature
signatures Array containing the details of the signatures performed
signer_certificate Object containing the details of the certificate used in the signatures
signer_indentifier CPF or CNPJ of the signer
status Object containing the status code returned by the request, the name and details

Status codes error:

HTTP Code Error Code Description Suggested Action
401 (UNAUTHORIZED

249 (TOKEN_VALIDITY_INVALID)

250 (INVALID_ACCESS_TOKEN)

209 (BAD_AUTHENTICATION)

807 (INVALID_CREDENTIALS)

 Returned when the Authorization field passed is incorrect or expired. Remake the request ensuring that the Authorization is correct.
401 (UNAUTHORIZED) 218 (USERS_EXCEEDED_MAXIMUM_ALLOWED) Returned when the accesses contracted to the PSC in question have been exhausted. Check the status with the PSC of your account.
400 (BAD_REQUEST) 620 (CERTIFICATE_NOT_FOUND) Returned when there is no valid certificate to use for signing. Remake the request using a PSC that has a valid certificate.
400 (BAD_REQUEST) 711 (DOCUMENT_NOT_FOUND) Returned when the document was not found. Possibly caused by the document not having been uploaded previously. Reupload the document and redo the signature request.
400 (BAD_REQUEST) 713 (WRONG_DOCUMENT_TYPE)

Returned when the type of document sent does not match the requested signature standard

e.g.: XML document sent for a PAdES signature that requires PDF.

 Redo the request using the appropriate document type for the requested signature pattern.
400 (BAD_REQUEST) 600 (CERTIFICATE_INVALID) Returned when the certificate used is not supported by the signature policy or its chain is invalid.

Remake the request using a valid certificate for the requested policy.

obs: ICP-Br policies only accept ICP-Br certificates
400 (BAD_REQUEST) 702 (ERROR_ON_PREPARE_SIGNATURE) Returned when there is a problem with the document hash. Remake the request after checking if the hash of the document being passed as a parameter is correct
400 (BAD_REQUEST) 200 (REQUEST_MISSING_PARAM) Returned when any mandatory parameter is empty. Remake the request filling in the mandatory parameters.
500 (INTERNAL_SERVER_ERROR)

224

(ERROR_DURING_AUTHENTICATION)

 Returned when there is an unexpected failure while processing the request.

Redo the request after reviewing it to ensure that it is as expected by the method.

If the error persists, contact Certillion support.
504 (GATEWAY_TIMEOUT) 301 (TIMEOUT) Returned when there is a timeout in communication with the PSC. It may be caused by some unavailability or slowness on the part of the PSC. Wait a few minutes and redo the request.

Finally, it is worth noting that, in addition, for the document to be downloaded, it is necessary that the value of the transaction field be passed to the URL of the download request.

HEADERS

Authorization

{{token}}

Receives the value of the access_token that may have been generated by either call 1.1 client_token or call 2.2 token.
Content-Type

application/json

The content of the request body must be in JSON format. 

“signature_policy”: “SIGNATURE_POLICY”,
“pki_name”: “{PKI_NAME}”,
“detached”: {DETACHED},
“hashes”: [
{
“id”: “{ID}”,

“alias”: “{ALIAS}”,

“hash”: “{DOCUMENTO_HASH}”

}
]
}

token

/css/restful/application/oauth/token

Second stage of Oauth2. Request for an application to obtain an access token.

The code from step 1 is exchanged for an access token through a POST request to the URL /oauth/token. The response contains the access token, its expiration time, scope, authorized identification type, and possible associated HTTP error messages, thus providing the basis for secure authentication and authorization in a system, with optional support for different scopes of operation.

Method: POST

The parameters returned by the call are as follows:

Parameter Description
access_token Access token required to use other system resources
authorized_identification Value corresponding to the CPF or CNPJ associated with the certificate holder
authorized_identification_type Must contain “CPF” for individuals or “CNPJ” for legal entities
error Represents the error code. Possible values for the HTTP Status Code error parameter: invalid_request,invalid_grant,invalid_client,unsupported_grant_type,server_error
error_description Error description
error_uri URI of the documentation describing the error
expires_in Token validity returned
scope Available values: single_signature(Signs only 1 document), multi_signature(Signs more than 1 document), signature_session(Creates a signature session. During the period in which the session is open, all signatures will be made without requiring new authorization)

Below is an example of a response to a token request:

Error codes:

HTTP Code Error Description Suggested Action
400 (BAD_REQUEST) SERVER_ERROR

Returned when:

– The informed PSC is not valid;

– The informed PSC is disabled.

 Remake the request after reviewing it, ensuring that it is in accordance with what is expected by the method.
400 (BAD_REQUEST) INVALID_REQUEST The manager_secret parameter cannot be empty.

Remake the request by correctly filling in the code or manager_secret parameter.

If you do not have a callback URL registered, contact Certillion support.
400 (BAD_REQUEST) INVALID_GRANT

Returned when:

– The code parameter is wrong;

– The manager_id parameter is invalid;

– The company does not have a previously registered callback URL;

Remake the request by correctly filling in the code or manager_secret parameter.

If you do not have a registered callback URL, contact Certillion support.
400 (BAD_REQUEST) INVALID_REQUEST

Returned when:

– The manager_id, code or code_verifier parameter is empty;

– The PSC does not have a valid certificate to use in a signature;

Remake the request filling in the missing parameter.

If the PSC does not have a valid certificate, it will be necessary to contact the PSC to obtain a new certificate.
500 (INTERNAL_SERVER_ERROR) SERVER_ERROR Returned when there is an unexpected failure in processing the request, or when a mandatory parameter of the request is not sent.

Redo the request after reviewing it to ensure that it complies with the method’s expectations.

If the error persists, contact Certillion support.

HEADERS

Content-Type application/x-www-form-urlencoded

BODY< /span>

{
  “client_secret”: "{CLIENT_SECRET}",
  “client_id": "{CLIENT_ID}",
  “code”: "{CODE}",
  “ code_verifier": "{CODE_VERIFIER}",
  “grant_type”: "{GRANT_TYPE}",</span >
  “manager_id”: "{MANAGER_ID}",
   “manager_secret”: "{MANAGER_SECRET}",
"psc": "{PSC}"
}

In this Certillion API method, it is necessary to provide a code_verifier.

For example, for the Java platform, this information can be generated using the code below or, alternatively, an equivalent:

var crypto = require('crypto')
function base64URLEncode(str) {
   return str.toString('base64')
        .replace(/\+/g, '-')< br class="xliff-newline" />        .replace(/\//g, '_')
        .replace(/=/g, '');
}
var verifier = base64URLEncode(crypto.randomBytes(32));
console.log("verifier: " + verifier); 
function sha256(buffer) {
   return crypto.createHash('sha256').update(buffer).digest();
}
var challenge = base64URLEncode(sha256(verifier));
console.log("challenge: " + challenge);

token-command

/css/restful/application/oauth/token-command

Certillion API method that allows tokenization management (creation, status query and revocation).

Method: POST

Description of the parameters passed in the request body:

Parameter Description
lifetime Desired validity time for the requested access token
operation Operation to be passed to the server
PSC PSC on which you want to perform the operation , currently supports the following PSCs: VAULTID and BIRDID
scope Available values: single_signature, multi_signature, signature_session
user_id CNPJ of the applicant
user_secret Requester password

Error Codes

HTTP Code Error Code</b > Description Suggested Action
401 (UNAUTHORIZED)

250 (INVALID_ACCESS_TOKEN)

209 (BAD_AUTHENTICATION)

 Returned when the passed Authorization field is wrong or expired. Redo the request ensuring that the Authorization is correct.
401 (UNAUTHORIZED) 218 (USERS_EXCEEDED_MAXIMUM_ALLOWED) Returned when contracted accesses to the PSC in question have been exhausted. Check the status of your account with the PSC.
400 (BAD_REQUEST)

205

(REQUEST_BAD_DATA)

 Returned when there is a problem executing the token command. Remake the request after reviewing it to ensure that it complies with the method’s expectations.
500 (INTERNAL_SERVER_ERROR)

224

(ERROR_DURING_AUTHENTICATION)

 Returned when there is an unexpected failure in processing the request.

Remake the request after reviewing it, ensuring that it complies with the method’s expectations.

If the error persists, contact Certillion support.

HEADERS

newline” /> “operation”: “{OPERATION}”,
“psc”: “{PSC}”
}

Authorization

{{token}}

Receives the value of the access_token that may have been generated by either the 1.1 client_token call as for the 2.2 token call.
Content-Type

application/json

The content of the request body must be in JSON format.

</ td>

user-discovery

/css/restful/application/oauth/user-discovery

This Certillion API method performs a query on the Certillion API service to verify the existence of a certificate associated with a CPF or CNPJ.

Method: POST

Description of the request body parameters:

Parameter Description
client_id Token that identifies the application that wants to use the API (Provided by e-Sec)
client_secret Secret token of the application (Provided by e-Sec)
psc PSC for which you want to search for CPF/CNPJ, the supported PSCs are: VAULTID, BIRDID, REMOTEID, NEOID, SAFEID, VIDAAS
user_cpf_cnpj Must be filled in according to the search, CPF for Individual search and CNPJ for Legal Entity search
val_cpf_cnpj CPF or CNPJ number to be searched

Error codes:

HTTP Code Description Action Suggested
401 (UNAUTHORIZED) Returned when the authorization field passed is wrong or expired. Remake the request ensuring that the authorization is correct.
400 (BAD_REQUEST) Returned when the PSC is disabled or when an invalid PSC is used. Remake the request using a PSC valid.
500 (INTERNAL_SERVER_ERROR) Returned when there is an unexpected failure in processing the request. Possibly caused by the lack of completion of a mandatory parameter or its absence in the request.

Redo the request after reviewing it ensuring thatits format is as expected by the method.

If the error persists, contact Certillion support.

HEADERS

Content-Type

application/json

The content of the request body must be in JSON format.

BODY

{
  “client_id”: "{CLIENT_ID}",
  “client_secret": "{CLIENT_SECRET}",
  “user_cpf_cnpj": "{CPF}",
  “val_cpf_cnpj": "{USERNAME}",
  “psc": class="xliff-newline" />}

validate

/css/restful/application/signature/validate

This Certillion API method validates CAdES and PAdES signatures made by another system (the signatures returned by Certillion are always valid), including checks according to the ICP-Brasil and PKIX standards specifications. The validation is comprehensive, covering the certification chain, certificate revocation lists (CRLs) and online certificate status protocol (OCSP).

To validate a PDF signature, it is necessary to send the signed PDF file in the “signature” field (in base64) without the need to send content and document_hash. Alternatively, the hash of the PDF file that is saved on the server can be sent in the same “signature” field.

For attached signatures where the file is not a PDF, you must send the file in base64 in the “signature” field.

In the case of detached signatures, the signature must be in the “signature” field. In this call, the signed file can be in the content field (base64) or saved on the server and its hash sent in the “document_hash” field.

The header must contain the access token generated by the 1.1 client_token or 2.2 token calls, and the body must be in JSON format, containing the parameters required for validation.

Method: POST

Description of the parameters passed in the body of the request:

Parameter Description
content Receives the file in base 64 for the case of detached signature validation
document_hash Hash of the document to be validated
pki_name Public Key Infrastructure used in the API request, the default value of the field is ICP BR
signature In this field you must send the file to be validated in base 64 for attached files that are not PDF, the file in base 64 together with the hash for PDF files or the signature for detached files. In the case of PDF attached it is possible to send the file in base 64 without the need to send content and document_hash.

Error codes:

HTTP Code Error Code Description Suggested Action
401 (UNAUTHORIZED)

250 (INVALID_ACCESS_TOKEN)

209 (BAD_AUTHENTICATION)

 Returned when the Authorization field passed is incorrect or expired. Remake the request ensuring that the Authorization is correct.
401 (UNAUTHORIZED) 218 (USERS_EXCEEDED_MAXIMUM_ALLOWED) Returned when the contracted accesses to the PSC in question have been exhausted. Check the status of your account with the PSC.
400 (BAD_REQUEST)

205

(REQUEST_BAD_DATA)

Returned when:</p >

– The certificate chain is incomplete;

– The certificate chain is invalid;

– There is a cryptographic error in the signature;

– There is an error in the signature encoding;

– The algorithm used to perform the signature is not supported by Certillion;

– The file format is not supported;

– Signature verification failed;

– Signature policy verification failed;

 Review the submitted signature based on the returned error.
400 (BAD_REQUEST) 711 (DOCUMENT_NOT_FOUND) Returned when the Certillion API was unable to locate the original document to validate the signature. Send signature in attached format.
500 (INTERNAL_SERVER_ERROR)

205

(REQUEST_BAD_DATA)</ p>

 Returned when there is an unexpected failure in processing the request.

Redo the request after reviewing it, ensuring that it is in accordance with the method’s expectations.

If the error persists, contact Certillion support.

HEADERS

Authorization

{{token}}

Receives the value of the access_token that may have been generated by either the 1.1 client_token call or the 2.2 token call.
Content-Type

application/json

The content of the request body must be in JSON format.

BODY:

{
  “signature”: “{SIGNATURE}”,
  “content”: "{CONTENT}",
  “document_hash”: "{DOCUMENTO_HASH}",
  “pki_name ": "{PKI_NAME}"
}

Status codes returned by Certillion calls

Status codes error:

Name Code
REQUEST_OK 100 Request accepted by the receiver.
TRANSACTION_IN_PROGRESS 110 The message has been received and still being processed.
REGISTRATION_VALID 120 You are registered in the system.
CERTIFICATE_VALID 130 The certificate is valid.
CSR_VALID 131 The CSR is valid.
REVOCATION_ACCEPTED 132 The certificate is marked as revoked, then enduser will be informed.
SIGNATURE_VALID
USER_ACTIVE 150 User account ready for signature.
DEVICE_READY 151 Device ready for signature.
REQUEST_MISSING_PARAM 200 An argument in the request is missing: %S
REQUEST_WRONG_PARAM 201 Error among the arguments of the request.
REQUEST_WRONG_LENGTH
REQUEST_BAD_FORMAT 203
REQUEST_BAD_FORMAT 203 Cannot handle given MIME-Type or encoding style.
REQUEST_BAD_PROFILE 204 The AP requested a key type, key usage or signing policy that the MSS does not support.
REQUEST_BAD_DATA 205 The enduser’s mobile equipment cannot handle this kind of data.
REQUEST_DUPLICATED 206 The request or it’s parameters are duplicated.
ACCOUNT_NO_BANDWIDTH 210 Insufficient bandwidth left to carry out the transaction.
ACCOUNT_MAX_TRIES 211 Maximum number of tries exceeded.
ACCOUNT_NO_CREDIT 212 The user must pay for the certificate usage, but he’s out of credit.
ACCESS_NOT_AUTHORIZED 220 The AP is unknown or the authentication is wrong.
ACCESS_NO_HANDSHAKE 221 The MSS wants prior to negotiating with the AP the use of XML signatures in the messages.

< td>This additional service is unknown.</ tr>< td>425The new key is not acceptable.< td>Unique identifier already registered.< /tbody>

Name Code Description
ACCESS_NO_SPECIFIED 222 The authentication mechanism was not specified.
TRANSACTION_NOT_AUTHORIZED 223 The transaction was not authorized. The specific reason is informed in details.
NETWORK_ERROR 300 The MSS could not contact the enduser’s mobile equipment.
td>
This transaction is unknown. 310 This transaction is unknown.
IDENTIFIER_NOT_FOUND 311 This enduser is unknown.
SERVICE_NOT_FOUND 312
MOBILE_SIGNATURE_ERROR 320 Error during the signature process on the Mobile equipment.
MOBILE_CERTIFICATE_ERROR 321 Error during the certificate generation on the mobile equipment.
USER_CANCELED 400 The client has canceled the transaction.
MESSAGE_BAD_INTEGRITY 410 The integrity check failed.
MESSAGE_BAD_AUTHENTICATION 411 The authentication failed. td>
MESSAGE_BAD_ENCRYPTION 412 The decryption of the message failed.
MESSAGE_BAD_ENCODING 413 The message could not be decoded.
MESSAGE_EXPIRED 414 The message has expired.
MESSAGE_WRONG_VERSION 420</td > The version of the message is inappropriate for the receiver.
MESSAGE_MISSING_KEY 421 The receiver was expecting a symmetric key.
MESSAGE_UNEXPECTED_KEY 422 The receiver was not expecting a symmetric key.
MESSAGE_UNEXPECTED 423 This message is not supposed to be received at this time.
KEY_EXPIRED 424 The authentication key is expired.
KEY_REJECTED
MESSAGE_NOT_FOUND 430 This message doesn’t ‘t exists on the mobile equipment or has been deleted.
USER_NOT_FOUND 431 There’s no mobile user with this ID.
INTERNAL_ERROR 440 Internal Error.
SERVICE_CANT_ACTIVATE 450 This additional service cannot be activated to this mobile or this company.
SERVICE_CANT_USE 451 This additional service is not allowed or not supported.
SERVICE_WAS_ACTIVATED 452 This additional service was already activated.
PLATFORM_NOT_FOUND 500 This platform is unknown.
TOKEN_WRONG 501 The token is incorrect.
IDENTIFIER_INVALID 502 Unique identifier is invalid.
IDENTIFIER_DUPLICATED 503
CERTIFICATE_INVALID 600 The certificate is invalid, no further details.
CSR_INVALID 601 The CSR is invalid, no further details.
CRL_INVALID 602 The CRL is invalid, no further details.

< /tr>< td>605The certificate is expired.< tr>CARD_PIN_BLOCKED631The PIN of the smartcard has been blocked.< td>632The smartcard is blocked and can never be used anymore.< td>CERTIFICATE_DUPLICATED< td>The public key in this certificate is different from the public key contained in the CSR.

Name Code < b>Description
CERTIFICATE_MALFORMED 603 A X509 certificate could not be constructed.
CERTIFICATE_REVOKED 604 The certificate is revoked.
CERTIFICATE_EXPIRED
CERTIFICATE_NOT_IN_EFFECT 606 The current date precedes the one in the NOT_BEFORE field of the certificate.
CERTIFICATE_BLOCKED 607 The certificate is blocked or in one of the pending operation statuses.
CERTIFICATE_NOT_TRUSTED 608 The certificate was issued by an unknown or untrusted CA.
KEY_SIZE_INVALID 609 The certificate uses a key size that’s not supported.
CRL_UNAVAILABLE

610< /td>

 The CRL wasn’t available at the time it was tried to download.
CERTIFICATE_NOT_FOUND 620 No certificate has been found.
CHAIN_NOT_FOUND 621 Trust chain not found.
KEY_NOT_FOUND 622 The private key of this certificate has not been found.
CARD_ERROR 630 The smartcard found an error during the operation.
CARD_BLOCKED
CARD_NOT_PRESENT 633 The smartcard is not connected on the mobile equipment.
PIN_WRONG 640 The pin is wrong.
CERTIFICATE_CANT_REVOKE 650 This certificate cannot be revoked.
660 This certificate already exists in the server database and cannot be duplicated.
CERTIFICATE_WRONG_SUBJECT 661 The user isn’t the owner of the certificate.
KEY_MISMATCH 662
SIGNATURE_INVALID 700 The signature is not valid.
SIGNATURE_CANT_VALIDATE 701 Security parameters (certificate, policies, TSA) has a corruption or is wrong. td>
TEMPLATE_NOT_FOUND 710 The template does not exist.
Name Code Description
DOCUMENT_NOT_FOUND 711 The document can not be found on internal storage.
WRONG_DOCUMENT_HASH 712 The document downloaded on the url has another hash.
WRONG_DOCUMENT_TYPE 713 The document type doesn’t match the requested standard ( XML or PDF)
XMLDSIG_EMPTY_ELEMENT_LIST 720 Empty element list in XMLDSig
XMLDSIG_ELEMENTS_WITHOUT_ATRIBUTE_ID 721 Element tags without attribute id in XMLDSig
XMLDSIG_SAME_ID_FOR_MULTIPLE_ELEMENTS

722< /td>

 Same id in multiple elements in XMLDSig
XMLDSIG_NO_ELEMENT_FOUND 723 No element tag in XMLDSig
CONTRACT_NOT_FOUND 800 The contract could not be found.
DUPLICATED_ACCOUNT 801 User CPF already exists in this list
MAX_ACCOUNTS_REACHED 802 Contract reached max accounts available.
ACCOUNT_NOT_REGISTERED 803 Account is not registered in company contract.

 

Shopping Basket