Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

To do any signing operation through the PDF Signing API, you first need to require an access token. This access token is then used to authenticate yourself. 

The client generates its own assertion by signing a JSON web token (JWT) that includes the Client ID. Nexus GO validates the assertion cryptographically with the public key specified in the setup, see Set up PDF Signing API in Nexus GO

Authentication step-by-step

  1. Generate an assertion. See below for more information. 
  2. The web application sends an authentication request to Nexus GO, including an assertion. 
    1. Nexus GO fetches the public key of the client and validates the assertion. 
    2. Nexus GO creates and returns an access token. 
      The access token must then be included in any other API operation, to authenticate the user. 

Assertion

The assertion must be in the format of a signed JWT, including the client ID that was used to set up Nexus GO PDF Signing. See Set up PDF Signing API in Nexus GO

Use these properties:

PropertiesValues
subClient ID, get this from the configuration in the Nexus GO portal.
kidName of the signing key. The matching public key must be available in the JWKS endpoint. See Set up PDF Signing API in Nexus GO
audhttps://go.nexusgroup.com
issClient issuer, can be any value.
iat

Issued at: The time at which the assertion was issued.

exp

Expiration time: The time at which the assertion expires.


Here is an example of an assertion: 

 Example: Assertion
Example: Assertion
{
  "typ": "JWT",
  "alg": "RS256",
  "kid": "ClientKeyRsa/53b562fc488e41e086a80aec9f352927" 
}
{
  "iss": "https://client.example.com",   
  "sub": "dbb442aa-56ca-4082-98e5-9211466f76db", 
  "aud": "https://go.nexusgroup.com", 
  "iat": 1529912520,
  "exp": 1529916120
}


Code example

To get the access token, use the method POST /auth

 Example: Require access token
Example: Require access token
POST /auth
{
  "assertion": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkNsaWVudEtleVJzYS81M2I1NjJmYzQ4OGU0MWUwODZhODBhZWM5ZjM1MjkyNyJ9.eyJpc3MiOiJodHRwczovL2RlbW8ta2V5dmF1bHQtY2xpZW50LmdvLm5leHVzZ3JvdXAuY29tIiwic3ViIjoiOWMzY2JmZDQtZjVjNi00MzE5LWI4YjYtNjk2ZTI3YjQ2NjRkIiwiYXVkIjoibmV4dXNnbyIsImlhdCI6MTUyODM4MTM2MCwiZXhwIjoxNTI4Mzg0NjYwfQ==.WH+I6L2TL3+wOb/3ximDaPA5Z4cdWW+kNW+HdBexllJ39/2ugKiMSHFOcnQ1eJ2sognal9Arf2raqtpFpGJYrLkcFyADwdjkF3PctK7kiP03+H8iQh9vpgpSQXc9T0n9oKbsjrKxdOhxbUPFFcJa43v9UEUDoEcWDGxl0gykKUivFZvm5eaWT+p+xh+b+pI22uYE1Qb3wBqCARm93vZJ6RD0lmJpR5jv+cftWP94Ig3Ti1l+XBxey817FpCGW7kvA8SEfK08tAziho4WsGMcJMj50+UUsxW47Wjmq6NXmAiBkFYMqdecEOBDIEVOy8gNcnqrT1WH7N4/uYXNVoEW9Q=="
}
Response:
{
	"access_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI5YzNjYmZkNC1mNWM2LTQzMTktYjhiNi02OTZlMjdiNDY2NGQiLCJ1c2VySW5mbyI6IntcInVzZXJJZFwiOlwiOWMzY2JmZDQtZjVjNi00MzE5LWI4YjYtNjk2ZTI3YjQ2NjRkXCIsXCJhY2NvdW50SWRcIjozODMsXCJhY2NvdW50SW5mb3NcIjpbe1wibmFtZVwiOlwiU21va2UgVGVzdCBJbmNcIixcImFjY291bnRJZFwiOjM4MyxcInNlcnZpY2VJbmZvc1wiOlt7XCJzZXJ2aWNlU3Vic2NyaXB0aW9uc1wiOlt7XCJzdWJzY3JpcHRpb25cIjpcIkJ1c2luZXNzXCJ9XSxcInJvbGVzXCI6W1wiQWRtaW5pc3RyYXRvclwiXSxcIm5hbWVcIjpcIkVudGVycHJpc2VTaWduaW5nXCJ9XSxcImF2YWlsYWJsZU1ldGhvZHNcIjpbXX1dLFwiaXNUZW1wVXNlclwiOmZhbHNlfSIsImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoiY2xpZW50Y2VydCIsInNlcnZpY2UiOiJFbnRlcnByaXNlU2lnbmluZyIsInJvbGVzIjpbIkFkbWluaXN0cmF0b3IiXSwiaXNzIjoiYXV0aHNlcnZpY2UiLCJzY29wZXMiOlsiSUQiXSwib25lVGltZVNjb3BlcyI6W10sImV4cCI6MTUyODM4Njg0MywiaWF0IjoxNTI4MzgzMjQzLCJqdGkiOiIzZmU5OWJhYi1hNjkzLTRiZTUtYTMxZS03ODA4OTNhZThhNWMifQ.Rm3qbeqQawLvnykj1Bt2m0EvpnezJclTI2yJ7nGNiXQYr5azLKzXlWeJZWGr_kzWuq-EBX0_HqbRaFh5QaNltAiLbWB1pBS3KPa6rwp8c8e1qdyxLcha3eNW29TK77JVdn3LpBVnuqbOB26dX4_GZhlRVE6NiC79_Heee_fc_8c",
	"expires_in": 3600
}

Related information

Links

  • No labels