Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel3

The Sign’Stash Proxy allows 3 integration modes, some of which requiring specific configuration parameters.

The different modes are presented in order of capabilities which are cumulative, meaning that when using a particular mode, e.g. Hot-Folder Async Mode, it is still possible to use the previous ones, e.g. API Sync and Async Modes.

All specific configuration parameters will be presented in a dedicated section.

General Architecture

For global reference the Sign’Stash Proxy components are in gray background, the Sign’Stash SaaS is on a green background, and the blue background pertains to the client service components.

Execution Requirements

Docker engine 19+

For more inital setup installation please refer to Docker installation instructions.

Common Parameters

Regardless of the format chosen, the parameters described below are mandatory and transversal to all modes, and must be associated with the docker run command according to your requirements.

Parameter

Description

UID

Id suffix of the volume to attach to the container (e.g. _ssproxy).

PORT

Exposed port for public access (e.g. 8085).

MEMORY

Maximum memory that the docker can use (e.g. 4g).

IMAGE_ID

Id/Unique name of the docker image to execute (e.g. 07da08a1e977).

SAAS_DOMAIN

Domain of the Sign'Stash SaaS enviroment to invoke

(e.g.

:

).PROXY_HOSTNAME

einvoice-integration-client.rest.provider.proxy.hostname (optional)

Customer infrastructure proxy hostname.

PROXY_PORT

(by default not set)

einvoice-integration-client.rest.provider.proxy.port (optional)

Customer infrastructure proxy port. (by default not set)

Base instructions for Sign’Stash Proxy docker image execution

  1. Load the provided Sign’Stash Proxy image into your docker environment (official documentation in Docker Documentation)

    Code Block
    -- Import to docker from a local archive
    docker load --input /path/to/exampleimage.tar
  2. Please refer to the documentation for the desired Proxy mode in order to check how to start the docker image:

REST API Synchronous Mode

In this format, the response to a signature request is the detail of the signature operation which, when successful, means returning the signed documents.

Architecture

The Sign’Stash Proxy components are in gray background, the Sign’Stash SaaS is on a green background, and the blue background respects the client service.

Image Removed

Docker Command

Start the Sign’Stash Proxy service by setting the docker command according to the following format:

Code Block
languagebash
docker run -d --mount source=vol[UID],target=/tmp -p [PORT]:8080 --memory=[MEMORY] [IMAGE_ID] --einvoice-integration-client.service.domain=[SAAS_DOMAIN] --einvoice-integration-client.rest.provider.proxy.hostname=[PROXY_HOSTNAME] --einvoice-integration-client.rest.provider.proxy.port=[PROXY_PORT]

API Methods

The methods supporting this mode are:

Image RemovedImage Removed

Sequence diagram

Typical interactions between systems in this mode are presented in the following sequence diagram:

Image Removed

Response handling

General response handling overview:

Image Removed

REST API Asynchronous Mode

The asynchronous mode adds to the previous one the capacity of finishing the signature process in two steps. The first allows to start/register a new signature operation which returns an object containing the unique id, status and the host/port of the host that fulfilled the request.

Info

The host/port information is an essential aspect when there are multiple instances of the Sign’Stash Proxy running behind a load balancer or similar. There is no synchronization between the various instances of the Sign'Stash Proxy running and therefore each one keeps its own state (signature operations).

Additionally, the Sign’Stash Proxy exposes 2 methods that allow, informing the external reference used during the creation phase, to consult the status of the operation(s) and, once it is finished, to retrieve information about the signature process that includes all signed documents.

Info

Again, notice that according to your architecture, this new request must be made through the Sign’Stash instance that handled the initial request using the host/port obtained from it.

To enable this mode it is necessary to include parameters in addition to those of the SYNC mode.

Parameter

Description

HOST

Address of the host running the docker image (e.g. 192.168.1.1).

PATH_TO_WORK_FOLDER

Path to the working folder containing the configuration file (e.g. /path/to/work/folder).

Architecture

The Sign’Stash Proxy components are in gray background, the Sign’Stash SaaS is on a green background, and the blue background pertains to the client service components.

Image Removed

Configuration File

A new configuration file named 'client-services-config.json' must be created inside the [PATH_TO_WORK_FOLDER] according to the following structure:

  • [CLIENT_SERVICE_ID]: States the client service Id used to authenticate against the REST API (e.g. PRT.505767457-PRT.123654123-84dd8c).

  • [CLIENT_SERVICE_SECRET]: States the client service secret used to authenticate against the REST API (e.g. my_secret)

Code Block
{
  "[CLIENT_SERVICE_ID1]": {
    "secret": "[CLIENT_SERVICE_SECRET1]"
  },
  "[CLIENT_SERVICE_ID2]": {
    "secret": "[CLIENT_SERVICE_SECRET2]"
  }
  ...
}

Docker Command

Start the Sign’Stash Proxy service by defining the docker command according to the following format:

Code Blockdocker run -d --mount source=vol[UID],target=/tmp --mount type=bind,source=[PATH_TO_WORK_FOLDER],target=/home -p [PORT]:8080 --memory=[MEMORY] [IMAGE_ID] --server.host.port=[HOST]:[PORT] --einvoice-integration-client.service.domain=[SAAS_DOMAIN] --einvoice-integration-client.
Info

If you local environment uses a network proxy to reach external services, then the following parameters need to be added to the docker run command:

--einvoice-integration-client.rest.provider.proxy.hostname=[PROXY_HOSTNAME]

--einvoice-integration-client.rest.provider.proxy.port=[PROXY_PORT]

API Methods

The methods supporting this service mode are:

Image RemovedImage RemovedImage RemovedImage Removed

Sequence diagram

Typical interactions between systems in this mode are presented in the following sequence diagram:

Image Removed

Response handling

General response handling overview:

Image Removed

HOT-FOLDER Asynchronous Mode

Hot-folder mode adds to Async Mode the ability to process files directly from/to a set of configured input/output folders.

This mode requires, in addition to the configuration file created for the asynchronous mode, that 3 folders be added to the [PATH_TO_WORK_FOLDER] directory, in particular:

  • Input folder: It is the input interface with the client service and stores the documents to be signed.

  • Backup folder: Keeps a copy of each file processed. In case of success, only the original file is moved, otherwise, an text file with details of the error is attached.

  • Output folder: It is the output interface with the client service and stores the signed documents or a text file, named as the original file, with details about the error that occurred.

To enable this mode it is necessary to include the following parameter in addition to those of the ASYNC mode and then set it to TRUE.

Parameter

Description

HT_ENABLED

Turn on/off the hot folder mode (ex: TRUE|FALSE).

Architecture

The Sign’Stash Proxy components are in gray background, the Sign’Stash SaaS is in green background, and the blue background pertains to the client service components.

Image Removed

Configuration File

This mode requires to update the configuration file using the following parameters related with the additional folders created.

  • [INPUT_FOLDER_NAME]: States the relative path of the folder from which the files to be signed will be obtained (e.g. /inputFolder)

  • [BACKUP_FOLDER_NAME]: States the relative path of the folder to which the processed files will be secured (e.g. /backupFolder)

  • [OUTPUT_FOLDER_NAME]: States the relative path of the folder to which the signed files (or errors) will be saved (e.g. /outputFolder)

Code Block
{
  "[CLIENT_SERVICE_ID]": {
      "secret": "[CLIENT_SERVICE_SECRET]",
      "inputFolder": "[INPUT_FOLDER_NAME]",
      "backupFolder": "[BACKUP_FOLDER_NAME]",
      "outputFolder": "[OUTPUT_FOLDER_NAME]"
  }
  ...
}

Optionally, it is also possible to expand this configuration with information to enable visible signatures attributes for PDF documents, using:

  • [LOCATION_TYPE]: States which type of location strategy will be used to set the visible signature. Allowed values: SIGN_FIELD, COORDINATE, PLACEHOLDER.

  • [LOCATION_VALUE]: States the location value for the appropriate locationType defined (e.g. page=1,x=100,y=200).

  • [VISIBLE_TEXT_TEMPLATE_TYPE]: States the type of signature template to be used. Allowed values: ONE_OFF, SERVICE_CUSTOMIZATION.

  • [ONE_OFF_TEMPLATE_TEXT]: If templateType=ONE_OFF, then set the text value format to display (e.g. Digitally Signed by $certificate.getCommonName()).

Code Block
{
  "[CLIENT_SERVICE_ID]": {
      "secret": "[CLIENT_SERVICE_SECRET]",
      "inputFolder": "[INPUT_FOLDER_NAME]",
      "backupFolder": "[BACKUP_FOLDER_NAME]",
      "outputFolder": "[OUTPUT_FOLDER_NAME]",
      "padesVisibleSignature": {
          "locationType": "[LOCATION_TYPE]",
          "locationValue": "[LOCATION_VALUE]",
          "templateType": "[VISIBLE_TEXT_TEMPLATE_TYPE]",
          "oneOffTemplate": "[ONE_OFF_TEMPLATE_TEXT]"
       }
   }
  ...
}
Info

It is possible to find additional information about these parameters through the Swagger documentation exposed by the service’s REST API.

Docker Command

Start the service by defining the docker command according to the following format:

Code Block
docker run -d --mount

Synchronous mode example using a network proxy:

docker run -d --mount source=vol[UID],target=/tmp

--mount

type=bind,source=[PATH_TO_WORK_FOLDER],target=/home

-p

[PORT]:8080

--memory=[MEMORY]

[IMAGE_ID]

--server.host.port=[HOST]:[PORT]

--einvoice-integration-client.service.domain=[SAAS_DOMAIN

]

] --hot.folder.enabled=[HT_ENABLED] --einvoice-integration-client.rest.provider.proxy.hostname=[PROXY_HOSTNAME]

--einvoice-integration-client.rest.provider.proxy.port=[PROXY_PORT]

--hot.folder.enabled=[HT_ENABLED]
Sequence diagram

Typical interactions between systems in this mode are presented in the following sequence diagram:

Image Removed

Response handling

General response handling overview:

Image Removed

Swagger Documentation

In any of the described modes, after starting the service correctly, it should be possible to access the swagger documentation through the URL:

http://[HOST]:[PORT]/signstash/einvoice-integration-client-ws/swagger-ui/index.html

(For proxy versions older than v1.6+b88 the URL is http://[HOST]:[PORT]/signstash/einvoice-integration-client-ws/swagger-ui.html)