Connecting your service (On-Premise)
- Ivo Rocha
- Antonio Filho
- Claudio Vicente (Unlicensed)
- Fernando Vicente
Sign’Stash Proxy Client provides a REST API to enable your client services a full integration.
Please make sure that you have executed the steps in the “Getting Started (On-Premise)” section in order to have a valid client service credential to consume Sign’Stash services.
Authentication
Sign’Stash API is protected with an OAuth2 authentication scheme with client_credentials flow.
For more information on this standard, please consult OAuth Client Credentials Flow.
The following diagram depict the typical flow that your client service needs to ensure to retrieve an access token to invoke Sign’Stash API (einvoice-integration-ws) through the Proxy Client API (einvoice-integration-client-ws).
Both the clientID and the client secret refer to the configurations of the Sign’Stash client service that you wish to connect to. Thus, clientID is the client service alias and client secret is the defined credentials to it.
Step | Alternative Scenario | Behaviour |
|---|---|---|
1 | OAuth authentication error | Basic credentials presented are invalid. New Basic Authentication must be requested by the client with the proper credentials. Please make sure that clientID is the service alias known in Sign’Stash, and client secret is the password that you have defined in Sign’Stash backoffice. |
6 | Sign’Stash authentication error | OAuth token is invalid. New OAuth token must be retrieved from OAuth server. |
Authentication example request:
curl -v -X POST https://staging.must.digital/oauth2/authorization-server/oauth/token -d "grant_type=client_credentials" -H "Authorization: Basic <base64 of client_id:client_secret>"Authentication example response:
{"access_token":"eyJhbG....cian84R9Q","token_type":"bearer","expires_in":86399,"scope":"read write","jti":"0e33b...a99a9d"}API Definition and Examples
The complete definition of the Sign’Stash Proxy Client API is available in:
Business API (Swagger):
Start the Sign’Stash Proxy service, whether in a docker image or fat jar version, and access the following endpoint with the necessary adaptations:
Authentication API (Swagger):
https://staging.must.digital/oauth2/authorization-server/swagger-ui/index.html
For proxy versions older than v1.6+b88 the URL is http://[HOST]:[PORT]/signstash/einvoice-integration-client-ws/swagger-ui.html
Service Endpoints
The following REST service endpoints are available for your integration:
Staging (for sandboxing and testing purposes) | Business API: https://your_proxy_client_service_location/signstash/einvoice-integration-client-ws Authentication API: https://staging.must.digital/oauth2/authorization-server |
Production | Business API: https://your_proxy_client_service_location/signstash/einvoice-integration-client-ws Authentication API: https://msignstash.multicert.com/oauth2/authorization-server |