Guides

Getting started

Suggest Edits

Authentication

Before you can start using the API, you need API credentials. Credentials consist of a key ID and secret. They can be obtained by contacting your account manager. Credentials should be kept secret.

In order to authenticate you need to use your credentials to generate a JWT Bearer token. The JWT token has to be generated using the HS256 algorithm and your credentials. This JWT has to contain the following attributes: iat, nbf, exp in the payload, as well as the attribute kid in the header of the JWT. This kid attribute needs to contain the Key ID of your credentials.

The generated token needs to be passed via the HTTP Authorization header:

Authorization: Bearer GENERATED_TOKEN_HERE

There are many libraries available for different programming languages that can help you to generate a JWT. See the Libraries tab on jwt.io.

Example

Assuming we want to create a token that is valid for 60 seconds and we have received the following credentials:

Key ID: 3b438437-04a4-40bb-8389-54bb02766fba
Secret: AC4Etykn7jusGR5FwLDAtILtQbiQbTMKedP31szXg4WlSbjGEXyNMZ

We need to create a JWT with the following properties:

JWT Header

{
    "alg": "HS256",
    "typ": "JWT",
    "kid": "3b438437-04a4-40bb-8389-54bb02766fba"
}

JWT Payload

{
    "iat": 1546300800,
    "nbf": 1546300800,
    "exp": 1546300860
}
  • iat: the time when the token was generated
  • nbf: the time after which the token is valid, usually equal to iat
  • exp: the time when the token will expire

Make sure these are UNIX timestamps in seconds

This results in the following token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjNiNDM4NDM3LTA0YTQtNDBiYi04Mzg5LTU0YmIwMjc2NmZiYSJ9.eyJpYXQiOjE1NDYzMDA4MDAsIm5iZiI6MTU0NjMwMDgwMCwiZXhwIjoxNTQ2MzAwODYwfQ.bwqCUHS1d5d8guAPHDsdd9-a8oXxH1q45O0tDP1asTo

Add this token to the Authorization header in the API request.

Authorization: Bearer GENERATED_TOKEN_HERE

The jwt.io website provides a way to inspect or validate JWT tokens.

Seal a document

Every seal request requires one document. It is currently not possible to seal multiple documents at once. Only PDF documents up to 10MB are allowed.

Request

POST https://api.cm.com/seal/v1/seal

This is a multipart/form-data request where the file parameter is the key for the file to be uploaded. The reason parameter can also be provided in the request. If provided, the reason will be part of the certificate.

Request headers

Content-Type: multipart/form-data
Authorization: Bearer GENERATED_TOKEN_HERE

Example

curl -X POST \
  https://api.cm.com/seal/v1/seal \
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjNiNDM4NDM3LTA0YTQtNDBiYi04Mzg5LTU0YmIwMjc2NmZiYSJ9.eyJpYXQiOjE1NDYzMDA4MDAsIm5iZiI6MTU0NjMwMDgwMCwiZXhwIjoxNTQ2MzAwODYwfQ.bwqCUHS1d5d8guAPHDsdd9-a8oXxH1q45O0tDP1asTo' \
  -H 'content-type: multipart/form-data' \
  -F 'file=@/tmp/sample.pdf' \
  -F 'reason="Signed by CM.com at 2023-01-01 00:00:00"'

Response header

Content-Type: application/pdf
Content-Disposition: attachment; filename=sample.pdf

Response body

The response of this request contains the sealed PDF file content. This can be immediately downloaded as a file.

Updated over 1 year ago