Overview

SigningHub is LAWtrust’s digital signing workflow solution for high trust digital signatures. SigningHub’s digital signature protects documents (and Signers) against fraudulent and accidental changes in signed documents.

The system allows users to upload, configure, prepare and share documents with one another for electronic, digital signing and Advanced Electronic signing.

Document Owners and Signers can interact manually with SigningHub through the web front end or they can automate their signing workflows with the use of the SigningHub API.

More information on SigningHub.

Intended readership

This guide is intended for system developers with a working knowledge of REST APIs. The aim is to introduce developers to the two types of integration exposed by SigningHub:

  • Loose integration and

  • Tight integration.

For an in-depth discussion of each request, see the online documentation.

SigningHub sample code

  • The SigningHub workflow sample code can be found online: here.
  • 'How to' article that explains how to use the sample code can be found here.

Further reading

  • The full API documentation can be found online: here.

  • The SigningHub user guide can be found online: here.

Getting started

In order to start running the sample code provided in this document, the following is required:

  • A SigningHub Enterprise account in the LAWtrust testing environment.

  • The URL to the REST API.

  • A client ID.

  • A client secret.

  • A username and password.

  • Additional users to test with.

The required items can be obtained on request from LAWtrust: info@lawtrust.co.za, or access to the testing environment can be requested here.

Please note – LAWtrust’s environment is governed by the WebTrust standard and ISO 21188 and such access is only available on request.

Terms used in this article

Electronic signing

Electronic signatures are any marks made on a digital document by the Signer that indicates the signer agrees with the content of the document.

Documents signed with electronic signatures are not protected with cryptography and can therefore easily be disputed.

To increase trust in electronic signatures, SigningHub seals electronically signed documents with a timestamp to protect the document’s integrity and provide proof of the time of signing. A full audit trail and Workflow Evidence report is available.

Digital signing

Digital signatures are a subset of electronic signatures. The signed document is protected with Public Key Cryptography. A digital certificate that ties the real-life identity of the Signer to a digital identity is embedded in the document. Cryptography protects the document against change.

Advanced Electronic signatures

Advanced Electronic signatures are a subset of digital signatures that is governed by the South African Electronic Communications and Transactions Act 25 of 2002 (ECT Act).

The signing certificates used in Advanced Electronic Signatures can only be issued by accredited authentication providers that have been accredited by the SAAA. LAWtrust’s accreditation can be found here.

To see a full discussion on the differences between signatures see the LAWtrust article Wet signature vs Electronic signatures vs digital signatures.

Digital signing workflow

Digital signing is used interchangeable with electronic signing.

Actors

The sample code uses the following actors:

  • Users: Users refers to any person / system that uses SigningHub’s functionality. They can be Document Owners or Signers.

  • Document owner: Document owner is the user or application that started the signing workflow. The document owner may or may not be a Signer.

  • Signer: Signers are users that are part of the digital signing workflow and is required to electronically or digitally sign the document.

  • Meeting Host: A Meeting Host can log into SigningHub and allow a second Signer that does not have a SigningHub account to sign a document while the Meeting Host is logged into SigningHub.

SigningHub high-level architecture

SigningHub high level architecture.

SigningHub is hosted in the LAWtrust Trusted Hosting environment. SigningHub’s functionality is exposed to the internet via a REST API.

Modes of integration

Two modes of integration are supported:

  • Loose integration; and

  • Tight integration.

Each integration type is discussed below.

Loose integration

SigningHub loose integration.

The Loose integration mode allows Business Applications to send documents to SigningHub via the API. SigningHub’s workflow will then take over and get the document signed.

A basic digital signing process would work as follow:

  1. The Business Application sends the document to be digitally signed to SigningHub.

  2. SigningHub will send an email to the Signer to notify them that they have a document to sign.

  3. The Signer then logs into Signinghub and signs the document.

  4. The digitally signed document is returned to the Business Application for processing.

More information on loose integration can be found here.

 

Tight integration

SigningHub tight integration.

The business application uses SigningHub to provide document review and digital signature functionality. Users interact with the business web application and when they get to the point where a document requires approval, SigningHub is invoked to display the document within an iframe or the business application’s document displaying functionality.

The experience is seamless and the user is unaware that SigningHub functionality is used. The user can review the entire document and sign in the predefined location. Tight integration is suitable for ECM, CRM and ERP web applications or portals where a known user already interacts in a defined way. The user login information can be used by the business application to create and connect the user to their respective SigningHub account.  

The basic flow for tight integration:

  1. The document to be signed is generated by the Business Application.

  2. The Business Application notifies the Signer that they have a document to sign.

  3. The Signer logs in to the Business Application and indicate that they will sign the document.

  4. SigningHub’s functionality is leveraged to sign the document.

After the document has been digitally signed, the Business Application can process the document according to the application’s business rules.

More information on tight integration can be found here.