eSigner Document Signing Gateway Guide

The eSigner document signing gateway API distributes as a docker image and installs on the customer’s premise. It performs the following actions:

  • The application sends the unsigned PDF document to the document signing gateway API
  • The document signing gateway application computes the PDF hash and sends to the eSigner CSC API for hash signing
  • The signed hash is then embedded inside the PDF document as part of the PDF document signing operation
  • The signed PDF document is timestamped using TSA
  • The CRL-based revocation of the certificate chain is fetched and embedded inside the PDF document to make it LTV enabled



URL:- /v1/pdf/eseal A valid access token is required to access the API. A guide on how to retrieve the Access Token can be found on this article: Remote Document Signing with eSigner CSC API
    "credential_id": "db1653b7-6135-4a10-809b-e29a25d3bb7b",
    "page_number": 0,
    "signing_reason": "",
    "signing_location": "",
    "contact_Info": "",
      "x": 160,
      "height": 150  
    "hand_signature": "<HAND_SIGNATURE_IMAGE>",
    "pdf": ""


  • credential_id – Mandatory credential ID of the eSeal certificate. To know how to identify the credential ID of your certificate, please refer to this guide:
  • page_number – Only required for visible signatures. It starts with 0
  • signing_reason – Optional signing reason
  • signing_location – Optional signing location
  • contact_info – Optional contact information
  • sig_field_position – x, y, width and height of the signature field position. It is only required for visible signatures
  • hand_signature – Base64 encoded PNG hand signature image. It is only required for visible signatures and to add hand signature as part of signature appearance
  • pdf – Base64 encoded PDF document to sign


     "signed_pdf": ""
  • signed_pdf – Base64 encoded signed LTV enabled PDF document

Installation Instructions

  1. Unzip the document signing gateway release
  2. Open the files and change accordingly
    # For sandbox testing, set the CSR URL to and for production set it to
    # URL of the TSA
    # Port in docker container
    # TLS server certificate settings. One can use self signed certificate or private PKI or public PKI certificate
    server.ssl.key-store: ./server.jks
    server.ssl.key-password: secret
    server.ssl.key-store-password: secret
  3. Open the Dockerfile
    FROM eclipse-temurin:17.0.9_9-jdk-jammy
    # Port on which document signing gateway will be running. This must be same as in file
    EXPOSE 8081
    WORKDIR /app
    COPY document_signing_gateway-1.0.0.jar /app/
    COPY /app/
    COPY server.jks /app/
    COPY GoNotoKurrent.ttf /app/
    ENTRYPOINT ["java", "-Dspring.config.location=file:/app/", "-jar", "document_signing_gateway-1.0.0.jar"]
  4. Install Docker Engine on your machine. Afterward, build the docker image using the following command:
    docker build -t document_signing_gateway:1.0.0 .
  5. Run the container using the following command. It also creates volume for docker signing gateway API log file and port mapping as well.
    docker run -it -p 8081:8081 -v document_signing_gateway_logs:/logs document_signing_gateway:1.0.0
  6. Access the document signing gateway API using an application or POSTMAN tool.

Subscribe To’s Newsletter

Don’t miss new articles and updates from

Stay Informed and Secure is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.