Authentication API

Validate API keys and create signing sessions.

Base URL

https://api.securesign.toolsbots.com/v1

Authenticate with Authorization: Bearer ss_live_xxx or X-SecureSign-Api-Key.

POST /auth/validate

Validate API key and domain origin before signing.

curl -X POST https://api.securesign.toolsbots.com/v1/auth/validate \
  -H 'Authorization: Bearer ss_live_abc123xyz' \
  -H 'Content-Type: application/json' \
  -d '{"origin":"https://portal.example.gov.in","platform":"web"}'

const res = await fetch('https://api.securesign.toolsbots.com/v1/auth/validate', {
  method: 'POST',
  headers: { Authorization: 'Bearer ss_live_abc123xyz', 'Content-Type': 'application/json' },
  body: JSON.stringify({ origin: location.origin, platform: 'web' })
});

$response = Http::withToken('ss_live_abc123xyz')->post('https://api.securesign.toolsbots.com/v1/auth/validate', [
  'origin' => 'https://portal.example.gov.in',
  'platform' => 'web'
]);

requests.post('https://api.securesign.toolsbots.com/v1/auth/validate',
  headers={'Authorization': 'Bearer ss_live_abc123xyz'},
  json={'origin': 'https://portal.example.gov.in', 'platform': 'web'})

Response 200:

{"success":true,"tenantId":"org_9f2a","allowed":true,"rateLimit":{"rpm":120}}

POST /auth/session

Create a server-side signing session for multi-step portal workflows.

Request:

{"requestId":"a1b2c3d4","documentType":"hash","hashBase64":"qT6d3x8K...","callbackUrl":"https://portal.example.gov.in/callback"}

Response:

{"sessionId":"sess_7x9y","expiresAt":"2026-06-22T11:00:00Z","deepLink":"securesign://sign?..."}