XML Signing

Full reference for XMLDSig signing and verification — enveloped, enveloping, and detached signatures for GST, e-invoice, and government XML.

All features supported

Every XML signing capability listed below is implemented and working on Mobile App and Desktop Software. XMLDSig follows W3C standards with CCA India certificate chains.

Overview

SecureSign signs XML documents using XML Digital Signature (XMLDSig). Supports enveloped signatures (signature inside the document), enveloping signatures (document inside signature), and detached signatures (signature separate from document).

Primary use cases: GST returns, e-invoice (IRN), MCA XML filings, custom government XML schemas.
Default hash algorithm: SHA256.
Canonicalization: Exclusive C14N (http://www.w3.org/2001/10/xml-exc-c14n#).

Platform Support

Feature	Mobile App	Desktop Software	REST API
XMLDSig Sign	Deep link	Deep link	POST /sign/xml
XMLDSig Verify	Supported	POST /verify/xml	POST /verify/xml
Enveloped Signature	Default	`signatureType: enveloped`	`signatureType: enveloped`
Enveloping Signature	Supported	`signatureType: enveloping`	`signatureType: enveloping`
Detached XML Signature	Supported	`signatureType: detached`	`signatureType: detached`
XML Validation	Verify endpoint	POST /verify/xml	POST /verify/xml
Certificate Extraction	Verify response	Verify response	Signer cert in response

Request Fields

Field	Type	Required	Description
`xmlBase64`	string	Yes*	Base64-encoded XML (*or `xmlContent` as UTF-8 string)
`xmlContent`	string	Yes*	Raw XML string (alternative to base64)
`signatureType`	string	No	`enveloped` (default), `enveloping`, or `detached`
`hashAlgo`	string	No	`SHA256` (default), `SHA384`, `SHA512`
`signatureId`	string	No	XMLDSig `Id` attribute (e.g. `SigFrst` for GST)
`referenceUri`	string	No	Reference URI for enveloped signing (e.g. empty string for whole document)
`certSerial`	string	No	Pre-select certificate
`callbackUrl`	string	REST only	Server callback URL

Signature Types

signatureType	Structure	Best for
`enveloped`	`<ds:Signature>` inside the XML document	GST, e-invoice, MCA filings
`enveloping`	Document embedded inside `<ds:Object>`	Standalone signature containers
`detached`	Signature returned separately from document	External signature storage

Examples

Enveloped — GST / e-invoice

const params = new URLSearchParams({
  requestId: crypto.randomUUID(),
  hashBase64: sha256Base64,
  hashAlgo: 'SHA256',
  documentType: 'xml',
  callbackUrl: 'https://portal.example.gov.in/sign/callback',
  apiKey: 'ss_live_abc123xyz'
});
window.location.href = `securesign://sign?${params}`;

curl -X POST https://api.securesign.toolsbots.com/v1/sign/xml \
  -H 'Authorization: Bearer ss_live_abc123xyz' \
  -H 'Content-Type: application/json' \
  -d '{"xmlContent":"<Invoice>...</Invoice>","signatureType":"enveloped","signatureId":"SigFrst","callbackUrl":"https://portal.example.gov.in/callback"}'

window.location.href = `securesign://sign/xml?requestId=${id}&xmlUrl=${encodeURIComponent(xmlUrl)}&signatureType=enveloped&callbackUrl=${callback}&apiKey=${apiKey}`;

Detached signature

securesign://sign?documentType=xml&amp;...
{
  "xmlBase64": "PD94bWwgdmVyc2lvbj0iMS4wIj8+...",
  "signatureType": "detached",
  "hashAlgo": "SHA256"
}

Response

Enveloped

{"success":true,"signedXml":"<Invoice>...<ds:Signature Id=\"SigFrst\">...</ds:Signature></Invoice>","digestValid":true,"signatureId":"SigFrst"}

Detached

{"success":true,"signatureXml":"<ds:Signature>...</ds:Signature>","originalXmlDigest":"a1b2c3..."}

Errors

Code	Cause	Resolution
`SS_XML_INVALID`	Malformed XML input	Validate XML well-formedness before signing
`SS_XML_SIGNATURE_EXISTS`	Document already contains signature with same Id	Use unique `signatureId`
`SS_SIGNATURE_TYPE_INVALID`	Unknown `signatureType`	Use enveloped, enveloping, or detached
`SS_CANONICALIZATION_FAILED`	C14N transform error	Check XML namespaces and encoding