# 3. Sign PDF Document

**Step 1. Obtain Access Token:**

The response URL obtained from the previous API call needs to be invoked in the browser to obtain the access token. The user needs to enter the qualified signing password during this step to obtain the access token.

<figure><img src="https://4217816688-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MekZ3RZxqIxNNSkEFZ1%2Fuploads%2F53Hy2uEJKeMcPtW9SIM7%2FScreenshot%202024-07-22%20100322.png?alt=media&#x26;token=7cc5681b-2700-493c-9a70-2d2c2d49b00c" alt=""><figcaption><p><mark style="color:green;">Sample response for obtaining access token</mark></p></figcaption></figure>

**Step 2. Invoking signing API**

<mark style="color:orange;">**`POST`**</mark> <mark style="color:orange;">**`http://localhost:8080/v2/signature/sign`**</mark>

Signing  API

#### Headers

| Name               | Value                                                            |
| ------------------ | ---------------------------------------------------------------- |
| Content-Type       | multipart/form-data                                              |
| X-SIGN-ACCESSTOKEN | 89777718e027d33dd23f8e4f560128c6cc632336870b58fd8daed86c0727a76a |

#### Body

| Name            | Value                            |
| --------------- | -------------------------------- |
| digestAlgorithm | SHA256                           |
| signIdentityId  | ckqtokgre4o5mrk4bajtk413ui       |
| txId            | 90ca005cfb4d4827b1247889166b72fe |

{% tabs %}
{% tab title="200: OK " %}
"<mark style="color:blue;">PK - Signed files in .zip format</mark>"
{% endtab %}

{% tab title="400: Bad Request " %}
" <mark style="color:blue;">Invalid request</mark>"
{% endtab %}
{% endtabs %}

Pass the access token as a part of header (X-SIGN-ACCESSTOKEN= Access Token) along with the signing identity and transaction id in the next API call as shown below.

<figure><img src="https://4217816688-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MekZ3RZxqIxNNSkEFZ1%2Fuploads%2FnPbn4v4PFUxxNiLy9KZA%2FScreenshot%202024-07-22%20101011.png?alt=media&#x26;token=8e7b7c94-fe87-44a9-84ac-9f2740fa3b11" alt=""><figcaption><p><mark style="color:green;">Sample postman request</mark></p></figcaption></figure>

**Sample Curl Command**

```
curl --location 'http://localhost:8080/v2/signature/sign' \
--header 'Content-Type: multipart/form-data' \
--header 'X-SIGN-ACCESSTOKEN: 89777718e027d33dd23f8e4f560128c6cc632336870b58fd8daed86c0727a76a' \
--form 'digestAlgorithm="SHA256"' \
--form 'signIdentityId="ckqtoskgre4o5mrk4bajtsk41r3ui"' \
--form 'txId="90ca005cfb4d4827b1247889166b72fe"'
```

**List of attributes for request body:**

| txId            | <p>Transaction id for signing request.</p><p><strong>Note</strong>: Transaction ID is valid for only 10 minutes and operation should end within the same period.</p> |
| --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| digestAlgorithm | <p>Entity can use one of the digest algorithms from below according to their requirement:</p><p>SHA256</p><p>SHA384</p><p>SHA512</p>                                 |
| signIdentityId  | User’s qualified certificate id                                                                                                                                      |