Skip to main content
Version: 4.41

DSS API

Overview

The Redtrust DSS API provides a SOAP-based Digital Signature Service that allows you to create simple and advanced electronic signatures using centrally managed certificates and policy controls.

This API is intended for integrators and developers who need to:

  • Sign documents using certificates managed in Redtrust
  • Enforce organizational signing policies
  • Support advanced signature standards (XAdES, CAdES, PAdES)
  • Integrate signing capabilities into backend or enterprise systems

The service follows the OASIS Digital Signature Service (DSS) standard and selected extensions.

What you can do with the DSS API

At a high level, the DSS API supports three operations that map to the following service methods:

  1. GetAccessibleCertificates: Discover certificates available to a user or system
  2. SignHash: Sign a precomputed hash (PKCS#1)
  3. SignRequest: Sign a complete document using DSS-compliant requests

How the DSS signing flow works

A typical DSS signing flow looks like this:

  1. Authenticate to the DSS API
  2. Retrieve accessible certificates (optional but recommended)
  3. Build a signing request (hash-based or document-based)
  4. Send the request to the DSS endpoint
  5. Process the response, which includes the signature or signed document

The exact structure of the request depends on:

  • The document type (XML, PDF, CMS)
  • The desired signature level (BES, EPES, T, LTV, etc.)
  • The signature mode (enveloped, enveloping, detached)
  • The signature profile configured in Redtrust

Authentication options

The DSS API supports multiple authentication mechanisms:

  • Username and password (WS-Security UsernameToken)
  • TLS client certificate authentication
  • JSON Web Token (JWT) authentication generated by Redtrust

Each authentication method uses a different service endpoint. Details and examples are provided in the authentication reference section.

Document types and signature standards

The DSS API supports the following signature standards:

  • XAdES for XML documents
  • CAdES for CMS-based content
  • PAdES for PDF documents

Each standard supports specific signature modes and levels. These capabilities are defined partly by the DSS protocol and partly by the signature profile configuration in Redtrust.

Next steps