GetSigningUrlApiRequest
Properties
| Name |
Type |
Description |
Notes |
| returnUrl |
String |
The URL to redirect the signer to after they complete, decline, or time out of the signing ceremony. If not provided, the signer sees a default completion page. The redirect URL will have `?event=...&signerId=...` query parameters appended so your app can detect the outcome. |
[optional] [default to null] |
| expiresInMinutes |
Integer |
How long the signing URL remains valid, in minutes. Defaults to 5 minutes. Maximum 60 minutes. After expiry, generate a new URL by calling this endpoint again. |
[optional] [default to null] |
| allowedOrigins |
List |
Optional list of origins that are allowed to embed this specific signing URL in an iframe (CSP frame-ancestors). Each entry must be of the form `https://host[:port]` or `https://*.parent.example` for wildcard subdomains. http:// is allowed only for localhost. When provided, this overrides the tenant's default allowlist for THIS URL only. When omitted, the tenant default applies - typically more permissive. Up to 25 origins; max 200 chars each. Setting this is the highest-security option for embedded signing: per-token immutable, validated server-side, encoded into the HMAC-signed token payload. |
[optional] [default to null] |
| pingUrl |
String |
Optional HTTPS URL that the embedded ceremony pings on a timer to keep the user's session in your parent application alive while they sign. The ping is sent with `credentials: 'include'` and `mode: 'no-cors'` so the user's session cookie rides along; the iframe ignores the response (it cannot read it under no-cors). The ping URL's origin MUST match one of the resolved `AllowedOrigins` entries - this prevents the embedded ceremony from being used as a CSRF beachhead against arbitrary endpoints. If you supply a wildcard allowlist (e.g. `https://*.acme.com`), the ping URL host must match the wildcard pattern. |
[optional] [default to null] |
| pingFrequencySeconds |
Integer |
How often (in seconds) the ceremony pings the `PingUrl`. Clamped to `[60, 600]`. Defaults to 300 (5 minutes) when `PingUrl` is set and this is omitted. Ignored entirely when `PingUrl` is null. |
[optional] [default to null] |
| externalAuthMetadata |
ExternalAuthMetadataApiModel |
Optional integrator-asserted authentication metadata that flows through to the Certificate of Completion. Use this when your application has already authenticated the signer (e.g. SAML SSO, OIDC) and you want that fact recorded on the signing audit trail. The metadata is shown on the COC clearly labeled "asserted by integrator, not independently verified by eSign Launchpad." Re-captured into immutable columns at the signature event so post-signing edits cannot rewrite the evidence. |
[optional] [default to null] |
[Back to Model list] [Back to API list] [Back to README]
