# Cybersign Sponsored Onboarding & Signing API API endpoints for Cybersign's sponsored user onboarding flow, including authentication, data enrichment, phone verification, KYC status check, document signing preparation (upload/download URLs), certificate management, and document signing. Version: 1.1.0 ## Servers Production Server ``` https://api.cybersign.com/v1 ``` ## Security ### m2m_oauth OAuth2 Client Credentials Grant (M2M) for company server-to-server authentication with Cybersign auth endpoints. Type: oauth2 ### user_bearer_auth Bearer token authentication using the JWT access_token obtained by the user during login confirmation. Used for accessing user-specific endpoints. Type: http Scheme: bearer Bearer Format: JWT ## Download OpenAPI description [Cybersign Sponsored Onboarding & Signing API](https://docs.cybersign.gt/_bundle/openapi.yaml) ## Authentication Operations related to user signup initiation and login. ### Register or Check User Existence - [POST /auth/signup](https://docs.cybersign.gt/openapi/authentication/authsignup.md): Attempts to register a new user with the provided email. If the user already exists, it returns a 200 OK. If the user is successfully created, it returns a 201 Created. Both responses return the user's email. ### Initiate Login (Send Email OTP) - [POST /auth/login](https://docs.cybersign.gt/openapi/authentication/authlogininitiate.md): Initiates the login process for a given email by sending an OTP via email. Returns a session identifier required for the confirmation step. Responds with 200 OK even if the email is not registered to prevent user enumeration. ### Confirm Login (Verify Email OTP) - [POST /auth/login-confirmation](https://docs.cybersign.gt/openapi/authentication/authloginconfirm.md): Confirms the login attempt by verifying the provided email OTP against the session identifier returned by /auth/login. On success, returns standard OAuth2 tokens (for subsequent API calls) and onboarding status/details if applicable. ## Onboarding Operations related to the user onboarding process after initial login, including data submission, phone verification, and status checks. ### Submit and Enrich Personal Data - [POST /onboarding/{onboarding_process_ulid}/data-enrichment](https://docs.cybersign.gt/openapi/onboarding/onboardingenrichdata.md): Submits user-provided personal data (DPI, phone, address) for a specific onboarding process. Cybersign enriches this data using government/external sources and returns the combined data for user review. Triggered when the company shows the initial info form to the end user. ### Request Phone Verification OTP - [POST /onboarding/{onboarding_process_ulid}/phone/send-otp](https://docs.cybersign.gt/openapi/onboarding/onboardingsendphoneotp.md): Requests an OTP to be sent via SMS to the phone number associated with the specified onboarding process (previously submitted via data-enrichment). Trigger this after the user confirms the enriched data presented by the Company. ### Confirm Phone Number via OTP - [POST /onboarding/{onboarding_process_ulid}/phone/confirm-otp](https://docs.cybersign.gt/openapi/onboarding/onboardingconfirmphoneotp.md): Submits the OTP received via SMS to verify the phone number associated with the onboarding process. On success, returns the URL for the next onboarding step (KYC/identity verification). ### Get KYC Verification Status - [GET /onboarding/{onboarding_process_ulid}/kyc-status](https://docs.cybersign.gt/openapi/onboarding/onboardinggetkycstatus.md): Retrieves the current status of the Know Your Customer (KYC) verification step for the specified onboarding process. Provides details on liveness, face match, and document checks based on the results from the identity verification provider. ## Documents Operations related to preparing documents for signing (upload/download) and performing the signature. ### Generate Pre-signed Upload URL - [POST /documents/upload-url](https://docs.cybersign.gt/openapi/documents/generatedocumentuploadurl.md): Generates a pre-signed URL suitable for uploading a document directly to Cybersign's secure storage (e.g., S3). The URL expiry depends on the selected file tier. ### Generate Pre-signed Download URL - [GET /documents/download-url](https://docs.cybersign.gt/openapi/documents/generatedocumentdownloadurl.md): Generates a pre-signed URL for securely downloading a previously signed document. The URL has a short expiry time (e.g., 5 minutes) and is single-use. ### Sign Uploaded Document - [POST /documents/{doc-ulid}/sign](https://docs.cybersign.gt/openapi/documents/signdocument.md): Applies a digital signature to a previously uploaded document using the specified user certificate and OTP verification. Supports visible and invisible signatures. ## Certificates Operations related to managing digital certificates. ### Get User Certificates - [GET /certificates](https://docs.cybersign.gt/openapi/certificates/getusercertificates.md): Retrieves a list of active and usable digital certificates associated with the authenticated user.