Skip to content

Cybersign Sponsored Onboarding & Signing API (1.1.0)

API endpoints for Cybersign's sponsored user onboarding flow, including authentication, data enrichment, phone verification, KYC status check, document signing preparation (upload/download URLs), certificate management, and document signing.

Download OpenAPI description
openapi.json
openapi.yaml
Languages
Servers
Mock server

https://docs.cybersign.gt/_mock/openapi/

Production Server

https://api.cybersign.com/v1/

Authentication

Operations related to user signup initiation and login.

Operations

Register or Check User Existence

Request

Attempts to register a new user with the provided email. If the user already exists, it returns a 200 OK. If the user is successfully created, it returns a 201 Created. Both responses return the user's email.

Security
m2m_oauth
Bodyapplication/jsonrequired
emailstring(email)required

The email address for the user signup attempt.

Example: "user@company.com"
client_idstringrequired

The OAuth client_id of the company initiating the request.

Example: "aBcDeFgHiJkLmNoPqRsT"
curl -i -X POST \
  https://docs.cybersign.gt/_mock/openapi/auth/signup \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "user@company.com",
    "client_id": "aBcDeFgHiJkLmNoPqRsT"
  }'

Responses

User already exists. No action taken.

Bodyapplication/json
emailstring(email)required

The email address associated with the signup status.

Example: "user@company.com"
Response
application/json
{
  "email": "user@company.com"
}

Initiate Login (Send Email OTP)

Request

Initiates the login process for a given email by sending an OTP via email. Returns a session identifier required for the confirmation step. Responds with 200 OK even if the email is not registered to prevent user enumeration.

Security
m2m_oauth
Bodyapplication/jsonrequired
emailstring(email)required

The email address of the user attempting to log in.

Example: "user@company.com"
client_idstringrequired

The OAuth client_id of the company initiating the request.

Example: "aBcDeFgHiJkLmNoPqRsT"
curl -i -X POST \
  https://docs.cybersign.gt/_mock/openapi/auth/login \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "user@company.com",
    "client_id": "aBcDeFgHiJkLmNoPqRsT"
  }'

Responses

Login process initiated successfully (OTP sent or queued). Includes session details needed for confirmation. This response is returned even if the email is not registered.

Bodyapplication/json
emailstring(email)required

The email address for which the login was initiated.

Example: "user@company.com"
sessionstringrequired

A unique session identifier for this specific login attempt. Required for the /auth/login-confirmation step.

Example: "sess_abc123xyz789"
methodstringrequired

The method used for this login attempt.

Value"email"
user_idstringrequired

User id.

Example: "27c7e9af-b519-4bec-a9c1-c7fd51aad8b6"
Response
application/json
{
  "email": "user@company.com",
  "session": "sess_abc123xyz789",
  "method": "email",
  "user_id": "27c7e9af-b519-4bec-a9c1-c7fd51aad8b6"
}

Confirm Login (Verify Email OTP)

Request

Confirms the login attempt by verifying the provided email OTP against the session identifier returned by /auth/login. On success, returns standard OAuth2 tokens (for subsequent API calls) and onboarding status/details if applicable.

Security
m2m_oauth
Bodyapplication/jsonrequired
emailstring(email)required

The email address of the user confirming login.

Example: "user@company.com"
sessionstringrequired

The session challenge identifier returned by the /auth/login endpoint.

Example: "sess_abc123xyz789"
methodstringrequired

The confirmation method being used.

Value"email"
client_idstringrequired

The OAuth client_id of the company initiating the request.

Example: "aBcDeFgHiJkLmNoPqRsT"
otpstringrequired

The One-Time Password received by the user via email.

Example: "123456"
user_idstringrequired

User Id

Example: "aaaa-bbbb-xxxx-yyyy"
curl -i -X POST \
  https://docs.cybersign.gt/_mock/openapi/auth/login-confirmation \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "user@company.com",
    "session": "sess_abc123xyz789",
    "method": "email",
    "client_id": "aBcDeFgHiJkLmNoPqRsT",
    "otp": "123456",
    "user_id": "aaaa-bbbb-xxxx-yyyy"
  }'

Responses

Login successful. Returns authentication tokens and potentially onboarding information.

Bodyapplication/json
access_tokenstringrequired

The OAuth2.0 access token for making authenticated requests to non-auth endpoints.

Example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
expires_ininteger(int32)required

The lifetime in seconds of the access token.

Example: 3600
token_typestringrequired

Type of the token issued (e.g., "Bearer").

Example: "Bearer"
id_tokenstringrequired

A JWT containing identity information about the user.

Example: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
onboarding_stepstring or null

Identifier for the next onboarding step required, if any. Null or absent if onboarding is complete.

Example: "data_enrichment"
onboarding_process_ulidstring or null(ulid)

The unique ULID for the user's current onboarding process, if onboarding is not complete. Null or absent otherwise.

Example: "01ARZ3NDEKTSV4RRFFQ69G5FAV"
Response
application/json
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "token_type": "Bearer",
  "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "onboarding_step": "data_enrichment",
  "onboarding_process_ulid": "01ARZ3NDEKTSV4RRFFQ69G5FAV"
}

Onboarding

Operations related to the user onboarding process after initial login, including data submission, phone verification, and status checks.

Operations

Documents

Operations related to preparing documents for signing (upload/download) and performing the signature.

Operations

Certificates

Operations related to managing digital certificates.

Operations