Signatu APIs are Open API compatible REST APIs.
API requests are authorized by OAuth 2.0 tokens. You can manage your API credentials in your Signatu account.
The APIs are specified in OpenAPI version 3. See OpenAPI development tools for additional information.
Authorizing with OAuth
All API requests must authorized with a valid API Key and a valid OAuth2 Bearer token.
Both your API Key and OAuth2 tokens are created user your account at https://signatu.com or using standard OAuth2 flows (see OAuth).
If you need help creating an access token please contact firstname.lastname@example.org.
Access tokens must be granted access to scope
Only requests to the
v0 version of the Consent API require the
x-api-key header. The API Key is used to identify your account and associated account limits. For the Data Processing and Webhook APIs
x-api-key header is not required as Signatu will find the account from the Authorization token.
Note that while
x-api-key is not used to authorize access to the API (see Authorization below) you should not distribute your API Key.
You can authorize HTTP requests using the
Authorization http header. The API expects
Bearer token, meaning that any client presenting the token is treated as authorized. You can create tokens in your Signatu account, or use standard OAuth2 Client Credentials Grant flow (see RFC 6749).
Authorization HTTP header is set. The token is a
Bearer token, meaning any client with the token available can access the Policies associated with the user account. The token should hence be kept secret.
$ curl https://api.signatu.com/consent/v0/consents \
-H 'Authorization: Bearer dqwoiuoi98324IUIUWECVOH' \
-H 'x-api-key: 12908347192749238798'
* Connected to localhost (api.signatu.com) (
> GET /consent/api/v0/... HTTP/1.1
> Host: signatu.com
> x-api-key: 12908347192749238798
> Authorization: Bearer dqwoiuoi98324IUIUWECVOH
URI references are all URIs on the format
scheme is according to the IANA specification.
encodeURIComponent(). For example,
https://foo.com is encoded
Signatu also uses a URN (RFC-1737) prefix
urn:signatu: to refer to resources. For HTML resources, such as Privacy Policies, these URN references are set on HTML elements using the