Skip to main content
Create a signature session. Returns a QR code and session ID for the user to scan with their UIP app. Use this for quick signatures on lightweight agreements, terms of service, policies, and attestations.

Body Parameters

intent
string
required
Description of why you’re requesting a signature. Shown to the user in the UIP app.Example: "Sign Terms of Service" or "Acknowledge Privacy Policy"
signature_information
string
required
The content or description of what the user is signing. This is the actual agreement text or reference.Example: "I agree to the Terms of Service version 2.1" or "I acknowledge receipt of the employee handbook"

Example Request

curl -X POST https://api.uip.digital/v1/sign \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "intent": "Sign Terms of Service",
    "signature_information": "I agree to the Terms of Service version 2.1 dated January 11, 2025"
  }'

Response (200 OK)

{
  "session_id": "sess_1a2b3c4d5e6f",
  "expires_at": "2025-01-11T12:35:00Z",
  "qr_code": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAA..."
}
session_id
string
required
Unique identifier for this session. Use this to poll for results.
expires_at
string
required
ISO 8601 timestamp when the session expires (5 minutes from creation).
qr_code
string
required
Base64-encoded PNG data URI of the QR code. Display this to desktop users. The QR code encodes https://www.uip.id/{session_id}.

Implementation Flow

1

Create Session

Call POST /v1/sign with your intent and signature information
2

Display QR Code or Deep Link

Desktop: show the qr_code image. Mobile: show an “Open UIP” button linking to https://www.uip.id/{session_id}
3

Poll for Result

Call GET /v1/sign/:id every 2-3 seconds until status is completed or expired
4

Use Verified Signature

Extract audit_id and uip_id from the completed response. Save audit_id for compliance.
No webhooks needed. The Sign API uses simple polling. No redirect URIs, no code exchange.

Best Practices

Clear Intent

Always provide a clear, user-friendly intent message explaining what they’re signing

Specific Information

Include version numbers and dates in signature_information for legal clarity

Handle Expiration

Sessions expire after 5 minutes. Implement retry logic or allow users to generate a new code

Save Audit IDs

Always save the audit_id from completed responses for permanent proof and compliance

Common Use Cases

Request users to sign your TOS with biometric verification
{
  "intent": "Sign Terms of Service",
  "signature_information": "I agree to the Terms of Service version 2.1 dated January 11, 2025"
}
Get user consent for privacy policies with cryptographic proof
{
  "intent": "Acknowledge Privacy Policy",
  "signature_information": "I acknowledge and agree to the Privacy Policy updated January 2025"
}
Require employees to acknowledge receipt and understanding
{
  "intent": "Acknowledge Employee Handbook",
  "signature_information": "I confirm receipt of the 2025 Employee Handbook and agree to comply with all policies"
}
Get attestations for codes of conduct or ethical guidelines
{
  "intent": "Sign Code of Conduct",
  "signature_information": "I agree to follow the Company Code of Conduct effective January 2025"
}

Errors

See the Error Handling Guide for comprehensive error handling strategies. Possible error codes:
  • auth/missing-api-key - No API key provided in Authorization header
  • auth/invalid-api-key - Invalid API key
  • auth/revoked-api-key - API key has been revoked
  • auth/business-archived - Business account has been archived
  • request/invalid-payload - Request payload is invalid or missing required fields
  • payment/insufficient-funds - Insufficient account balance
  • resource/not-found - Session not found (GET endpoint)
  • internal/server-error - Failed to create or retrieve session