Introduction
Let's discover Octosign White Label in less than 10 minutes.
How it Works for Users
- User clicks on "Start Signing" on your website/webapp.
- The desktop application for signing opens with the prepared document and prompts the user to sign it.
- User signs the document, the application closes and the website shows the result.
How it Works for Developers
- The link "Start Signing" contains a custom protocol - the URL is e.g.
signer://init?...params.... - The installed desktop application is a handler for the custom protocol.
- After the application lunches, it sends a GET request for the document.
- After the document is signed, it is sent back in a POST request.
Alternatively, the web application can also communicate with the desktop application using loopback. In that case, all data have to be prepared and handled on the client side.
Security
- Custom protocol is handled by the OS - nobody should be snooping on
open. - Communication between the desktop and server can be done exclusively over HTTPS with an optional SSL certificate pinning.
- Alternatively, the communication can be done via loopback.
- (TBD) HMAC should prevent replay attacks and MitM.