Onsite Integration
The Onsite integration mode is the primary integration path for QES. In this mode, Shufti hosts the complete verification and signing journey. The Merchant initiates a session via the API and receives a hosted verification URL. The end user completes identity proofing and document signing within the Shufti-hosted flow, with no additional data collection required on the Merchant's side.
Document Signing Approaches
Shufti supports two approaches for QES document signing. In both cases, the qualified signature is applied to a SHA-256 hash of the document. The difference is who computes the hash and where the document resides during signing.
- Document Upload (Shufti computes the hash): The Merchant provides the document as a PDF via
qes.proofs. Shufti computes the SHA-256 hash, manages the signing process, and returns the signed document with an embedded QES. Use this method when the Merchant wants Shufti to handle the full signing lifecycle, including document custody, hash computation, and signed document return. - Hash Submission (Merchant computes the hash): The Merchant computes the SHA-256 hash of each document and submits only the hashes via
qes.hashes. No document content is uploaded to Shufti. A detached qualified signature (PKCS#7) is returned for each hash, which the Merchant attaches to the original document in their own environment. In this approach, the document never leaves the Merchant's environment. Use this method when the original documents must remain within the Merchant's environment due to data residency, confidentiality, or contractual requirements. Also use when document size or volume makes full document upload impractical.
Validation: qes.proofs and qes.hashes are mutually exclusive. Submitting both in the same request returns a validation error. Each hash in qes.hashes must be a valid SHA-256 hex string (64 characters, lowercase).
Status updates are delivered to the Merchant's registered callback URL in real time as the session progresses through each stage.
| Attribute | Detail |
|---|---|
| Base URL | https://api.shuftipro.com/ |
| Method | POST |
| Content-Type | application/json |
| Authorization | Basic Auth (Base64-encoded Client ID: Secret Key) |
| Response format | JSON |
| Session delivery | Hosted URL returned on request creation |
| Status delivery | Callback (webhook) to Merchant-registered URL |
QES does not support Offsite integration. Only the Onsite flow is available.
Request Parameters
The parameters mentioned below are specific to the qes service and the top-level parameters that govern how the signatory's identity is proved. When the qes object is present, the signatory's identity must be verified through one of the supported flows — either the document and face services together, or the ekyc service.
| Parameters | Description |
|---|---|
| qes.proofs | Required: Yes (when qes.hashes is not provided) Type: Array of objects Minimum: 1 document Maximum: 20 documents Array of base64-encoded PDF documents to be signed. Each entry must include a filename and the base64-encoded data. Shufti computes the SHA-256 hash, manages the signing process, and returns the signed PDF with an embedded QES. Mutually exclusive with qes.hashes. |
| qes.proofs.*.filename | Required: Yes (within each qes.proofs entry) Type: string Maximum: 255 characters Filename of the document. Surfaced to the signatory in the hosted flow and returned alongside the signed output. |
| qes.proofs.*.data | Required: Yes (within each qes.proofs entry) Type: string Format: PDF only Maximum: 14MB Provide a valid BASE64-encoded PDF string. May be prefixed with the data:application/pdf;base64, data URI scheme. |
| qes.hashes | Required: Yes (when qes.proofs is not provided) Type: Array of strings Format: SHA-256 hex (64 hex characters) Minimum: 1 hash Maximum: 20 hashes Array of SHA-256 hex strings (64 characters each). Use this field for the hash approach, where the Merchant retains custody of the source documents and never uploads them to Shufti. The signatory signs the hash list directly and Shufti returns a detached CAdES (PKCS#7) qualified signature per hash. Mutually exclusive with qes.proofs. |
| qes.phone_number | Required: No Type: string Minimum: 6 characters Maximum: 64 characters Format: +[digits] Phone number of the signatory, including the country code prefixed with +. |
| regulatory_compliance_methods | Required: Yes Type: Object Minimum keys: 2 Must contain at least 2 of the sub-fields below, and at least one of nfc_service_requested, standered_face_service_requested, or eidv_service_requested must be 1. |
| regulatory_compliance_methods.standered_face_service_requested | Required: No Type: string Accepted Values: 0, 1 When set to 1, the signatory is verified using the standard Document + Face flow. In this case the top-level document and face services are required. |
| regulatory_compliance_methods.nfc_service_requested | Required: No Type: string Accepted Values: 0, 1 When set to 1, the signatory is verified by reading the NFC chip of their e-passport or eID document. In this case the top-level document and face services are required. |
| regulatory_compliance_methods.eidv_service_requested | Required: No Type: string Accepted Values: 0, 1 When set to 1 (and the other two methods are 0), the signatory is verified through an electronic identity verification provider. In this case the top-level ekyc service is required and document / face are prohibited. |
| allow_retry | Required: Yes Type: string Accepted Values: 1 Must be set to 1 so the user can retry failed steps. |
| show_ocr_form | Required: Yes Type: string Accepted Values: 1 Must be set to 1 so the OCR form is displayed to the user. |
| allow_online | Required: Yes Type: string Accepted Values: 1 Must be set to 1. The signatory completes the verification through the live Shufti-hosted journey. |
| allow_offline | Required: Yes Type: string Accepted Values: 0 Must be set to 0. Offline submission is not supported in this flow. |
| verification_mode | Required: No Type: string Accepted Values: any When regulatory_compliance_methods is present, verification_mode is restricted to the value any. Other modes (image_only, video_only) are not allowed. |
| is_baseline_loip | Required: Yes Type: string Accepted Values: 1 Must be set to 1. Performs the verification against the baseline level of identity proofing. |
| show_results | Required: Yes Type: string Accepted Values: 1 Must be set to 1. Displays the verification result screen to the signatory at the end of the hosted flow. |
| decline_on_single_step | Required: No Type: string Accepted Values: 0, 1 When set to 1, the verification is declined as soon as any single step fails instead of allowing the user to continue with the remaining steps. |
| email_verify | Required: Yes Type: Object The signatory's email is verified as part of the QES flow. Pass the signatory's email under email_verify.email. |
| face.document_in_hand_verification | Required: Yes (when standered_face_service_requested is 1) Type: string Accepted Values: 1 Must be set to 1 for the Standard Document + Face flow so the signatory is prompted to hold the document in hand during the face capture. |
| document.supported_types | Required: Yes Type: Array Accepted Values (when nfc_service_requested or standered_face_service_requested is 1): id_card, passport only. Other types (driving_license, credit_or_debit_card, etc.) are rejected in this flow. |
| document.name | Required: Yes (when nfc_service_requested or standered_face_service_requested is 1) Type: Object The name object key must be present in the payload. Its values may be empty — the canonical values are extracted from the document during the hosted flow. |
| document.name.fuzzy_match | Required: Yes (when nfc_service_requested or standered_face_service_requested is 1) Type: string Accepted Values: 1 Must be set to 1 in the NFC and Standard Document + Face flows. |
| document.document_number | Required: Yes (when nfc_service_requested or standered_face_service_requested is 1) Type: string The document_number key must be present in the payload. Its value may be empty — the canonical document number is extracted from the document during the hosted flow. |
| document.dob | Required: Yes (when nfc_service_requested or standered_face_service_requested is 1) Type: string The dob key must be present in the payload. Its value may be empty — the canonical date of birth is extracted from the document during the hosted flow. |
| document.issue_date | Required: Yes (when nfc_service_requested or standered_face_service_requested is 1) Type: string The issue_date key must be present in the payload. Its value may be empty — the canonical issue date is extracted from the document during the hosted flow. |
| document.expiry_date | Required: Yes (when nfc_service_requested or standered_face_service_requested is 1) Type: string The expiry_date key must be present in the payload. Its value may be empty — the canonical expiry date is extracted from the document during the hosted flow. |
| document.backside_proof_required | Required: Yes (when nfc_service_requested or standered_face_service_requested is 1) Type: string Accepted Values: 1 Must be set to 1 so both sides of the document are captured during the hosted flow. |
| ekyc.eidv_countries | Required: Yes (when eidv_service_requested is 1) Type: Array of objects One or more country entries. Each entry must include a code (ISO 3166-1 alpha-2) and a verification_approach. Multiple countries may be passed in a single request; the signatory selects from the offered list in the hosted flow. |
| ekyc.eidv_countries.*.code | Required: Yes (within each eidv_countries entry) Type: string Format: ISO 3166-1 alpha-2 (e.g. NO, GB, DE). The country whose data source is used for eIDV. |
| ekyc.eidv_countries.*.verification_approach | Required: Yes (within each eidv_countries entry, when eidv_service_requested is 1) Type: string Accepted Values: active The country's per-source verification approach. For the QES eIDV flow this is set to active. |
| ekyc.eidv_verification_type | Required: Yes (when eidv_service_requested is 1) Type: string Accepted Values: active The eIDV verification type for the QES eIDV flow. Set to active. |
When nfc_service_requested or standered_face_service_requested is 1, the proof fields face.proof, document.proof, and document.additional_proof are prohibited — the signatory submits these proofs through the Shufti onsite flow rather than in the API payload.
Cross-service requirement: When the qes object is present, both the document and face services are required — unless the ekyc service is also sent, in which case ekyc (eIDV) substitutes for document and face.
QES with Standard Document and Face Verification
{
"reference": "ABCDEF",
"allow_retry": "1",
"show_ocr_form": "1",
"allow_online": "1",
"allow_offline": "0",
"verification_mode": "any",
"is_baseline_loip": "1",
"show_results": "1",
"decline_on_single_step": "0",
"regulatory_compliance_methods": {
"standered_face_service_requested": "1",
"nfc_service_requested": "0",
"eidv_service_requested": "0"
},
"qes": {
"proofs": [
{
"filename": "agreement.pdf",
"data": "data:application/pdf;base64,JVBERi0xLjQKJeLjz9MKMSAwIG9iago8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFI+PgplbmRvYmoKMiAwIG9iago8PC9UeXBlL1BhZ2VzL0NvdW50IDEvS2lkc1szIDAgUl0+PgplbmRvYmoKMyAwIG9iago8PC9UeXBlL1BhZ2UvUGFyZW50IDIgMCBSL01lZGlhQm94WzAgMCA2MTIgNzkyXT4+CmVuZG9iagolJUVPRgo="
}
],
"phone_number": "+123456789"
},
"email_verify": {
"email": "[email protected]"
},
"document": {
"proof": "",
"additional_proof": "",
"supported_types": ["id_card", "passport"],
"backside_proof_required": "1",
"name": {
"first_name": "",
"middle_name": "",
"last_name": "",
"fuzzy_match": "1"
},
"document_number": "",
"dob": "",
"issue_date": "",
"expiry_date": ""
},
"face": {
"proof": "",
"check_duplicate_request": "0",
"document_in_hand_verification": "1"
}
}
QES with NFC Document and Face Verification
{
"reference": "ABCDEF",
"allow_retry": "1",
"show_ocr_form": "1",
"allow_online": "1",
"allow_offline": "0",
"verification_mode": "any",
"is_baseline_loip": "1",
"show_results": "1",
"decline_on_single_step": "0",
"regulatory_compliance_methods": {
"nfc_service_requested": "1",
"standered_face_service_requested": "0",
"eidv_service_requested": "0"
},
"qes": {
"proofs": [
{
"filename": "agreement.pdf",
"data": "data:application/pdf;base64,JVBERi0xLjQKJeLjz9MKMSAwIG9iago8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFI+PgplbmRvYmoKMiAwIG9iago8PC9UeXBlL1BhZ2VzL0NvdW50IDEvS2lkc1szIDAgUl0+PgplbmRvYmoKMyAwIG9iago8PC9UeXBlL1BhZ2UvUGFyZW50IDIgMCBSL01lZGlhQm94WzAgMCA2MTIgNzkyXT4+CmVuZG9iagolJUVPRgo="
}
],
"phone_number": "+123456789"
},
"email_verify": {
"email": "[email protected]"
},
"document": {
"proof": "",
"additional_proof": "",
"supported_types": ["passport", "id_card"],
"backside_proof_required": "1",
"name": {
"first_name": "",
"middle_name": "",
"last_name": "",
"fuzzy_match": "1"
},
"document_number": "",
"dob": "",
"issue_date": "",
"expiry_date": ""
},
"face": {
"proof": "",
"check_duplicate_request": "0"
}
}
QES with Active eID-Based Verification
{
"reference": "ABCDEF",
"allow_retry": "1",
"show_ocr_form": "1",
"allow_online": "1",
"allow_offline": "0",
"verification_mode": "any",
"is_baseline_loip": "1",
"show_results": "1",
"decline_on_single_step": "0",
"regulatory_compliance_methods": {
"eidv_service_requested": "1",
"standered_face_service_requested": "0",
"nfc_service_requested": "0"
},
"qes": {
"proofs": [
{
"filename": "agreement.pdf",
"data": "data:application/pdf;base64,JVBERi0xLjQKJeLjz9MKMSAwIG9iago8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFI+PgplbmRvYmoKMiAwIG9iago8PC9UeXBlL1BhZ2VzL0NvdW50IDEvS2lkc1szIDAgUl0+PgplbmRvYmoKMyAwIG9iago8PC9UeXBlL1BhZ2UvUGFyZW50IDIgMCBSL01lZGlhQm94WzAgMCA2MTIgNzkyXT4+CmVuZG9iagolJUVPRgo="
}
],
"phone_number": "+123456789"
},
"email_verify": {
"email": "[email protected]"
},
"ekyc": {
"eidv_verification_type": "active",
"eidv_countries": [
{ "code": "NO", "verification_approach": "active" },
{ "code": "SE", "verification_approach": "active" },
{ "code": "DK", "verification_approach": "active" }
]
}
}
Document Upload Status Response
For Document Upload requests across all three identity-proofing flows (Standard Document and Face, NFC, and Active eID), the /status response returns the signed PDF(s) under proofs.qes[] as {name, url} pairs, and the qualified certificate metadata under verification_data.qes (signer name, certificate issuer, serial number, validity window, and aggregate_status for the batch).
| Field | Type | Description |
|---|---|---|
proofs.qes[].name | String | Original filename of the document submitted via qes.proofs. |
proofs.qes[].url | String | URL to download the signed PDF with the embedded qualified signature (PAdES). |
verification_data.qes.signer_name | String | Full name of the signatory as recorded on the qualified certificate. |
verification_data.qes.serial_number | String | Serial number of the qualified certificate used for signing. |
verification_data.qes.issuer_cn | String | Common name of the qualified certificate issuer (QTSP). |
verification_data.qes.valid_from | String | Start of the certificate validity window. |
verification_data.qes.valid_to | String | End of the certificate validity window. |
verification_data.qes.created_at | String | Timestamp when the QES batch was created. |
verification_data.qes.aggregate_status | String | Overall batch status across all submitted documents (e.g. all_signed). |
//Content-Type: application/json
//Signature: NmI4NmIyNzNmZjM0ZmNl
{
"reference": "17374217",
"event": "verification.accepted",
"country": "GB",
"proofs": {
"face": {
"proof": "https://ns.shuftipro.com/api/pea/15c1cf23bc0ed5a25613539f5cn3bebc0d566cda"
},
"document": {
"proof": "https://ns.shuftipro.com/api/pea/65c1df23bc0ed5a25613539f5cn3bebc0d566cac",
"additional_proof": "https://ns.shuftipro.com/api/pea/705b6ad48cc8ec08333d3e89653213302f71228f"
},
"qes": [
{
"name": "agreement.pdf",
"url": "https://ns.shuftipro.com/api/pea/df7272966d06183fb769aa8d4942464b06e2f93c"
}
],
"verification_video": "https://ns.shuftipro.com/api/pea/63c1cf23bc0ed5a21613539f5cn3bebc0d566cao",
"access_token": "generated_access_token",
"verification_report": "https://ns.shuftipro.com/api/pea/9ee426402e8633087b183c61ea5ac72acec5a728"
},
"verification_data": {
"document": {
"name": {
"first_name": "John",
"middle_name": "",
"last_name": "Doe",
"full_name": "John Doe"
},
"dob": "1990-01-01",
"issue_date": "2018-01-31",
"expiry_date": "2028-01-30",
"document_number": "GB1234567",
"country": "GB",
"selected_type": ["id_card"],
"supported_types": ["id_card", "passport"],
"face_match_confidence": 70
},
"email_verify": {
"email": "[email protected]"
},
"qes": {
"signer_name": "John Doe",
"serial_number": "0123456789ABCDEF0123456789ABCDEF01234567",
"issuer_cn": "Sample QTSP Qualified CA 2026",
"valid_from": "2026-06-15 10:00:00",
"valid_to": "2026-06-15 12:00:00",
"created_at": "2026-06-15 10:05:00",
"aggregate_status": "all_signed"
}
},
"verification_result": {
"face": 1,
"document": {
"document": 1,
"document_visibility": 1,
"document_must_not_be_expired": 1,
"document_country": 1,
"selected_type": 1,
"name": 1,
"document_number": 1,
"dob": 1,
"issue_date": 1,
"expiry_date": 1
},
"email_verify": {
"validate_email": 1,
"verify_email": 1
}
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
},
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
}
}
QES with Hash Submission Approach
In Hash Submission, the Merchant computes the SHA-256 hash of each document locally and submits only the hashes via qes.hashes. Shufti returns a detached PKCS#7 qualified signature per hash, which the Merchant attaches to the original document in their own environment.
To compute the SHA-256 hash before submission:
sha256sum agreement.pdf | awk '{print $1}'
The following request payloads illustrate each identity proofing flow for Hash Submission. The structure mirrors the multi-document examples above — qes.proofs is replaced with qes.hashes.
QES with Hash Submission - Standard Document and Face Verification
{
"reference": "sp-bc-prod-ABCDE1213",
"callback_url": "https://yourdomain.com/sp-callback",
"redirect_url": "https://yourdomain.com/sp-redirect",
"allow_retry": "1",
"show_ocr_form": "1",
"allow_online": "1",
"allow_offline": "0",
"verification_mode": "any",
"is_baseline_loip": "1",
"show_results": "1",
"decline_on_single_step": "0",
"regulatory_compliance_methods": {
"standered_face_service_requested": "1",
"nfc_service_requested": "0",
"eidv_service_requested": "0"
},
"qes": {
"hashes": [
"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
],
"phone_number": "+123456789"
},
"email_verify": {
"email": "[email protected]"
},
"document": {
"proof": "",
"additional_proof": "",
"supported_types": ["id_card", "passport"],
"backside_proof_required": "1",
"name": {
"first_name": "",
"middle_name": "",
"last_name": "",
"fuzzy_match": "1"
},
"document_number": "",
"dob": "",
"issue_date": "",
"expiry_date": ""
},
"face": {
"proof": "",
"check_duplicate_request": "0",
"document_in_hand_verification": "1"
}
}
QES with Hash Submission - NFC Document and Face Verification
{
"reference": "sp-bc-prod-ABCDE1213",
"callback_url": "https://yourdomain.com/sp-callback",
"redirect_url": "https://yourdomain.com/sp-redirect",
"allow_retry": "1",
"show_ocr_form": "1",
"allow_online": "1",
"allow_offline": "0",
"verification_mode": "any",
"is_baseline_loip": "1",
"show_results": "1",
"decline_on_single_step": "0",
"regulatory_compliance_methods": {
"nfc_service_requested": "1",
"standered_face_service_requested": "0",
"eidv_service_requested": "0"
},
"qes": {
"hashes": [
"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
],
"phone_number": "+123456789"
},
"email_verify": {
"email": "[email protected]"
},
"document": {
"proof": "",
"additional_proof": "",
"supported_types": ["passport", "id_card"],
"backside_proof_required": "1",
"name": {
"first_name": "",
"middle_name": "",
"last_name": "",
"fuzzy_match": "1"
},
"document_number": "",
"dob": "",
"issue_date": "",
"expiry_date": ""
},
"face": {
"proof": "",
"check_duplicate_request": "0"
}
}
QES with Hash Submission - Active eID-Based Verification
{
"reference": "sp-bc-prod-ABCDE1213",
"callback_url": "https://yourdomain.com/sp-callback",
"redirect_url": "https://yourdomain.com/sp-redirect",
"allow_retry": "1",
"show_ocr_form": "1",
"allow_online": "1",
"allow_offline": "0",
"verification_mode": "any",
"is_baseline_loip": "1",
"show_results": "1",
"decline_on_single_step": "0",
"regulatory_compliance_methods": {
"eidv_service_requested": "1",
"standered_face_service_requested": "0",
"nfc_service_requested": "0"
},
"qes": {
"hashes": [
"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
],
"phone_number": "+123456789"
},
"email_verify": {
"email": "[email protected]"
},
"ekyc": {
"eidv_verification_type": "active",
"eidv_countries": [
{ "code": "NO", "verification_approach": "active" },
{ "code": "SE", "verification_approach": "active" },
{ "code": "DK", "verification_approach": "active" }
]
}
}
Hash Submission Status Response
For hash submission requests, the /status response does not include a signed document. Instead, the detached qualified signatures are returned under verification_data.qes.documents[], alongside the qualified certificate details under verification_data.qes (signer name, certificate issuer, serial number, validity window, and aggregate_status for the batch). Each document entry contains the original hash, the base64-encoded PKCS#7 detached signature, the signing timestamp (signed_at), and the per-document status. The Merchant is responsible for attaching the detached signature to the original document using their own document processing pipeline.
| Field | Type | Description |
|---|---|---|
qes.signer_name | String | Full name of the signatory as recorded on the qualified certificate. |
qes.serial_number | String | Serial number of the qualified certificate used for signing. |
qes.issuer_cn | String | Common name of the qualified certificate issuer (QTSP). |
qes.valid_from | String | Start of the certificate validity window. |
qes.valid_to | String | End of the certificate validity window. |
qes.created_at | String | Timestamp when the QES batch was created. |
qes.aggregate_status | String | Overall batch status across all submitted hashes (e.g. all_signed). |
qes.documents[].hash | String | The original SHA-256 digest submitted by the Merchant. |
qes.documents[].signature | String | Base64-encoded PKCS#7 detached qualified signature. |
qes.documents[].signed_at | String | Timestamp of when the signature was applied. |
qes.documents[].status | String | Signature status: signed, failed, or expired. |
//Content-Type: application/json
//Signature: NmI4NmIyNzNmZjM0ZmNl
{
"reference": "17374217",
"event": "verification.accepted",
"country": "GB",
"proofs": {
"face": {
"proof": "https://ns.shuftipro.com/api/pea/15c1cf23bc0ed5a25613539f5cn3bebc0d566cda"
},
"document": {
"proof": "https://ns.shuftipro.com/api/pea/65c1df23bc0ed5a25613539f5cn3bebc0d566cac",
"additional_proof": "https://ns.shuftipro.com/api/pea/705b6ad48cc8ec08333d3e89653213302f71228f"
},
"verification_video": "https://ns.shuftipro.com/api/pea/63c1cf23bc0ed5a21613539f5cn3bebc0d566cao",
"access_token": "generated_access_token",
"verification_report": "https://ns.shuftipro.com/api/pea/9ee426402e8633087b183c61ea5ac72acec5a728"
},
"verification_data": {
"document": {
"name": {
"first_name": "John",
"middle_name": "",
"last_name": "Doe",
"full_name": "John Doe"
},
"dob": "1990-01-01",
"issue_date": "2018-01-31",
"expiry_date": "2028-01-30",
"document_number": "GB1234567",
"country": "GB",
"selected_type": ["id_card"],
"supported_types": ["id_card", "passport"],
"face_match_confidence": 70
},
"email_verify": {
"email": "[email protected]"
},
"qes": {
"signer_name": "John Doe",
"serial_number": "0123456789ABCDEF0123456789ABCDEF01234567",
"issuer_cn": "Sample QTSP Qualified CA 2026",
"valid_from": "2026-06-15 10:00:00",
"valid_to": "2026-06-15 12:00:00",
"created_at": "2026-06-15 10:05:00",
"aggregate_status": "all_signed",
"documents": [
{
"hash": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
"signature": "MIIG...base64-encoded PKCS#7 detached signature...==",
"signed_at": "2026-06-15 10:06:00",
"status": "signed"
},
{
"hash": "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
"signature": "MIIG...base64-encoded PKCS#7 detached signature...==",
"signed_at": "2026-06-15 10:06:00",
"status": "signed"
}
]
}
},
"verification_result": {
"face": 1,
"document": {
"document": 1,
"document_visibility": 1,
"document_must_not_be_expired": 1,
"document_country": 1,
"selected_type": 1,
"name": 1,
"document_number": 1,
"dob": 1,
"issue_date": 1,
"expiry_date": 1
},
"email_verify": {
"validate_email": 1,
"verify_email": 1
}
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
},
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
}
}