What is it?
Digital Signature Gateway service (Riigi allkirjastamisteenus) is a service for creating and signing ASIC-E and BDOC containers in a HASHCODE form.
The service supports signature creation with Estonian ID-card/e-token (signing with ID-card/e-token must be still implemented in e-service) and with Estonian Mobile-ID.
The service also supports validation of ASIC-E, BDOC and DDOC containers in hashcode form.
If your e-service is currently using DigiDocService for container creation, take a look on DigiDocService comparision below to see what are the specific differences in business flow.
What are the benefits?
Digital Signature Gateway service offers unified API for container and signature creation. No need for extra integration with Mobile-ID or trust services. API is platform independent and can be used in any e-service capable of handling JSON/REST API.
Only one contract is needed to get access container and signature creation. No need for handling contracts and billing with different parties.
Digital Signature Gateway service is kept up to date with security patches and compliant with signature standards. E-service maintenance is limited to the updates for API integration.
Whom is it for?
The service can be used by all public sector authorities who are listed by the Rahandusministeerium. For specifics see here
What does it cost?
Current price list can be found here.
How can I join?
Demo environment can be used by everybody, however production environment can be used only by public sector authorities specified here.
Application for joining must be sent to email@example.com. Application forms can be found here
Whats the difference between Digital Signature Gateway service and DigiDocService?
Digital Signature Gateway service offers two different services for integration (JSON and SOAP). JSON based service is new signing service intended to replace DigiDocService. SOAP service is intended for legacy systems for easier transition. Both of the services have differences in functionality compared to DigiDocService.
Differences in functionality
|Functionality||DigiDocService||Digital Signature Gateway service||Comment|
|Container creation||Yes||Yes||Creating new containers|
|Adding signatures||Yes||Yes||Adding signatures to containers|
|Support for BDOC and ASICE containers||Yes||Yes||Supports the hashcode form|
|Support for DDOC container||Yes||No||Not possible to use|
|Container hashcode form||Yes||Yes||Same hashcode format|
|Signing with external device||Yes||Yes||ID card, e-seal, … (certificate must be in Estonian TSL)|
|Signing with Mobile-ID||Yes||Yes||Digital Signature Gateway service supports only Estonian Mobile-ID|
|Authentication with Mobile-ID||Yes||No||Digital Signature Gateway service is purely signing/container service, use TARA for authentication|
|Verification of certificate validity||Yes||No||Not possible to validate|
|Signature validation||Yes||Yes||Digital Signature Gateway service uses Valideerimisteenus (SIVA) for validation|
Differences in protocol
|General differences||DigiDocService||Digital Signature Gateway service SOAP||Digital Signature Gateway service JSON||Comment|
|Protocol||SOAP/XML||SOAP/XML||REST/JSON||JSON API is described in WADL|
|Hashcode container format||DigiDocService||DigiDocService||DigiDocService||Same hahscode container format is used|
|Access to service||IP based||IP based||HMAC based authorization||JSON service each request must be signed by e-service|
Feel free to write firstname.lastname@example.org for any questions about Digital Signature Gateway service.