🚀 API Integration Documentation

Integrate SmartToolPDF's powerful capabilities into your application with our RESTful APIs

📖 Getting Started

The SmartToolPDF API allows you to programmatically integrate our services into your application. Currently, we offer E-Sign capabilities with more APIs coming soon.

Base URL

https://www.smarttoolpdf.com/api/v1/

Authentication

All API requests must include the following headers:

X-API-Key: your_api_key_here
X-API-Secret: your_api_secret_here

How to Get API Credentials

Request API access via our API Access Request Form
Once approved, you'll receive your API Key and Secret via email
Store these credentials securely - they won't be shown again!
Include them in the headers of all your API requests

Available APIs

API	Status	Description
E-Sign API	Available	Create signing sessions, track status, download signed PDFs
Conversion API	Coming Soon	PDF conversion, compression, merging, and more
OCR API	Planned	Extract text from images and scanned documents

📝 E-Sign API

Create electronic signature sessions, track their status, and download signed documents programmatically.

POST /esign/create/

Create a new e-signature session

Upload a PDF document and create a signing session. An OTP will be automatically sent to the signer's email.

Request Parameters

Parameter	Type	Required	Description
`file`	File	Required	PDF file to be signed (max 50MB)
`signer_email`	String	Required	Email address of the signer
`signer_name`	String	Required	Full name of the signer

Example Request (cURL)

curl -X POST https://www.smarttoolpdf.com/api/v1/esign/create/ \
  -H "X-API-Key: stpdf_test_YOUR_KEY" \
  -H "X-API-Secret: YOUR_SECRET" \
  -F "file=@contract.pdf" \
  -F "signer_email=john.doe@example.com" \
  -F "signer_name=John Doe"

Example Request (Python)

import requests

url = "https://www.smarttoolpdf.com/api/v1/esign/create/"
headers = {
    "X-API-Key": "stpdf_test_YOUR_KEY",
    "X-API-Secret": "YOUR_SECRET"
}
files = {"file": open("contract.pdf", "rb")}
data = {
    "signer_email": "john.doe@example.com",
    "signer_name": "John Doe"
}

response = requests.post(url, headers=headers, files=files, data=data)
print(response.json())

Success Response (201 Created)

{
  "success": true,
  "session_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "status": "otp_sent",
  "signing_url": "https://smarttoolpdf.com/esign/sign/a1b2c3d4-.../",
  "message": "Session created and OTP sent"
}

GET /esign/status/<session_id>/

Check the status of a signing session

Example Request (cURL)

curl -X GET https://www.smarttoolpdf.com/api/v1/esign/status/SESSION_ID/ \
  -H "X-API-Key: stpdf_test_YOUR_KEY" \
  -H "X-API-Secret: YOUR_SECRET"

Success Response (200 OK)

{
  "success": true,
  "session_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "status": "signed",
  "created_at": "2025-12-04T10:00:00Z",
  "signed_at": "2025-12-04T10:15:30Z",
  "is_expired": false
}

Status Values

Status	Description
`created`	Session created
`otp_sent`	OTP sent to signer
`otp_verified`	Signer verified, ready to sign
`signing`	PDF is being processed
`signed`	✅ Document successfully signed
`failed`	❌ Signing failed
`expired`	⏰ Session expired

GET /esign/download/<session_id>/

Download the signed PDF document

Only available when status is signed

Example Request (cURL)

curl -X GET https://www.smarttoolpdf.com/api/v1/esign/download/SESSION_ID/ \
  -H "X-API-Key: stpdf_test_YOUR_KEY" \
  -H "X-API-Secret: YOUR_SECRET" \
  -o signed_document.pdf

Example Request (Python)

import requests

session_id = "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
url = f"https://www.smarttoolpdf.com/api/v1/esign/download/{session_id}/"
headers = {
    "X-API-Key": "stpdf_test_YOUR_KEY",
    "X-API-Secret": "YOUR_SECRET"
}

response = requests.get(url, headers=headers)
with open("signed_document.pdf", "wb") as f:
    f.write(response.content)

Conversion API Coming Soon

We're working on bringing you powerful file conversion capabilities via API.

Features will include:

✅ PDF to DOCX/XLSX/PPTX conversion
✅ Image to PDF conversion
✅ PDF compression and optimization
✅ PDF merging and splitting
✅ Batch processing support

🔔 Webhook Notifications

Configure webhooks to receive real-time notifications when events occur in your API integrations.

Configuring Webhooks

To set up webhooks:

Log in to your Merchant Dashboard
Navigate to Webhooks section
Enter your webhook URL
Save your webhook secret for signature verification
Enable webhooks

Supported Events

Event	Description	When Triggered
`esign.signed`	Document signed successfully	When a signer completes the signing process
`esign.expired`	Session expired	When a signing session expires without completion
`conversion.completed`	File conversion completed	When a conversion finishes successfully (Coming Soon)
`conversion.failed`	File conversion failed	When a conversion encounters an error (Coming Soon)

Webhook Payload Structure

Example payload for esign.signed event:

{
  "event": "esign.signed",
  "session_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "status": "signed",
  "signer_email": "john.doe@example.com",
  "signer_name": "John Doe",
  "created_at": "2025-12-04T10:00:00Z",
  "signed_at": "2025-12-04T10:15:30Z",
  "signed_file": {
    "name": "contract.pdf",
    "download_url": "/api/v1/esign/download/a1b2c3d4-.../",
    "expires_at": "2025-12-05T10:00:00Z"
  }
}

Webhook Headers

Every webhook request includes these headers:

Content-Type: application/json
X-Webhook-Signature: 
X-Webhook-Event: esign.signed
User-Agent: SmartToolPDF-Webhook/1.0

Verifying Webhook Signatures

Important: Always verify the webhook signature to ensure the request is authentic and hasn't been tampered with.

Python Example

import hmac
import hashlib
import json

def verify_webhook(payload, signature, secret):
    """Verify webhook signature using HMAC-SHA256"""
    message = json.dumps(payload, sort_keys=True).encode('utf-8')
    expected = hmac.new(
        secret.encode('utf-8'),
        message,
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(signature, expected)

# In your webhook handler:
@app.route('/webhook', methods=['POST'])
def handle_webhook():
    webhook_secret = "your_webhook_secret"
    signature = request.headers.get('X-Webhook-Signature')
    payload = request.json
    
    if not verify_webhook(payload, signature, webhook_secret):
        return "Invalid signature", 401
    
    # Process the webhook
    event = payload.get('event')
    
    if event == 'esign.signed':
        session_id = payload['session_id']
        # Download the signed PDF, update your database, etc.
        print(f"Document signed: {session_id}")
    
    return "OK", 200

Node.js Example

const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
    const message = JSON.stringify(payload, Object.keys(payload).sort());
    const expected = crypto
        .createHmac('sha256', secret)
        .update(message)
        .digest('hex');
    return crypto.timingSafeEqual(
        Buffer.from(signature),
        Buffer.from(expected)
    );
}

app.post('/webhook', (req, res) => {
    const webhookSecret = 'your_webhook_secret';
    const signature = req.headers['x-webhook-signature'];
    const payload = req.body;
    
    if (!verifyWebhook(payload, signature, webhookSecret)) {
        return res.status(401).send('Invalid signature');
    }
    
    // Process the webhook
    const event = payload.event;
    
    if (event === 'esign.signed') {
        console.log(`Document signed: ${payload.session_id}`);
        // Download PDF, update database, etc.
    }
    
    res.status(200).send('OK');
});

Best Practices

Always verify signatures: Never trust webhook data without verifying the signature
Use HTTPS: Your webhook endpoint must use HTTPS in production
Respond quickly: Return a 200 status code within 5 seconds
Handle retries: We'll retry failed webhooks up to 3 times with exponential backoff
Be idempotent: Handle duplicate webhook deliveries gracefully
Log everything: Keep logs of all webhook deliveries for debugging

Retry Policy

If your webhook endpoint fails to respond or returns an error:

Attempt 1: Immediate delivery
Attempt 2: 2 minutes after first failure
Attempt 3: 4 minutes after second failure
Attempt 4: 8 minutes after third failure

After 4 failed attempts, the webhook delivery is marked as failed and no further retries are attempted.

📚 API Reference

⚠️ Error Codes

200

OK - Request successful

201

Created - Resource created

400

Bad Request - Invalid parameters

401

Unauthorized - Invalid credentials

404

Not Found - Resource doesn't exist

429

Too Many Requests - Rate limit exceeded

500

Internal Server Error

Error Response Format

{
  "success": false,
  "error": "Error message here",
  "code": "ERROR_CODE",
  "details": "Additional error details"
}

⏱️ Rate Limits

API requests are rate-limited based on your subscription plan:

Plan	Requests/Minute	Requests/Month	Max File Size
Free	10	1,000	10 MB
Starter	50	10,000	50 MB
Professional	200	100,000	100 MB
Enterprise	1,000	Unlimited	500 MB

Rate Limit Headers

All API responses include rate limit information in the headers:

X-RateLimit-Limit: 200
X-RateLimit-Remaining: 195
X-RateLimit-Reset: 1638360000

🔒 Security Best Practices

Keep credentials secure: Never commit API keys to version control
Use environment variables: Store credentials in environment variables or secure vaults
Rotate keys regularly: Generate new API keys periodically
Use HTTPS only: Always make API requests over HTTPS
Validate webhook signatures: Always verify webhook signatures before processing
Implement IP whitelisting: Configure IP restrictions in your merchant dashboard
Monitor usage: Regularly check your API usage logs for suspicious activity

🌍 Supported Regions

Our API is currently available in the following regions:

Region	Endpoint	Status
Global (Primary)	`https://www.smarttoolpdf.com/api/v1/`	Active
Asia-Pacific	`Coming Soon`	Planned
Europe	`Coming Soon`	Planned

📞 Support & Resources

Need Help?

Email Support: smarttoolpdf@gmail.com
Merchant Dashboard: View your usage and manage API keys
Status Page: Check our service status and uptime
GitHub Examples: Sample code and integration examples (Coming Soon)

Changelog

Version	Date	Changes
v1.0	Dec 2025	Initial release with E-Sign API

Ready to Get Started?

Request API access and start integrating our capabilities into your application today.

Request API Access