Secure Document Signing: Send QES-Enabled Documents with BoldSign API

Ensuring both security and legal validity in e-signature workflows is more critical than ever. One feature that delivers on both fronts is the Qualified Electronic Signature (QES), the highest level of trust and legal recognition under the EU’s eIDAS regulation.

With the BoldSign API, integrating QES into your document signing process is seamless, secure, and compliant. In this guide, we’ll cover:

• What QES is and why it matters.
• Why BoldSign is a trusted platform for QES.
• How to send QES-enabled signature requests via API.
• How recipients sign QES documents.
• How to track signed documents.
• Key restrictions to keep in mind.

What is a QES?

A QES is an advanced digital signature backed by a qualified digital certificate issued by a Qualified Trust Service Provider (QTSP). Under the eIDAS regulations in the European Union, QES is legally equivalent to a handwritten signature and offers the highest level of security and legal standing.

Why choose BoldSign for QES?

BoldSign is built to meet global compliance standards and offers robust support for QES. It offers:

• Built-in QES support via trusted QTSPs for certificate issuance and validation.
• Compliance with eIDAS, GDPR, and other international standards.
• Detailed audit trails for every QES transaction.
• AES 256-bit encryption and advanced cryptographic techniques to protect document integrity.

How to send QES-enabled signature requests via BoldSign API

Step 1: Enable QES in your BoldSign account.

To use QES, first enable it from your business profile settings. Once activated, you can apply QES to both documents and templates.

QES is billed on a pay-as-you-go basis at $3 per verification attempt.

For setup instructions, check out our page on enabling QES in your business profile.

Step 2: Send documents with QES enabled.

Use the BoldSign API and set the EnableQes property to true in your request payload.

Example code snippets for .NET:

    var apiClient = new ApiClient("https://api.boldsign.com", "Your_API_Key");
    var documentClient = new DocumentClient(apiClient);
    List formField = new List<FormField>
    {
        new FormField(
            id: "Signature",
            type: FieldType.Signature,
            pageNumber: 1,
            bounds: new Rectangle(x: 50, y: 50, width: 200, height: 30))
    };
    var documentDetails = new SendForSign
    {
        Title = "Agreement",
        Signers = new List<DocumentSigner>
        {
            new DocumentSigner(
                signerName: "David",
                signerType: SignerType.Signer,
                signerEmail: "david@cubeflakes.com",
                formFields: formField)
            {
                EnableQes = true
            }
        },
        Files = new List<IDocumentFile>
        {
            new DocumentFilePath
            {
                ContentType = "application/pdf",
                FilePath = "YOUR_FILE_PATH",
            }
        },
    };
    var documentCreated = documentClient.SendDocument(documentDetails);

In the code examples above, make sure to replace the placeholder values for the API key and file path with your actual API key and file path. Additionally, set the EnableQes property to true.

Once executed, the document will be sent to the signer with QES verification enabled, requiring them to verify their identity before completing the signing process.

How to sign a QES document

Recipients will receive an email with a link to sign the document. To complete the process, they must have an active Evrotrust account. They can sign by clicking the email link and logging into their BoldSign account.

For detailed steps, refer to our article on how to sign a QES document.

Track and retrieve signed documents

Use webhooks to monitor document status and download signed files and audit trails.

Helpful guides:

• Setting up a webhook
• Download document
• Download audit trail

QES usage restrictions

Keep these limitations in mind when using QES:

Signer rules

• Signing order must be enabled for multiple signers.
• QES must be enabled for either all signers or only the last signer.
• Each signer must have a unique signing order.
• QES is not available for self-signing, reviewers, or group signers.

Feature limitations

• The maximum combined file size is 30 MB.
• Collaborative fields and configure fields are not supported.
• Combine Audit Trail and Combine Attachments options are disabled.
• Only the first signer can access all field types; others are limited to mandatory signature fields.

Conclusion

With BoldSign’s QES integration, organizations can confidently meet the highest standards of digital signing, ensuring both legal compliance and data security.

Ready to try it out?

Sign up for a free sandbox account and explore BoldSign’s powerful features.

We’d love to hear your thoughts! Drop a comment below or reach out via our support portal. Need a personalized walkthrough? Schedule a demo with our team today!

Related blogs

• How to Build Scalable Document Signing by Integrating BoldSign with .NET Aspire
• Introducing the BoldSign Python SDK for Effortless E-Signature Integration
• Top 5 HIPAA-Compliant Electronic Signature Platforms

Note: This blog was originally published at boldsign.com