Technical Information

Restful multi-platform API


The SmartSign API is implemented as a RESTful web service. To make integrating SmartSign into your application as simple and as quick as possible we provide language-specific wrapper APIs in a variety of languages. Combine this with comprehensive developer documentation and sample code that works out of the box and you have a solution that couldn't be easier.

Out-of-band authentication using SSL TLS HTTPS

Security & Encryption

SmartSign has been developed by a company with a long history in software and IT security. All SmartSign communications are secured by SSL/TLS using 2048-bit keys. This includes this website, the Management System, the API and the OOB authentication mechanism the SmartSign app uses.

OCRA OATH Standard Authentication

Authentication Standards

SmartSign is built around the industry leading authentication algorithms developed by the Initiative for Open Authentication (OATH). These include OTP and the OATH-based Challenge-Response Algorithm (OCRA).

Comprehensive Browser Support

Comprehensive Browser Support

The SmartSign widget is delivered as pure HTML that you embed in your site. It's HTML 4 & 5 compatible and is supported in all major web browsers.

Active Directory Synchronisation

Active Directory Synchronisation

SmartSign can be integrated seamlessly with Active Directory. If an administrator wants a user to use SmartSign, they simply drop them into the SmartSign group and they will automatically be registered. This is accomplished without any modifications to your schema, so there are no permanent changes.

Challenge-Response Authentication

Challenge-Response Mechanism

Challenge-response authentication boosts security by requiring an authentication device to produce the correct response to a unique, server-generated challenge code. This prevents hackers pre-calculating authentication responses.

2FA with out-of-band authentication

Out Of Band Authentication

SmartSign employs Out-Of-Band (OOB) Authentication which builds security outside of the webserver↔browser channel. Establishing this secure 2nd channel of communication directly with the SmartSign servers protects against security breaches of the user's browser or connection such as man-in-the-middle attacks.

Authentication without Flash and Java

No Flash or Java

SmartSign does not embed any Adobe Flash® content or Java® applets in the client-side widget.

Register for a free developer account and get 10 free user licences.