7. Audit proofs
When the Audit proofs setting is enabled in the Configuration Index, eSignatures keeps Audit proofs about each signature that is placed.
The following information is collected in base64 format about each approval:
Approval events information
- Time when package was approved
- Time when reminder was sent, content of the reminder, recipient(s) of the reminder
- Time when an invitation was sent to approve the package, content of the invitation, recipient(s)
- For all approval events mentioned above, the approver’s IP address is added to the Audit proofs.
The following information is collected in base64 format about each reassignment:
Reassignment events information
- Time when package was reassigned
- Reason why the package was reassigned
- First name of previous and new approver or signer
- Last name of previous and new approver or signer
- Email address of previous and new approver or signer
The following information is collected in base64 format about each signature:
Signing events information
- Start time of signing, end time of signing
- Time when reminder was sent, content of the reminder, recipient(s) of the reminder
- Time when an SMS OTP was sent, content of the SMS, recipient of the SMS
- Time when a mail OTP was sent, content of the mail, recipient of the mail
- Time when an invitation was sent to sign the package, content of the invitation, recipient(s)
- For the signing events mentioned above, the signer’s IP address is added to the Audit proofs
Signature information
- Signature certificate that was used to place the signature, its certificate chain and certificate revocation information (OCSP / CRL)
- Timestamp certificate, its certificate chain and certificate revocation information (OCSP / CRL)
- The signed PDF when the package is fully signed
- If the setting Intermediate States Saved is enabled in the Configuration Index, a copy of the document gets added in base64 format after each signature.
- Any extra proofs which were added by the client through the Post extra proof call described in section 7.3.
- If the setting IsOneTimeUrlEnabled is disabled in the Configuration Index, the following value is added for every signature that was placed by means of an “unsecure” URL: “One-time URL was disabled when signing”.
All this data is stored in xml files which are signed at the end. The signed xml files can then be retrieved through one of the following four calls:
- The Audit proofs of a specific document within a package, based on the document id.
- The Audit proofs of a specific package, based on the package id.
- The Audit proofs of all packages containing a specific package correlation id.
- The Audit proofs of all documents containing a specific document correlation id.
Important: If a package is deleted via the API or the eSignatures Portal then the audit proofs are deleted as well.