API specificities for the QES level

Signature Requests with QES level have intrinsic security and compliance constraints. They must hence follow these rules:

• There can be only 1 field of type signature per Signer and Document to sign.
• Signers must be ordered (use ordered_signers : trueon Initiate Signature Request). Note that this holds true even when there is only one Signer in the Signature Request. Learn more about signers ordering.
• All Signers must use the same signature level qualified_electronic_signature(you can omit the field signature_authentication_mode or set it as null). Refer to Set the signature level for an API call example.
• The signing flow cannot be iFramed. This limitation is linked to security constraints around identity verification. You should instead use redirect URLs to set up your signature user journey. Learn more about redirecting signers.

Also note that Audit Trails are presently not available for the QES level. Trying to download an Audit Trail for these Signature Requests will yield an error. In practice, the signatures embedded in your signed document already constitute the strongest legal proof of signer consent.