Agreements

The Signature Flow

The signature flow allows a sender to create an agreement, check the current state and collect the signed agreement and consists of the following steps:

• STEP 1: Send an agreement according to “Sending agreements” instructions here below
• STEP 2: Check regularly whether the agreement has been signed by all parties using the dedicated API endpoints
• STEP 3: When the agreement has been signed by all parties, retrieve the covenant (that is, the signed agreements including watermarking and additional metadata about the signatures) within 30 days by using the dedicated API endpoint

Covenant file and PAdES signature

A covenant document is a new document created when the agreement has been signed by all parties and includes the following:

• The original document with a watermarking (a footer on each page stating that the document was signed in Kivra) and an appendix with information about the signing parties
• Two attachments, one named original.pdf which is the PDF that was signed, and one named verification.json containing machine readable information about the BankID signatures
• A digital signature according to PAdES (see below).

PAdES Digital Signatures

The covenant document is digitally signed according to the PAdES ( Advanced Electronic Signatures) specification in order to prove three aspects:

1. Authenticity: That the covenant document was created by Kivra
2. Integrity: That the covenant document has not been altered since creation
3. Timestamp: That the covenant was signed at a specific time

Users can open the document in PDF readers supporting digital signatures (for instance Acrobat Reader) to check the authenticity and integrity of the document. If the document indeed was created by Kivra Signatures, a box at the top of the document will be shown as proof.

The authenticity of documents can also be verified programmatically if desired.

PAdES is a standard for digital signatures adopted by the European eIDAS standard, meaning that agreements signed according to PAdES are legally binding in all EU member states since July 2014.

Sending agreements

To send an agreement in Kivra you need to provide the following metadata:

• Step 1 – for each signer specify SSN, Email and role

Role can be “signer” (a person signing as a private individual) or “delegate” (a person signing as representative for a company). There is no limit on the number of signers and delegates, but at least one signer should always be provided.

• Step 2 – add subject/title

This subject/title will be visible in the Recipient’s Inbox. Note! Don’t include any personal information here, such as the recipient's name or SSN in the subject/title.

• Step 3 – set type to “agreement”

By setting the type, you determine what type of content you're sending. For agreements, set the type to “agreement”.

• Step 4 – provide VAT number of company issuing the agreement

The VAT number of the company issuing the agreement

• Step 5 – add file and details

Agreements always contain a PDF file to be signed. The following details are required for your file:

name The name of the file.
data Base64-encoded data. This is the data for the actual PDF file.
content_type The IANA media type corresponding to the file. In the case of letters, this will most likely be "application/pdf".

• Step 6 – inform all signers that there is an agreement to be signed

For agreements, Kivra will not notify signers and delegates that a new agreement is waiting to be signed, it is the sender's responsibility to inform signers and delegate to open signatures.kivra.com (Note! Not the regular Kivra app or website) and sign the document.

The agreement experience for signers

Signers get notified by senders that a new agreement is available at signatures.kivra.com. Signers have 30 days to review and sign the agreement. If the agreement is not signed by all parties within 30 days, it will be permanently removed and no longer available for signing.

When all signing parties have signed the document, Kivra will inform all signing parties that a new covenant is available for download for 30 days. The experience in this case is different depending on whether the signer is a user of Kivra or not:

• If the signer is a Kivra user the covenant will be automatically delivered in the signer’s Kivra inbox but also available for download from signatures.kivra.com (for 30 days).
• If the signer is not a Kivra user the covenant will be available for download from signatures.kivra.com (for 30 days), a reminder will be sent before the 30 days period expires and the covenant deleted.

For delegates the covenant will be available for download from signatures.kivra.com (for 30 days), a reminder will be sent before the 30 days period expires and the covenant deleted.