Getting Started
Korala is a document signing API that provides cryptographic PDF signing with RFC 3161 timestamping for legally compliant digital signatures.
Quick Start
1. Get Your API Credentials
First, create an API key from your Korala admin dashboard. You’ll receive:
- API Key ID: A public identifier for your key
- API Secret: A secret used to sign requests (keep this secure!)
2. Install the API Client
TypeScript
npm install @korala/api-client3. Send Your First Document
TypeScript
import { KoralaClient } from '@korala/api-client';
const korala = new KoralaClient({
apiKeyId: 'your-api-key-id',
apiSecret: 'your-api-secret',
});
// Create a document and get upload URL
const { documentId, uploadUrl } = await korala.documents.createUploadUrl({
filename: 'contract.pdf',
contentType: 'application/pdf',
});
// Upload your PDF
await fetch(uploadUrl, {
method: 'PUT',
body: pdfBuffer,
headers: { 'Content-Type': 'application/pdf' },
});
// Confirm the upload
await korala.documents.confirmUpload(documentId);
// Add a signer
const signer = await korala.signers.create(documentId, {
email: '[email protected]',
name: 'John Doe',
});
// Add a signature field
await korala.fields.create(documentId, {
signerId: signer.id,
fieldType: 'signature',
pageNumber: 1,
xPosition: 100,
yPosition: 500,
width: 200,
height: 50,
});
// Send for signing
await korala.documents.send(documentId);Core Concepts
Document Lifecycle
- Draft - Document is created but not yet sent
- Pending - Document has been sent and is awaiting signatures
- Completed - All signers have signed; document is cryptographically sealed
- Voided - Document was cancelled before completion
- Expired - Document expired before all signatures were collected
Authentication
Korala uses HMAC-SHA256 signature authentication for API requests. Each request must include:
| Header | Description |
|---|---|
X-API-Key | Your API key ID |
X-Timestamp | Current Unix timestamp (seconds) |
X-Signature | HMAC-SHA256 signature |
The signature is computed as:
HMAC-SHA256(secret, "{timestamp}.{METHOD}.{path}.{body}")See the Authentication Guide for details.
Webhooks
Korala sends webhook notifications for document events:
document_created- Document was createddocument_sent- Document was sent for signingdocument_viewed- A signer viewed the documentdocument_signed- A signer completed signingdocument_completed- All signatures collected, document sealeddocument_voided- Document was voideddocument_declined- A signer declined to sign
See the Webhooks Guide for setup instructions.
Next Steps
- Example App - Full Next.js example with single-signer, multi-signer, and batch countersign demos
- Authentication Guide - Deep dive into HMAC authentication
- Documents Guide - Learn about document management
- API Reference - Complete API documentation
Last updated on