Krebit Sign API reference
The sidebar includes an OpenAPI-driven reference for every Krebit Sign endpoint. Each page lists request parameters, schema definitions, reusable code samples, and HTTP status codes. Use this overview to understand cross-cutting conventions before diving into the per-endpoint docs.
How to use the reference
- Expand API reference in the sidebar to reveal categories for Signings, Users, and Webhooks.
- Pick an operation (for example, GET /api/1.0/signings) to view request/response schemas and sample code in multiple languages.
- Copy example snippets directly into your application or adapt them to your preferred HTTP client.
- Use the breadcrumb navigation to move between related endpoints quickly.
All reference pages are regenerated from openapi.json during every build, ensuring parity with the live API.
Open the reference in a second browser tab while following the guides. You can compare required fields, validation rules, and error formats without breaking your flow.
Base requirements
- Base URL –
https://{organization}.krebit.se/api/1.0 - Authentication –
Authorization: Bearer <token>header is required on every request. - Headers – Send
Accept: application/json. UseContent-Type: application/jsonfor JSON payloads andmultipart/form-datafor file uploads. - Tenant scoping – All data is scoped to the tenant derived from the subdomain. Cross-tenant access is blocked.
Common status codes
| Code | Meaning | Notes |
|---|---|---|
200 OK | Operation succeeded. | Some list endpoints return pagination metadata under meta. |
201 Created | Resource created. | Responses include the new resource body. |
202 Accepted | Asynchronous processing. | Used for operations like reminders. |
204 No Content | Resource deleted. | No response body is returned. |
400 Bad Request | Validation failure or business rule violation. | Inspect the JSON error payload for field-level messages such as cannot_be_edited. |
401 Unauthorized | Missing or invalid bearer token. | Renew the token or verify credentials. |
403 Forbidden | Authenticated identity lacks permission for the resource. | Confirm the token scopes or user roles. |
404 Not Found | Resource missing or not accessible in the tenant. | Documents return 404 when requesting signed files before completion. |
422 Unprocessable Entity | Payload structure is correct but fails validation. | Common when uploading invalid PDFs. |
Pagination
List endpoints support page-based pagination with page and limit query parameters. The response meta object includes current_page, per_page, and total fields. Use them to drive UI pagination controls or service-to-service batch jobs.
Error format
All validation errors follow Laravel's standard structure:
{
"message": "The given data was invalid.",
"errors": {
"field": ["Explanation of what went wrong"]
}
}
Business rule violations (such as attempting to send a draft without documents) also return 400 responses with descriptive keys. Handle these gracefully and display actionable guidance to operators.
Rate limiting & idempotency
The Krebit Sign API enforces reasonable rate limits per tenant. If you receive 429 Too Many Requests, back off exponentially and retry. For file uploads and sending operations, prefer idempotent retry logic that checks the current signing status before reissuing the same command.
Related resources
- Signings guide – Conceptual overview, lifecycle guidance, and operational tips.
- Authentication – Obtain and refresh OAuth tokens.
- Webhooks – Subscribe to lifecycle events instead of polling.
Whenever you need the exact contract for an endpoint, open the matching entry from the API reference section and rely on the autogenerated schemas for the authoritative definition.