Whitelisting Endpoints for eSign Viewer

Introduction

To ensure proper operation of the eSign Viewer when exposed to the internet, it is essential to whitelist specific API endpoints and resources. The following document outlines the required endpoints that need to be accessible by external clients. These whitelisting rules help ensure that the viewer functions correctly and securely, including access to the viewer itself, support resources, and WebSocket connections.

This is a hard requirement if you which to expose eSign Viewer to the public but do not want to expose other layers, such as REST API and the Backoffice.

Whitelisted Endpoints

The following endpoint patterns should be whitelisted to enable seamless functionality for the eSign Viewer:

1. eSign Viewer Access

^/eSignServer/?.*

  • Description: This pattern allows access to the eSign Viewer itself. It is responsible for enabling users to interact with the signing interface and perform e-signature actions.

  • Purpose: Ensures that external clients can load and interact with the eSign Viewer.

  • Pattern Details:

    • Matches any request to the /eSignServer/ path, including possible query parameters (e.g., /eSignServer?docId=12345).

    • This is the main entry point for accessing the viewer.

2. Static Resources for Viewer

^/eSignServer/(css|js|resources|fonts|locale|images|legacy)/.*

  • Description: This pattern covers the static resources required by the viewer to load and display content correctly. This includes stylesheets (CSS), JavaScript files, fonts, images, locale files, and legacy resources.

  • Purpose: Ensures that all necessary static files, such as styling and JavaScript components, are available to the client-side application for proper rendering.

  • Pattern Details:

    • Matches any request to paths under /eSignServer/ followed by one of the directories (css, js, resources, fonts, locale or images).

    • These resources are essential for the correct visual presentation and functionality of the viewer.

    • legacy is included to support older versions of the viewer that may still be in use (you can exclude this if not needed).

3. WebSocket Connection

^/eSignServer/session

  • Description: This pattern is used to establish a WebSocket connection for real-time communication between the eSign Viewer and the server. The WebSocket is essential for tracking user actions and ensuring the viewer’s interactive features work properly.

  • Purpose: Provides a connection for managing session states, sending real-time updates, and ensuring the interactivity of the viewer, such as live document tracking and status updates.

  • Pattern Details:

    • Matches requests to /eSignServer/session to establish and maintain a WebSocket connection.

    • This WebSocket connection is crucial for enabling real-time features such as document status updates and user interactions with the viewer.

Conclusion

Whitelisting the above endpoints is critical for the correct functioning of the eSign Viewer when exposed to the internet. By following these guidelines, you can ensure that the viewer operates securely and efficiently while remaining accessible to your users.