Documentacao da API
Integre assinatura eletronica com validade juridica ICP-Brasil ao seu sistema em minutos. A API segue padroes REST com respostas em JSON.
https://sign.lpatech.com.br/api/v1
Autenticacao
Todas as requisicoes devem incluir os headers de autenticacao. Gere suas credenciais em Painel → Chaves de API.
Headers obrigatorios
X-Api-Key — Identificador publico da chave
X-Api-Secret — Segredo da chave (nunca exponha no frontend)
Content-Type: application/json
Java
C#
PHP
JavaScript
TypeScript
Python
// Java 11+
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://sign.lpatech.com.br/api/v1/account"))
.header("X-Api-Key", "lpa_xxxxxxxxxxxx")
.header("X-Api-Secret", "seu_secret_aqui")
.GET().build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());// C#
using var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-Api-Key", "lpa_xxxxxxxxxxxx");
client.DefaultRequestHeaders.Add("X-Api-Secret", "seu_secret_aqui");
var response = await client.GetAsync("https://sign.lpatech.com.br/api/v1/account");
var json = await response.Content.ReadAsStringAsync();// PHP
$ch = curl_init("https://sign.lpatech.com.br/api/v1/account");
curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [
"X-Api-Key: lpa_xxxxxxxxxxxx", "X-Api-Secret: seu_secret_aqui",
]]);
$resp = json_decode(curl_exec($ch), true); curl_close($ch);// JavaScript
const resp = await fetch("https://sign.lpatech.com.br/api/v1/account", {
headers: { "X-Api-Key": "lpa_xxxxxxxxxxxx", "X-Api-Secret": "seu_secret_aqui" },
});
const data = await resp.json();// TypeScript
const headers: HeadersInit = { "X-Api-Key": KEY, "X-Api-Secret": SECRET };
const data: AccountResponse = await fetch("https://sign.lpatech.com.br/api/v1/account", { headers }).then(r => r.json());# Python
import requests
data = requests.get("https://sign.lpatech.com.br/api/v1/account",
headers={"X-Api-Key": "lpa_xxxxxxxxxxxx", "X-Api-Secret": "seu_secret_aqui"}).json()Conta
GET
/account
Retorna dados da conta autenticada
200 OK
{
"name": "Minha Empresa",
"status": "active",
"plan": "Pro",
"has_serpro": true,
"stamps_used": 12,
"stamps_limit": 200,
"stamps_available": true
}
Criar Documento
POST
/documents
Cria documento. Suporta 3 modos: individual, lote por lista e envio em massa por planilha
Parâmetros Base (todos os modos)
| Campo | Tipo | Obrig. | Descrição |
|---|---|---|---|
| title | string | required | Título do documento (max 255) |
| mode | string | optional | Modo: individual (padrão), batch_list ou batch_spreadsheet |
| external_id | string | optional | ID do seu sistema para referência |
| ordered_signing | boolean | optional | Assinatura em ordem (default: false). Somente no modo individual |
| expires_at | datetime | optional | Expiração do link (default: 30 dias) |
| file | file (PDF) | optional | Arquivo PDF do documento (max 20MB) |
Modo:
individual — signatários diretos| Campo | Tipo | Obrig. | Descrição |
|---|---|---|---|
| signers | array | required | Lista de signatários (min. 1) |
| signers.*.name | string | required | Nome completo |
| signers.*.email | string | required | E-mail — recebe link de assinatura automaticamente |
| signers.*.phone | string | optional | Celular para verificação SMS |
| signers.*.cpf | string | optional | CPF (somente números) |
| signers.*.order | integer | optional | Ordem de assinatura |
Modo:
batch_list — lote por lista de contatos| Campo | Tipo | Obrig. | Descrição |
|---|---|---|---|
| list_ids | array | required | IDs das listas de contatos. Cada contato recebe uma cópia individual do PDF |
Modo:
batch_spreadsheet — envio em massa por planilha| Campo | Tipo | Obrig. | Descrição |
|---|---|---|---|
| spreadsheet | file (CSV/XLSX) | required | Planilha com colunas: nome, email, telefone, cpf (opcional) |
Java
C#
PHP
JavaScript
TypeScript
Python
// Java 11+ — modo individual
String body = new JSONObject()
.put("title", "Contrato de Prestação de Serviços")
.put("external_id", "contrato-123")
.put("mode", "individual")
.put("signers", new JSONArray().put(
new JSONObject()
.put("name", "João Silva")
.put("email", "[email protected]")
.put("phone", "11999990000")
)).toString();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://sign.lpatech.com.br/api/v1/documents"))
.header("X-Api-Key", "lpa_xxxxxxxxxxxx")
.header("X-Api-Secret", "seu_secret_aqui")
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(body))
.build();// C# — modo individual
var payload = new {
title = "Contrato de Prestação de Serviços",
external_id = "contrato-123",
mode = "individual",
signers = new[] {
new { name = "João Silva", email = "[email protected]", phone = "11999990000" }
}
};
using var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-Api-Key", "lpa_xxxxxxxxxxxx");
client.DefaultRequestHeaders.Add("X-Api-Secret", "seu_secret_aqui");
var content = new StringContent(JsonSerializer.Serialize(payload), Encoding.UTF8, "application/json");
var response = await client.PostAsync("https://sign.lpatech.com.br/api/v1/documents", content);// PHP — modo individual
$payload = json_encode([
"title" => "Contrato de Prestação de Serviços",
"external_id" => "contrato-123",
"mode" => "individual",
"signers" => [["name" => "João Silva", "email" => "[email protected]", "phone" => "11999990000"]],
]);
$ch = curl_init("https://sign.lpatech.com.br/api/v1/documents");
curl_setopt_array($ch, [
CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_POSTFIELDS => $payload,
CURLOPT_HTTPHEADER => ["X-Api-Key: lpa_xxxxxxxxxxxx", "X-Api-Secret: seu_secret_aqui", "Content-Type: application/json"],
]);
$resp = json_decode(curl_exec($ch), true); curl_close($ch);
// Modo batch_spreadsheet — envia planilha CSV
$ch2 = curl_init("https://sign.lpatech.com.br/api/v1/documents");
curl_setopt_array($ch2, [
CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => [
"title" => "Contrato em Massa",
"mode" => "batch_spreadsheet",
"spreadsheet" => new CURLFile("/caminho/contatos.csv", "text/csv", "contatos.csv"),
],
CURLOPT_HTTPHEADER => ["X-Api-Key: lpa_xxxxxxxxxxxx", "X-Api-Secret: seu_secret_aqui"],
]);
$resp2 = json_decode(curl_exec($ch2), true); curl_close($ch2);// JavaScript — modo individual
const resp = await fetch("https://sign.lpatech.com.br/api/v1/documents", {
method: "POST",
headers: { "X-Api-Key": KEY, "X-Api-Secret": SECRET, "Content-Type": "application/json" },
body: JSON.stringify({
title: "Contrato de Prestação de Serviços",
external_id: "contrato-123",
mode: "individual",
signers: [{ name: "João Silva", email: "[email protected]", phone: "11999990000" }],
}),
});
const { signers } = await resp.json(); // signers[0].sign_url
// Modo batch_spreadsheet
const form = new FormData();
form.append("title", "Contrato em Massa");
form.append("mode", "batch_spreadsheet");
form.append("spreadsheet", csvFile); // File object
const resp2 = await fetch("https://sign.lpatech.com.br/api/v1/documents", {
method: "POST",
headers: { "X-Api-Key": KEY, "X-Api-Secret": SECRET },
body: form,
});// TypeScript
interface Signer { name: string; email: string; phone?: string; cpf?: string; }
interface CreatePayload {
title: string; external_id?: string; mode?: "individual" | "batch_list" | "batch_spreadsheet";
signers?: Signer[]; list_ids?: number[]; ordered_signing?: boolean; expires_at?: string;
}
const resp = await fetch("https://sign.lpatech.com.br/api/v1/documents", {
method: "POST",
headers: { "X-Api-Key": KEY, "X-Api-Secret": SECRET, "Content-Type": "application/json" } as HeadersInit,
body: JSON.stringify({ title: "Contrato", mode: "individual", signers: [{ name: "João", email: "[email protected]" }] } as CreatePayload),
});
const data = await resp.json();import requests
# Modo individual
resp = requests.post("https://sign.lpatech.com.br/api/v1/documents",
json={"title": "Contrato", "external_id": "123", "mode": "individual",
"signers": [{"name": "João", "email": "[email protected]", "phone": "11999990000"}]},
headers={"X-Api-Key": "lpa_xxxxxxxxxxxx", "X-Api-Secret": "seu_secret_aqui"})
sign_url = resp.json()["signers"][0]["sign_url"]
# Modo batch_spreadsheet
with open("contatos.csv", "rb") as f:
resp2 = requests.post("https://sign.lpatech.com.br/api/v1/documents",
data={"title": "Contrato em Massa", "mode": "batch_spreadsheet"},
files={"spreadsheet": ("contatos.csv", f, "text/csv")},
headers={"X-Api-Key": "lpa_xxxxxxxxxxxx", "X-Api-Secret": "seu_secret_aqui"})201 Created — modo individual
{
"id": 42, "external_id": "contrato-123", "mode": "individual", "status": "pending",
"has_file": true,
"signers": [{ "id": 7, "name": "João Silva", "email": "[email protected]",
"sign_url": "https://sign.lpatech.com.br/sign/AbCxYz...", "status": "pending" }]
}
201 Created — modo batch_list / batch_spreadsheet
{
"id": 55, "external_id": null, "mode": "batch_spreadsheet", "status": "pending",
"copies": 150,
"message": "150 copies created. Position fields and send invites."
}
Buscar Documento
GET
/documents/{external_id}
Retorna status, signatários e cópias do lote quando aplicável
Java
C#
PHP
JavaScript
Python
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://sign.lpatech.com.br/api/v1/documents/contrato-123"))
.header("X-Api-Key", "lpa_xxxxxxxxxxxx").header("X-Api-Secret", "seu_secret_aqui")
.GET().build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());using var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-Api-Key", "lpa_xxxxxxxxxxxx");
client.DefaultRequestHeaders.Add("X-Api-Secret", "seu_secret_aqui");
var json = await client.GetStringAsync("https://sign.lpatech.com.br/api/v1/documents/contrato-123");$ch = curl_init("https://sign.lpatech.com.br/api/v1/documents/contrato-123");
curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [
"X-Api-Key: lpa_xxxxxxxxxxxx", "X-Api-Secret: seu_secret_aqui"]]);
$doc = json_decode(curl_exec($ch), true); curl_close($ch);const doc = await fetch("https://sign.lpatech.com.br/api/v1/documents/contrato-123",
{ headers: { "X-Api-Key": KEY, "X-Api-Secret": SECRET } }).then(r => r.json());doc = requests.get("https://sign.lpatech.com.br/api/v1/documents/contrato-123",
headers={"X-Api-Key": KEY, "X-Api-Secret": SECRET}).json()200 OK
{ "id": 42, "mode": "individual", "status": "signed",
"signers": [{ "id": 7, "status": "signed", "signed_at": "2026-03-19T15:30:00Z" }] }
Cancelar Documento
DELETE
/documents/{external_id}
Cancela documento e revoga todos os links pendentes
Java
C#
PHP
JavaScript
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://sign.lpatech.com.br/api/v1/documents/contrato-123"))
.header("X-Api-Key", "lpa_xxxxxxxxxxxx").header("X-Api-Secret", "seu_secret_aqui")
.DELETE().build();
client.send(request, HttpResponse.BodyHandlers.ofString());using var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-Api-Key", "lpa_xxxxxxxxxxxx");
client.DefaultRequestHeaders.Add("X-Api-Secret", "seu_secret_aqui");
await client.DeleteAsync("https://sign.lpatech.com.br/api/v1/documents/contrato-123");$ch = curl_init("https://sign.lpatech.com.br/api/v1/documents/contrato-123");
curl_setopt_array($ch, [CURLOPT_CUSTOMREQUEST => "DELETE", CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ["X-Api-Key: lpa_xxxxxxxxxxxx", "X-Api-Secret: seu_secret_aqui"]]);
curl_exec($ch); curl_close($ch);await fetch("https://sign.lpatech.com.br/api/v1/documents/contrato-123", {
method: "DELETE", headers: { "X-Api-Key": KEY, "X-Api-Secret": SECRET }
});Prova de Assinatura
GET
/documents/{external_id}/pdf
HTML da prova com trilha de auditoria completa
Retorna HTML com dados do signatário, hash SHA-256, geolocalização e carimbo SERPRO quando disponível.
Download do PDF Assinado
GET
/documents/{external_id}/content
Faz download do PDF assinado (ou original se ainda não assinado)
Retorna o arquivo PDF como application/pdf.
Header X-Document-Type: signed ou original.
Header X-File-Hash: SHA-256 do arquivo retornado para verificação de integridade.
Validar PDF
POST
/documents/validate
Valida se um PDF foi assinado pelo LPA Sign. Útil para perícia judicial
Body Parameters
| Campo | Tipo | Obrig. | Descrição |
|---|---|---|---|
| file | file (PDF) | optional* | Arquivo PDF para validar |
| hash | string | optional* | Hash SHA-256 do PDF (alternativa ao envio do arquivo) |
* Envie file ou hash — pelo menos um obrigatório.
200 OK — válido
{ "valid": true, "type": "signed", "document_id": "contrato-123", "title": "Contrato...",
"status": "signed", "signed_at": "2026-03-19T15:30:00Z",
"message": "Hash corresponds to the signed document. Document integrity verified." }
404 — não encontrado
{ "valid": false, "message": "No document found with this hash. The file may have been altered or was not signed by LPA Sign." }
Adicionar Signatário
POST
/documents/{external_id}/signers
Adiciona signatário — envia convite por email automaticamente
Body Parameters
| Campo | Tipo | Obrig. | Descricao |
|---|---|---|---|
| name | string | required | Nome completo |
| string | required | E-mail — recebe convite automaticamente | |
| phone | string | optional | Celular para SMS |
| cpf | string | optional | CPF somente numeros |
| order | integer | optional | Ordem de assinatura |
Java
C#
PHP
JavaScript
Python
String body = new JSONObject().put("name","Maria Santos").put("email","[email protected]").put("phone","11988880000").toString();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://sign.lpatech.com.br/api/v1/documents/contrato-123/signers"))
.header("X-Api-Key","lpa_xxxxxxxxxxxx").header("X-Api-Secret","seu_secret_aqui").header("Content-Type","application/json")
.POST(HttpRequest.BodyPublishers.ofString(body)).build();var payload = new { name = "Maria Santos", email = "[email protected]", phone = "11988880000" };
using var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-Api-Key","lpa_xxxxxxxxxxxx");
client.DefaultRequestHeaders.Add("X-Api-Secret","seu_secret_aqui");
var content = new StringContent(JsonSerializer.Serialize(payload), Encoding.UTF8, "application/json");
var response = await client.PostAsync("https://sign.lpatech.com.br/api/v1/documents/contrato-123/signers", content);$ch = curl_init("https://sign.lpatech.com.br/api/v1/documents/contrato-123/signers");
curl_setopt_array($ch, [CURLOPT_POST=>true, CURLOPT_RETURNTRANSFER=>true,
CURLOPT_POSTFIELDS=>json_encode(["name"=>"Maria Santos","email"=>"[email protected]","phone"=>"11988880000"]),
CURLOPT_HTTPHEADER=>["X-Api-Key: lpa_xxxxxxxxxxxx","X-Api-Secret: seu_secret_aqui","Content-Type: application/json"]]);
$signer = json_decode(curl_exec($ch), true); curl_close($ch);const signer = await fetch("https://sign.lpatech.com.br/api/v1/documents/contrato-123/signers", {
method: "POST",
headers: { "X-Api-Key": KEY, "X-Api-Secret": SECRET, "Content-Type": "application/json" },
body: JSON.stringify({ name: "Maria Santos", email: "[email protected]", phone: "11988880000" }),
}).then(r => r.json());signer = requests.post("https://sign.lpatech.com.br/api/v1/documents/contrato-123/signers",
json={"name":"Maria Santos","email":"[email protected]","phone":"11988880000"},
headers={"X-Api-Key":KEY,"X-Api-Secret":SECRET}).json()201 Created
{ "id": 8, "name": "Maria Santos", "email": "[email protected]", "sign_url": "https://sign.lpatech.com.br/sign/XyZ...", "status": "pending" }
Listas de Contatos
Gerencie listas de contatos para envio em massa. Crie uma lista, importe contatos e use o ID da lista ao criar documentos.
GET
/contact-lists
Lista todas as listas do tenant
Java
C#
PHP
JavaScript
Python
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://sign.lpatech.com.br/api/v1/contact-lists"))
.header("X-Api-Key","lpa_xxxxxxxxxxxx").header("X-Api-Secret","seu_secret_aqui")
.GET().build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());using var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-Api-Key","lpa_xxxxxxxxxxxx");
client.DefaultRequestHeaders.Add("X-Api-Secret","seu_secret_aqui");
var json = await client.GetStringAsync("https://sign.lpatech.com.br/api/v1/contact-lists");$ch = curl_init("https://sign.lpatech.com.br/api/v1/contact-lists");
curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER=>true, CURLOPT_HTTPHEADER=>["X-Api-Key: lpa_xxxxxxxxxxxx","X-Api-Secret: seu_secret_aqui"]]);
$lists = json_decode(curl_exec($ch), true); curl_close($ch);const lists = await fetch("https://sign.lpatech.com.br/api/v1/contact-lists",
{ headers: { "X-Api-Key": KEY, "X-Api-Secret": SECRET } }).then(r => r.json());lists = requests.get("https://sign.lpatech.com.br/api/v1/contact-lists",
headers={"X-Api-Key": KEY, "X-Api-Secret": SECRET}).json()200 OK
[{ "id": 1, "name": "Clientes Marco 2026", "description": null, "contacts_count": 42, "created_at": "2026-03-19T..." }]
POST
/contact-lists
Cria uma nova lista
Body Parameters
| Campo | Tipo | Obrig. | Descricao |
|---|---|---|---|
| name | string | required | Nome da lista (max 100) |
| description | string | optional | Descricao da lista |
Java
C#
PHP
JavaScript
String body = new JSONObject().put("name","Clientes Marco 2026").put("description","Lote mensal").toString();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://sign.lpatech.com.br/api/v1/contact-lists"))
.header("X-Api-Key","lpa_xxxxxxxxxxxx").header("X-Api-Secret","seu_secret_aqui").header("Content-Type","application/json")
.POST(HttpRequest.BodyPublishers.ofString(body)).build();var payload = new { name = "Clientes Marco 2026", description = "Lote mensal" };
using var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-Api-Key","lpa_xxxxxxxxxxxx");
client.DefaultRequestHeaders.Add("X-Api-Secret","seu_secret_aqui");
var response = await client.PostAsync("https://sign.lpatech.com.br/api/v1/contact-lists",
new StringContent(JsonSerializer.Serialize(payload), Encoding.UTF8, "application/json"));$ch = curl_init("https://sign.lpatech.com.br/api/v1/contact-lists");
curl_setopt_array($ch, [CURLOPT_POST=>true, CURLOPT_RETURNTRANSFER=>true,
CURLOPT_POSTFIELDS=>json_encode(["name"=>"Clientes Marco 2026"]),
CURLOPT_HTTPHEADER=>["X-Api-Key: lpa_xxxxxxxxxxxx","X-Api-Secret: seu_secret_aqui","Content-Type: application/json"]]);
$list = json_decode(curl_exec($ch), true); curl_close($ch);const list = await fetch("https://sign.lpatech.com.br/api/v1/contact-lists", {
method: "POST",
headers: { "X-Api-Key": KEY, "X-Api-Secret": SECRET, "Content-Type": "application/json" },
body: JSON.stringify({ name: "Clientes Marco 2026" }),
}).then(r => r.json());201 Created
{ "id": 3, "name": "Clientes Marco 2026", "description": null }
POST
/contact-lists/{id}/contacts
Adiciona contato a uma lista
Body Parameters
| Campo | Tipo | Obrig. | Descricao |
|---|---|---|---|
| string | required | E-mail do contato | |
| phone | string | required | Telefone para SMS |
| name | string | optional | Nome completo |
| cpf | string | optional | CPF somente numeros |
| document_value | number | optional | Valor do documento (ex: 1500.00) |
201 Created
{ "id": 15, "email": "[email protected]", "name": "Joao Silva" }
POST
/contact-lists/{id}/import
Importa contatos via planilha XLSX/CSV
Envie multipart/form-data com o arquivo. Colunas detectadas por nome: nome, email, telefone, cpf, valor_documento. Obrigatorio: email e telefone.
Java
C#
PHP
JavaScript
// Java — multipart upload
Path filePath = Path.of("contatos.xlsx");
String boundary = "---LPABoundary";
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://sign.lpatech.com.br/api/v1/contact-lists/3/import"))
.header("X-Api-Key", "lpa_xxxxxxxxxxxx")
.header("X-Api-Secret", "seu_secret_aqui")
.header("Content-Type", "multipart/form-data; boundary=" + boundary)
.POST(HttpRequest.BodyPublishers.ofByteArray(buildMultipart(boundary, filePath)))
.build();// C#
using var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-Api-Key", "lpa_xxxxxxxxxxxx");
client.DefaultRequestHeaders.Add("X-Api-Secret", "seu_secret_aqui");
using var form = new MultipartFormDataContent();
form.Add(new ByteArrayContent(File.ReadAllBytes("contatos.xlsx")), "file", "contatos.xlsx");
var response = await client.PostAsync("https://sign.lpatech.com.br/api/v1/contact-lists/3/import", form);$ch = curl_init("https://sign.lpatech.com.br/api/v1/contact-lists/3/import");
curl_setopt_array($ch, [CURLOPT_POST=>true, CURLOPT_RETURNTRANSFER=>true,
CURLOPT_POSTFIELDS=>["file" => new CURLFile("/caminho/contatos.xlsx","application/vnd.openxmlformats-officedocument.spreadsheetml.sheet","contatos.xlsx")],
CURLOPT_HTTPHEADER=>["X-Api-Key: lpa_xxxxxxxxxxxx","X-Api-Secret: seu_secret_aqui"]]);
$result = json_decode(curl_exec($ch), true); curl_close($ch);const form = new FormData();
form.append("file", fileInput.files[0]);
const result = await fetch("https://sign.lpatech.com.br/api/v1/contact-lists/3/import", {
method: "POST",
headers: { "X-Api-Key": KEY, "X-Api-Secret": SECRET },
body: form,
}).then(r => r.json());
// result.imported = numero de contatos importados200 OK
{ "imported": 38, "errors": 2 }
GET
/contact-lists/{id}
Retorna lista com seus contatos
200 OK
{ "id": 3, "name": "Clientes Marco 2026", "total": 40,
"contacts": [{ "id": 15, "name": "Joao Silva", "email": "[email protected]", "phone": "11999990000" }] }
DELETE
/contact-lists/{id}
Remove lista e todos os contatos
200 OK
{ "message": "List deleted." }
Webhooks
Configure URLs em Painel → Webhooks para receber notificacoes automaticas.
POST
seu_endpoint_configurado
Enviado automaticamente pelo LPA Sign
| Evento | Quando e disparado |
|---|---|
| document.signer.signed | Um signatário assinou o documento |
| document.signed | Todos os signatários assinaram |
| document.expired | O link de assinatura expirou |
| document.cancelled | O documento foi cancelado |
Payload recebido
{
"event": "document.signer.signed",
"tenant_id": 2,
"timestamp": "2026-03-19T15:30:00Z",
"data": { "document_id": 42, "signer_id": 7, "signed_at": "2026-03-19T15:30:00Z" }
}
Validando a assinatura
X-LPA-SignatureJava
C#
PHP
JavaScript
// Java — Spring Boot
@PostMapping("/webhook/lpasign")
public ResponseEntity<Void> webhook(@RequestBody String body, @RequestHeader("X-LPA-Signature") String sig) {
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec("SEU_SECRET".getBytes(), "HmacSHA256"));
String expected = "sha256=" + HexFormat.of().formatHex(mac.doFinal(body.getBytes()));
if (!expected.equals(sig)) return ResponseEntity.status(401).build();
// processar...
return ResponseEntity.ok().build();
}// C# — ASP.NET Core
[HttpPost("webhook/lpasign")]
public IActionResult Webhook([FromBody] JsonElement payload) {
var body = Request.Body.ToString();
var sig = Request.Headers["X-LPA-Signature"].ToString();
using var hmac = new HMACSHA256(Encoding.UTF8.GetBytes("SEU_SECRET"));
var hash = "sha256=" + Convert.ToHexString(hmac.ComputeHash(Encoding.UTF8.GetBytes(body))).ToLower();
if (hash != sig) return Unauthorized();
// processar...
return Ok();
}$payload = file_get_contents("php://input");
$sig = "sha256=" . hash_hmac("sha256", $payload, "SEU_SECRET");
if (!hash_equals($sig, $_SERVER["HTTP_X_LPA_SIGNATURE"])) {
http_response_code(401); exit;
}
$data = json_decode($payload, true);
if ($data["event"] === "document.signer.signed") {
// processar...
}
http_response_code(200);// Node.js — Express
const crypto = require("crypto");
app.post("/webhook/lpasign", express.raw({ type: "application/json" }), (req, res) => {
const sig = "sha256=" + crypto.createHmac("sha256", "SEU_SECRET").update(req.body).digest("hex");
if (sig !== req.headers["x-lpa-signature"]) return res.sendStatus(401);
const { event, data } = JSON.parse(req.body);
if (event === "document.signer.signed") { /* processar */ }
res.sendStatus(200);
});Codigos de Erro
| Codigo | Significado | Como resolver |
|---|---|---|
| 401 | Credenciais ausentes ou invalidas | Verifique X-Api-Key e X-Api-Secret |
| 403 | Conta suspensa ou sem permissao | Verifique status da conta no painel |
| 404 | Recurso nao encontrado | Verifique o external_id ou ID informado |
| 422 | Erro de validacao | Verifique os campos obrigatorios na resposta |
| 429 | Rate limit excedido | Aguarde — limite de 60 req/min por chave |
| 500 | Erro interno | Entre em contato com o suporte |
Erros de validacao retornam detalhes no campo errors:
{ "message": "The email field is required.", "errors": { "email": ["The email field is required."] } }