Get Document

The Get Gocument endpoint will return the actual content of the document. The URI that shoud be used to retrieve the document is included in the response when the Get Inbox endpoint is called.

Endpoint

https://api.digipost.no/{sender-id}/inbox/{document-id}/content

Verb

HTTP GET

Request

https://api.digipost.no/{sender-id}/inbox/{document-id}/content

Response

HTTP/1.1 307 Temporary Redirect Location: https://www.digipostdata.no/documents/109695014?token=f677fd84c3f3df8fa147cd2cf28bc4a76f521a67b61a28172a0b81e2363d4fe5642e5c0512cb5f75004217427d34cc8599707e61b4eedca3482572d1d2b29b69&download=false

Additional Comments

When a client requests the content URI of a document, a one-time time-restricted unique URI is generated. The URI looks like:

https://www.digipostdata.no/documents/34303129?token=30a6648a2cb1ce05d31dd6188135d7107c87d353dfe60f7720a598c4d6a95c2e4cf05f3ab63e52d734d745c2bf5084d37347f58aeca9da743235cf37cdca0ecb&download=false

The token part is generated with the following algorithm:

tokenBasis = documentId + SECRET_STRING + UUID.randomUUID() tokenHashBytes = SHA512(tokenBasis) token = String(HexEncode(tokenHashBytes))

The token is stored together with the documentId, created timestamp and some other metadata related to the document. The token is valid for 30 seconds.

When the user requests the generated URI the token is validated against the stored version. The documentId from the URI must also match the documentId associated with the token. The URI can only be used once.