name

 fills the "Name" textfield

 email

 fills the "E-mail" textfield

 reason

 fills the "Purpose" textfield

 location

 fills the "Location" textfield

 certify

 controls the "Certify" checkbox, default is false (“last signature on a pdf”)

 embedFonts

 keeps PDF/A compliance (under the assumption the rest of the document previously was   compliant)   – signature is visible and has text, adds the font of the signature box. Detect only   enables the option   if other fonts were embedded before.

 signatureVisible

 determines whether the signature is visible when optically viewed/printed, default is true

 picturebase64

 this is the base64 encoded image (has no legal meaning, but QES newbies like it)

 userName

 login

 fills the "Login" textfield for initial authorization of the signature towards PrivaSphere

 password

 fills the "Password" textfield (attention: saving this in your favorites does not encrypt it –   similarly, in   the exported json configuration, it is not protected, but plain visible)

 hidePasswordField

 disables the "Password" textfield – default is false. If you opt-out from “initial authorization of   the   signature towards PrivaSphere”, there is one less step, but attackers might create MobileID   authorization requests for rogue documents. If you want to simplify the steps, doing the “initial   authorization of the signature towards PrivaSphere” can be easily done with SSO / IDP – the   end-   user doesn’t notice the authorization towards PrivaSphere, but it is of high quality.

 lang

 changes the signers language, default is en

 focusPage

 on what page the signature box shows up, default is last

 boxleft

 distance between signature box and left side of the document in px

 boxtop

 distance between signature box and top of the document in px

 boxwidth

 width of the signature box in px

 boxheight

 height of the signature box in px

 noAlert

 disables the success popup

 showSecSend

 enables the offer to send the signed file

 sigUploadUrl

 the URL of the plaform user for “secure sending”

 provider

 url to which the document hashes will be sent and from which the signature-byteArray comes   back   that will be inserted into the document discretely inside the browser

 pictureName

 the name of signature image file (only for debugging purposes if you have multiple similar   versions   of that image file)

pictureContentType

 MIME-Type of the signature image file

 When using an external file storage system (e.g. NextCloud, SharePoint) to access the signer,   points   to the URL of the file that the signer will download and sign

 When using an external file storage system (e.g. NextCloud, SharePoint) to access the signer,   points   to the URL where the signer will upload the previously downloaded and now signed file

 Specifies the external file storage system used for this instance of the signer  (Currently   supports   "sharepoint" and "nexcloud")

 externalSourceAuthHeader

 Access privileges sent by the external file storage system to access the downloadUrl and   uploadUrl   paths – this should be a short-lived one-time authenticator to prevent   users/attackers from sharing   it. The same can be achieved if the URLs are hard-to-guess   one-time URLs. The download-URL can   have a really short livetime (< 1 minute) while the   upload should be valid for the anticipated duration   of the end-user signing the document.

 If the PDFS Signer is embedded in the client's external source, there is no need for short-lived URLs   as the system is secure at all times.