Are signatures created with the Amnoy Digital Signature API legally valid in India?

Yes. Signatures are created using Digital Signature Certificates issued by licensed Indian Certifying Authorities and conform to the IT Act, 2000, making them legally valid for contracts, filings, invoices and compliance documents.

Which programming languages and frameworks are supported?

Any stack that can call a REST endpoint, including PHP, Laravel, Java, Spring Boot, ASP.NET, .NET Core, Python, Django, Flask, Node.js, React, Angular and Vue.js.

How much does the Digital Signature API cost?

Pricing starts at ₹1 per file or text signing on a pay-as-you-use basis, with custom enterprise and government plans available.

CERT-In compliant · IT Act 2000

Sign every document with a verifiable seal.

Amnoy Technology gives your applications a secure Digital Signature API for legally valid DSC signing of PDF, Word, Excel and text — plus the infrastructure security and compliance work that keeps it audit-ready.

Request a demo → Read the API docs

PDF · DOCX · XLSX · TXT Indian CA DSC tokens From ₹1 per signing

Agreement · contract.pdf

Authorised signatory

Certifying authorityeMudhra / Indian CA

Hash (SHA-256)4f9a…c1e7

TimestampRFC 3161 · TSA

Status✓ Verified & sealed

Built for Banking

CERT-In compliant architecture

RFC 3161 trusted timestamps

Tamper-evident audit logs

Keys never leave the token

What we do

Two disciplines, one promise: trust you can verify.

We build the signing layer your product needs, and we harden the infrastructure it runs on. Both are delivered to the same standard regulators expect.

Digital Signature API

Add DSC-based signing to web apps, portals, ERP systems and document workflows over a clean REST API.

Sign PDF, Word, Excel and text
USB token (eToken) DSC support
REST integration for any stack
Legally valid under the IT Act

From ₹1 / signing

Free online signing

Sign PDF, Word and Excel files straight from the browser. Files stay on the device — nothing is uploaded.

Files never leave your computer
Privacy-first, zero upload
Works with Indian CA DSC tokens
Instant, no account required

Free to use

Infrastructure security

Linux and Windows hardening, cloud security, database tuning and continuous monitoring for the servers behind your signing.

Linux & Windows server hardening
Cloud and network security
Database optimisation
Security monitoring

Project & retainer

Compliance readiness

Get audit-ready for CERT-In, PCI-DSS and ISO with gap assessments, remediation and documentation support.

CERT-In & PCI-DSS readiness
ISO security controls
Vulnerability remediation
Audit documentation

Assessment-based

Performance tuning

Faster signing at scale. We profile and tune servers, databases and pipelines so throughput holds under load.

Server performance tuning
Database query optimisation
Throughput & latency testing
Capacity planning

Project-based

Dedicated support

Integration help from people who have shipped signing in regulated environments — not a ticket queue.

Hands-on integration support
Sample code for your stack
Sandbox for testing
SLA-backed enterprise plans

Included & premium

Developer-first

Integrate signing in an afternoon, not a quarter.

One REST endpoint stands between your application and a legally valid signature. Post the document, reference the signatory's DSC token, and receive a signed, timestamped file back. The private key never leaves the hardware token.

Stack agnosticPHP, Laravel, Java, Spring Boot, .NET, Python, Node.js, React, Angular, Vue.
Hardware-backed keysUSB token (eToken) signing keeps private keys off your servers entirely.
Audit logging & timestampsEvery signature is logged and stamped with an RFC 3161 trusted timestamp.

Explore the API →

POST /v1/sign

# Sign a PDF with a DSC USB token
curl -X POST https://api.amnoy.in/v1/sign \
  -H "Authorization: Bearer $AMNOY_KEY" \
  -F "document=@contract.pdf" \
  -F "format=pdf" \
  -F "token_serial=ETKN-4471" \
  -F "reason=Approved by finance"

# → 200 OK
{
  "status": "signed",
  "algorithm": "SHA256withRSA",
  "certificate": "CN=… , O=… , Indian CA",
  "timestamp": "2026-06-16T11:04:22Z",
  "file_url": "…/contract-signed.pdf"
}

How a signature is made

The chain of trust, end to end.

Every signed document carries proof of who signed it, what they signed, and when — anchored to a certificate a court will recognise.

Hash

Your document is hashed with SHA-256, producing a unique fingerprint that changes if a single byte is altered.

Sign

The hash is encrypted with the private key held on the signatory's DSC USB token — the key never leaves the device.

Stamp

An RFC 3161 trusted timestamp binds the signature to a verifiable point in time.

Verify

Anyone can validate the certificate chain back to a licensed Indian Certifying Authority — no Amnoy account required.

Why Amnoy

Security-first, compliance-aware, refreshingly affordable.

Security-first by default

We design for the threat model regulators assume: hardware-held keys, least privilege, encrypted transport and tamper-evident logs from day one.

Specialists, not generalists

Our team works in regulated infrastructure daily — banking, government, insurance — so the patterns are familiar and the pitfalls are known.

Fast integration

Clear REST semantics, sample code for your framework and a sandbox mean a working proof of concept in hours.

Honest pricing

Pay-as-you-use from ₹1 per signing. No seat licences, no setup tax, no surprise minimums — suitable for a startup or a state project.

Compliance-ready output

Signatures, logs and timestamps are produced in the formats your CERT-In, PCI-DSS and ISO auditors ask for.

One accountable partner

The same team that ships your signing layer can harden the servers under it — fewer vendors, one line of accountability.

Industries we serve

Wherever a signature has to hold up.

Banking & Financial Services Insurance Government & Public Sector Healthcare Education Legal & Compliance Enterprise Software SaaS Companies

Questions, answered

Frequently asked

Are signatures legally valid in India?

Yes. Signatures are created with Digital Signature Certificates issued by licensed Indian Certifying Authorities and conform to the Information Technology Act, 2000 — valid for contracts, tenders, invoices, filings and compliance records.

Which document formats can I sign?

PDF, Word (DOCX), Excel (XLSX) and plain text. The API also supports raw-hash signing if you need to embed signatures in a custom container.

Do you support USB token (eToken) DSCs?

Yes. The signing flow is built around hardware tokens so the private key never leaves the device. Indian CA-issued Class 2, Class 3 and organisational DSCs are supported.

What does it cost?

Signing starts at ₹1 per file or text, billed pay-as-you-use. Browser-based personal signing is free. Enterprise and government volumes get custom pricing and SLAs — see pricing.

Can you also secure the servers we run this on?

Yes. Alongside the API we offer Linux and Windows hardening, cloud and network security, database tuning, and CERT-In / PCI-DSS / ISO compliance readiness. See security & compliance.

Put a verifiable seal on every document.

Tell us what you're signing and which stack you're on. We'll set up a sandbox and walk you through a live integration.

Book a free demo → See pricing