> ## Documentation Index
> Fetch the complete documentation index at: https://umbrella-docs.info/llms.txt
> Use this file to discover all available pages before exploring further.

# QES Onboarding Create Session Link Service

> QES Onboarding Create Session Link Service API Documentation

For a usage description of the QES Onboarding Create Session Link Service, please refer to the [QES Onboarding](/essentials/qesOnboarding) page.

## Endpoint

**POST** `/onboarding/createSessionLink`

## Swagger

<a href="/public/downloads/swagger/qes/QESOnboarding.postman_collection.json" download="QESOnboarding.postman_collection.json">
  <button>⬇️ Download OpenAPI YAML</button>
</a>


## OpenAPI

````yaml POST /onboarding/createSessionLink
openapi: 3.1.0
info:
  title: Umbrella API
  version: 1.0.0
  description: >-
    API documentation for Umbrella services including KYB, KYC, AML, payments,
    phone intelligence, onboarding, and address verification.
servers:
  - url: https://api-umbrella.io/api/services
    description: Production
  - url: https://sandbox-umbrella-api.azurewebsites.net/api/services
    description: Sandbox
security:
  - bearerAuth: []
paths:
  /onboarding/createSessionLink:
    post:
      summary: Create QES Session Link
      description: >-
        Starts a QES signing session for a specified user. Returns a URL that
        redirects the user to the signing wizard. The backend will send this
        session link to the user for document signing.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateSessionLinkRequest'
            examples:
              default:
                value:
                  email: support@idcanopy.com
                  phoneNumber: '+436508021530'
                  redirectUrl: https://example.com/onboarding/success
                  docUrl: https://cdn.idcanopy.com/pdf/onb-t3.pdf
                  signForms:
                    - fieldId: Signature1
                      actorId: userToIdentify
                    - fieldId: Signature2
                      actorId: userToIdentify
                  fillForm:
                    - fieldId: name
                      value: ${identification.firstName}
                    - fieldId: surname
                      value: ${identification.lastName}
      responses:
        '200':
          description: Session link successfully created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateSessionLinkResponse'
              examples:
                default:
                  value:
                    status: true
                    data:
                      requestId: 123e4567-e89b-12d3-a456-426614174000
                      url: >-
                        https://example.com/api/v2/actorTrip/urlback?t=EXAMPLE_TOKEN
                      expiresAfter: '2025-07-30T08:55:52.520909994Z'
        '400':
          description: Invalid request payload.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error400'
        '401':
          description: Unauthorized request.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error401'
components:
  schemas:
    CreateSessionLinkRequest:
      type: object
      required:
        - email
        - phoneNumber
        - redirectUrl
        - docUrl
      properties:
        email:
          type: string
          description: User's email address.
          format: email
          example: user@example.com
        phoneNumber:
          type: string
          description: User's phone number (E.164 format).
          example: '+436769556026'
          pattern: ^\+?[1-9]\d{1,14}$
        redirectUrl:
          type: string
          description: URL to redirect user to after signing.
          format: uri
          example: https://example.com/onboarding/success
        docUrl:
          type: string
          description: >-
            Public HTTPS URL of the PDF to sign. Must be accessible without auth
            headers.
          format: uri
          example: https://cdn.idcanopy.com/pdf/onb-t3.pdf
          pattern: ^https://
        signForms:
          type: array
          description: Signature fields in the PDF (AcroForm field IDs).
          items:
            type: object
            required:
              - fieldId
              - actorId
            properties:
              fieldId:
                type: string
                description: AcroForm signature field ID.
              actorId:
                type: string
                description: Identifier of the signer (e.g., 'userToIdentify').
        fillForm:
          type: array
          description: Pre-fillable text fields in the PDF.
          items:
            type: object
            required:
              - fieldId
              - value
            properties:
              fieldId:
                type: string
                description: AcroForm text field ID.
              value:
                type: string
                description: >-
                  Value to insert (supports template vars like
                  ${identification.firstName}).
    CreateSessionLinkResponse:
      type: object
      required:
        - status
        - data
      properties:
        status:
          type: boolean
          description: Whether the request was successful.
        data:
          type: object
          required:
            - url
            - expiresAfter
            - requestId
          properties:
            requestId:
              type: string
              description: Unique identifier for the created session.
              example: 123e4567-e89b-12d3-a456-426614174000
            url:
              type: string
              description: URL to redirect user to the signing wizard.
              format: uri
              example: https://example.com/api/v2/actorTrip/urlback?t=EXAMPLE_TOKEN
            expiresAfter:
              type: string
              format: date-time
              description: ISO timestamp for session expiration.
              example: '2025-07-30T08:55:52.520909994Z'
    Error400:
      required:
        - message
      type: object
      properties:
        message:
          type: string
          example: Invalid request payload
    Error401:
      required:
        - message
      type: object
      properties:
        message:
          type: string
          example: Unauthorized request
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: Bearer token obtained from POST /auth. Valid for 60 minutes.

````