> ## Documentation Index
> Fetch the complete documentation index at: https://docs.signsealship.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Seal a document

> Submit a finished, signed PDF (multipart part named `file`, up to 35 MB). It returns sealed with Google Cloud KMS, timestamped by independent RFC 3161 and OpenTimestamps authorities, and wrapped in a public verification URL. Bytes are streamed in memory, never to disk, and discarded after sealing.



## OpenAPI

````yaml /api-reference/openapi.json post /api/passport/seal
openapi: 3.1.0
info:
  title: SignSealShip Partner API
  version: 1.0.0
  description: >-
    The SignSealShip partner API: create Verified Closing Rooms, seal Closing
    Passports and Proof Passports, and manage webhooks. Partner endpoints
    authenticate with a bearer key (`Authorization: Bearer sss_pk_...`); public
    verification endpoints need no key — possession of the verify, room, or
    order code is the authorization. See the Guides for full prose, rate limits,
    and signature verification.
  contact:
    name: SignSealShip
    url: https://signsealship.com/partner
servers:
  - url: https://signsealship.com
    description: Production
security:
  - partnerKey: []
tags:
  - name: Onboarding
    description: Request partner API access.
  - name: Closing Rooms
    description: Verified Closing Rooms — one shareable page per transaction.
  - name: Closing Passports
    description: Room-level, hash-chained, KMS-sealed evidence manifests.
  - name: Proof Passport
    description: Seal and verify a single executed PDF.
  - name: Webhooks
    description: Signed event delivery and subscription management.
paths:
  /api/passport/seal:
    post:
      tags:
        - Proof Passport
      summary: Seal a document
      description: >-
        Submit a finished, signed PDF (multipart part named `file`, up to 35
        MB). It returns sealed with Google Cloud KMS, timestamped by independent
        RFC 3161 and OpenTimestamps authorities, and wrapped in a public
        verification URL. Bytes are streamed in memory, never to disk, and
        discarded after sealing.
      requestBody:
        required: true
        content:
          multipart/form-data:
            schema:
              type: object
              required:
                - file
              properties:
                file:
                  type: string
                  format: binary
                  description: The executed PDF. Maximum 35 MB.
      responses:
        '200':
          description: Document sealed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProofSealResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  schemas:
    ProofSealResponse:
      type: object
      properties:
        passportId:
          type: string
          format: uuid
        verifyCode:
          type: string
        verifyUrl:
          type: string
          description: Absolute public verification URL.
        docSha256:
          type: string
          description: SHA-256 of the exact bytes you uploaded (pre-seal).
        sealedSha256:
          type: string
          description: SHA-256 of the sealed PDF SignSealShip produced.
        status:
          type: string
          example: sealed
        timestamps:
          type: object
          description: >-
            Independent timestamp evidence; either member is `null` when the
            authority could not be reached.
          properties:
            rfc3161:
              type:
                - object
                - 'null'
              properties:
                authority:
                  type: string
                timestampedAtUtc:
                  type: string
                  format: date-time
            openTimestamps:
              type:
                - object
                - 'null'
              properties:
                calendar:
                  type: string
                submittedAtUtc:
                  type: string
                  format: date-time
                status:
                  type: string
                  example: pending
    Error:
      type: object
      properties:
        error:
          type: string
  responses:
    BadRequest:
      description: Invalid request.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Missing, malformed, revoked, or unknown partner key.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: A valid partner API key is required.
  securitySchemes:
    partnerKey:
      type: http
      scheme: bearer
      bearerFormat: sss_pk_...
      description: 'Partner API key. Send as `Authorization: Bearer sss_pk_...`.'

````