General API Services Information
Introduction
Dokobit APIs are RESTful, which means:
- Uses resource-oriented URLs;
- Uses GET and POST methods to perform actions on resources;
- Responds with standard HTTP response codes;
- Returns JSON.
You can find our code examples and SDKs on our GitHub repository.
SSL/TLS Requirements
Since security is one of our top priorities, our solutions follow the most up-to-date security practices. Establishing secure communication would require using the TLS 1.2 or TLS 1.3 security protocol and up-to-date ciphers. Supported port: 443 (HTTPS).
Our current SSL certificate *.dokobit.com is valid until the 3rd of January 2026, 23:59:59 UTC. This certificate can be found here.
We update certificate information in advance, 14 days before the expiration date.
Qualified time-stamping service providers
We use time-stamping services from different providers to ensure a reliable and stable service. We work with providers from the trusted list of qualified trust service providers in accordance with the eIDAS Regulation.
Signicat AS, Qualified electronic time-stamps (signicat-p-tsa) are used by default.
To ensure uninterrupted service availability, we also work with:
- SK ID Solutions AS, SK Time-Stamping Authority for qualified electronic time stamps;
- Asseco Data Systems S.A., Time Stamping Authority.
Load balancing
Because we are focusing on our services' high uptime and performance, all of our solutions use load balancing, meaning that all our client-facing IP addresses are dynamic. As IP addresses constantly change, we suggest you refrain from IP pinning, which could disturb your access to our services.
Rate Limiting
We incorporate rate limits for API requests originating from specific locations to prevent overwhelming of our services and maintain service stability.
The rate limit is the maximum number of requests allowed in a defined period. Reaching the limit will result in your request failing with an HTTP 429 Too Many Requests response. If your servers are calling our services from countries listed below, we ask you to stay within the 100 requests per two-minute range.
Albania - AL, Algeria - DZ, Argentina - AR, Australia - AU, Brazil - BR, Bulgaria - BG, Cambodia - KH, Canada - CA, Chile - CL, Colombia - CO, Ecuador - EC, Egypt - EG, Ghana - GH, Hong Kong - HK, Indonesia - ID, Iran - IR, Japan - JP, Korea, Democratic People's Republic of - KP, Korea, Republic of - KR, Mauritius - MU, Mexico - MX, Morocco - MA, Myanmar - MM, Nepal - NP, Niger - NE, Nigeria - NG, Pakistan - PK, Philippines - PH, Romania - RO, Russian Federation - RU, Singapore - SG, South Africa - ZA, South Sudan - SS, Sudan - SD, Taiwan - TW, Thailand - TH, Ukraine - UA, United Arab Emirates - AE, United Kingdom - GB, United States - US, India - IN
Rate limits do not apply to other locations.
Webhook support
Universal API, Portal API, and Documents Gateway can send webhooks to your defined URL to notify you about noteworthy document signing changes (e.g., a document has been signed). Before using it successfully, ensure the URL is accessible to our services. You can limit accessibility by allowing only our IP addresses to reach your URL. Webhooks are delivered over TLS 1.2. More information can be found here: Dokobit Webhooks.
List of IP addresses used to deliver webhooks:
| Product | Webhook IPs (Production) | Host (Production) | Webhook IPs (Sandbox) | Host (Sandbox) |
| Portal API and Universal API | 13.48.93.139 13.49.35.100 52.18.111.181 52.49.114.157 |
app.dokobit.com | 13.48.65.12 13.49.33.196 13.53.223.172 34.243.61.76 52.212.15.195 |
beta.dokobit.com |
| Documents Gateway | 13.48.117.25 13.48.118.125 13.49.38.35 52.30.67.230 52.50.27.203 |
gateway.dokobit.com | 13.48.65.12 13.49.33.196 13.53.223.172 34.243.61.76 52.212.15.195 |
gateway-sandbox.dokobit.com |