# Integrate digital signatures with GlobalSign DSS This guide explains how to use Nutrient Web SDK to sign documents with [GlobalSign’s Digital Signing Service (DSS)](https://www.globalsign.com/en/digital-signing-service). GlobalSign integration requires Document Engine as the backend signing service. > Unless you explicitly need a Qualified Electronic Signature (QES), Nutrient offers a powerful developer-friendly digital signing API service. Refer to our [advanced eSignatures API](https://www.nutrient.io/api/signing-api/) for more information. ## Overview GlobalSign DSS is a cloud-based solution that enables organizations to deploy trusted digital signatures, without the need for hardware security modules (HSMs) or USB tokens. As a Qualified Trust Service Provider (QTSP), GlobalSign is part of the [Adobe Approved Trust List (AATL)](https://helpx.adobe.com/acrobat/kb/approved-trust-list1.html) and provides PKI-based digital signatures that meet eIDAS regulations in Europe, along with various US regulations. ## Prerequisites Before you can use GlobalSign with Web SDK, you’ll need: 1. A Nutrient Document Engine instance with digital signature support 2. GlobalSign DSS credentials (API key, API secret, TLS certificates) 3. A JWT that authorizes the `digital_signatures_api` operation > [Contact Sales](https://www.nutrient.io/contact-sales/) to obtain GlobalSign DSS credentials. We’ll help streamline the process of getting your organization vetted by GlobalSign, which is required for obtaining a digital signing certificate. ## Architecture When using GlobalSign with Web SDK, the architecture works as follows: 1. **Client-side (Web SDK)** — Your web application triggers the signing operation using JavaScript. 2. **Server-side (Document Engine)** — Document Engine handles the actual GlobalSign integration and cryptographic operations. 3. **GlobalSign DSS** — The cloud-based signing service that performs the digital signature. This architecture keeps your GlobalSign credentials secure on the server while providing a seamless signing experience in the browser. ## Client-side implementation To sign a document from Web SDK using GlobalSign on the backend, use the `signDocument` method with the `signingToken` parameter. The `signingToken` tells Document Engine to use GlobalSign DSS for the signing operation. The `CAdES` signature type and `b_lt` level are required because GlobalSign certificates expire after 10 minutes. These settings ensure long-term signature validity. Follow our guide on [signing PDFs via Document Engine](https://www.nutrient.io/guides/web/signatures/digital-signatures/signature-lifecycle/sign-a-pdf-document-document-engine.md) to understand the complete implementation. The key is to include the `signingToken` parameter. ## Server-side setup The GlobalSign integration must be configured on your Document Engine instance. This includes: - Setting up GlobalSign DSS credentials - Configuring the signing service to use GlobalSign - Managing certificate chains and API keys For complete server-side setup instructions, refer to the [Document Engine GlobalSign integration](https://www.nutrient.io/guides/document-engine/signatures/integrations/globalsign.md) guide. --- ## Related pages - [Integrate digital signatures](/guides/web/signatures/digital-signatures/integrations/overview.md) - [Integrate digital signatures with AWS CloudHSM](/guides/web/signatures/digital-signatures/integrations/aws-hsm.md)