Skip to main content

Signatures API

API endpoints for DigiSigner digital signature workflows, including signature requests, status tracking, and webhook handling. Base Path: /api (signature endpoints in main routes)
Code Reference: app/services/signature_service.py, app/api/routes.py (signature endpoints)

Signature Requests

Request Document Signature

Request signatures for a document via DigiSigner. Request Body:
Response:
Code Reference: app/api/routes.py (request_document_signature)

Signature Status

Get Document Signatures

Get all signature requests for a document. Response:

Get Signature Details

Get detailed information about a specific signature request. Response: Complete signature request details including signer status

Signed Documents

Download Signed Document

Download the signed document. Response: File download (PDF) Code Reference: app/api/routes.py (download_signed_document)

Webhook Endpoint

DigiSigner Webhook

DigiSigner webhook endpoint for signature status updates. Events Handled:
  • DOCUMENT_SIGNED: Individual signer signed
  • SIGNATURE_REQUEST_COMPLETED: All signers completed
Request Body (DOCUMENT_SIGNED):
Request Body (SIGNATURE_REQUEST_COMPLETED):
Response:
Code Reference: app/api/routes.py (digisigner_webhook)

Signature Status Values

  • pending: Signature request created, awaiting signers
  • in_progress: Some signers have signed, others pending
  • completed: All signers have completed signing
  • declined: One or more signers declined to sign
  • expired: Signature request expired
Code Reference: app/db/models.py (DocumentSignature model)

Error Responses

400 Bad Request

  • Invalid signer email addresses
  • Missing required fields
  • Document file not found

404 Not Found

  • Document not found
  • Signature request not found

500 Internal Server Error

  • DigiSigner API error
  • Document upload failure
  • Webhook processing error

Configuration

Environment Variables

DIGISIGNER_API_KEY
string
DigiSigner API key
DIGISIGNER_BASE_URL
string
DigiSigner API base URL. Default: https://api.digisigner.com/v1
DIGISIGNER_WEBHOOK_SECRET
string
Webhook secret for signature verification (optional but recommended)
Setup Guide: See DigiSigner Setup Guide

Webhook Security

For production, implement webhook signature verification:
  1. Get webhook secret from DigiSigner account settings
  2. Implement HMAC signature verification
  3. Compare signature in X-DigiSigner-Signature header
  4. Reject requests with invalid signatures
Note: Current implementation accepts all webhooks. Signature verification should be added for production.

Additional Resources


Last Updated: 2026-01-14
Code Reference: app/services/signature_service.py, app/api/routes.py