API reference
The Doc E Sign REST API lets you send documents for signature, list and retrieve envelopes, resend signing invitations, and verify document integrity — all programmatically.
API key authentication is not yet available. It ships in Phase 2. At Phase 1, the API uses session cookie authentication only — suitable for server-side integrations where you control a Doc E Sign session.
This reference documents the current Phase 1 API surface. The Phase 2 update will add Authorization: Bearer <api_key> support and API key management in the dashboard.
Base URL
https://doc-e-sign.com/api/v1
Authentication
All endpoints require authentication. At Phase 1, pass your Doc E Sign session cookie with every request.
To obtain a session cookie, sign in at doc-e-sign.com/sign-in and copy the session cookie from your browser's DevTools (Application → Cookies). See the Sandbox page for a step-by-step guide.
curl https://doc-e-sign.com/api/v1/envelopes \
-H "Cookie: sb-access-token=<your-session-cookie>"
Endpoints
Upload a document
Before creating an envelope, upload the PDF to obtain a storagePath.
POST /api/v1/upload
Request body: raw PDF bytes (Content-Type: application/pdf). Maximum 20 MB.
curl -X POST https://doc-e-sign.com/api/v1/upload \
-H "Content-Type: application/pdf" \
-H "Cookie: sb-access-token=<your-session-cookie>" \
--data-binary @contract.pdf
Response 201 Created:
{
"storagePath": "user-id/a1b2c3d4/envelope-uuid/original.pdf",
"removed": []
}
removed lists any elements stripped from the PDF (e.g. embedded scripts). An empty array means nothing was removed.
Error responses:
| Status | Code | Reason |
|---|---|---|
| 401 | UNAUTHORIZED | No valid session |
| 422 | FILE_TOO_LARGE | File exceeds 20 MB |
| 422 | INVALID_TYPE | Not a PDF (verified from file content, not Content-Type) |
| 422 | PDF_SANITIZE_FAILED | PDF could not be processed |
Create an envelope
POST /api/v1/envelopes
curl -X POST https://doc-e-sign.com/api/v1/envelopes \
-H "Content-Type: application/json" \
-H "Cookie: sb-access-token=<your-session-cookie>" \
-d '{
"title": "NDA — Acme Corp",
"signerEmail": "signer@example.com",
"storagePathTemp": "user-id/a1b2c3d4/envelope-uuid/original.pdf",
"signingExpiresAfter": "5_days"
}'
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
title | string | ✓ | Document title — shown in the signing invitation email |
signerEmail | string | ✓ | Signer's email address |
storagePathTemp | string | ✓ | storagePath returned by the upload endpoint |
signingExpiresAfter | string | ✓ | Link expiry — one of: 1_day, 3_days, 5_days, 7_days, 14_days, 30_days |
Response 201 Created:
{
"envelopeId": "550e8400-e29b-41d4-a716-446655440000"
}
The signing invitation is sent to the signer immediately. The signer receives a link that expires after the specified duration.
Error responses:
| Status | Code | Reason |
|---|---|---|
| 400 | VALIDATION_ERROR | Missing or invalid fields |
| 400 | FILE_NOT_FOUND | storagePathTemp does not exist or does not belong to your account |
| 401 | UNAUTHORIZED | No valid session |
| 402 | USAGE_LIMIT_REACHED | Monthly envelope limit reached |
| 500 | SENDER_EMAIL_MISSING | Account email not available |
| 502 | EMAIL_SEND_FAILED | Signing invitation could not be sent — document is saved, resend from dashboard |
List envelopes
GET /api/v1/envelopes
Returns all envelopes for the authenticated account, ordered by creation date descending.
curl https://doc-e-sign.com/api/v1/envelopes \
-H "Cookie: sb-access-token=<your-session-cookie>"
Response 200 OK:
{
"envelopes": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "NDA — Acme Corp",
"status": "sent",
"createdAt": "2026-05-30T14:22:05Z"
}
]
}
Envelope statuses:
| Status | Meaning |
|---|---|
draft | Created but sending failed — resend from the dashboard |
sent | Invitation sent, awaiting signing |
partially_signed | Some signers have signed (Phase 2 — multiple signers) |
sealing | Signing submitted, document being sealed |
completed | Signed PDF produced and stored |
expired | Signing link expired before signing completed |
voided | Envelope cancelled (Phase 2) |
Resend a signing invitation
POST /api/v1/envelopes/{envelopeId}/resend
Resends the signing invitation for a sent or expired envelope. Generates a new signing link.
curl -X POST https://doc-e-sign.com/api/v1/envelopes/550e8400-e29b-41d4-a716-446655440000/resend \
-H "Cookie: sb-access-token=<your-session-cookie>"
Response 200 OK:
{
"signerId": "signer-uuid",
"status": "sent"
}
Error responses:
| Status | Code | Reason |
|---|---|---|
| 400 | INVALID_STATE | Envelope is not in a resendable state |
| 401 | UNAUTHORIZED | No valid session |
| 403 | FORBIDDEN | Envelope does not belong to your account |
| 404 | NOT_FOUND | Envelope not found |
Verify a document
GET /api/v1/verify?hash={signingChainFingerprint}
Verifies a Signing chain fingerprint against Doc E Sign's database. Returns signing context if found.
curl "https://doc-e-sign.com/api/v1/verify?hash=a1b2c3d4e5f6..."
Response 200 OK (verified):
{
"valid": true,
"completedAt": "2026-05-30T14:35:22Z",
"documentTitle": "NDA — Acme Corp",
"signerEmailDomain": "example.com"
}
Response 200 OK (not found):
{
"valid": false
}
No authentication is required for this endpoint. The hash is not sensitive — it is printed on every signed PDF.
For offline verification without Doc E Sign, see Manual verification.
Rate limits
Requests are rate-limited per account. Limits are not published — if you encounter a 429 Too Many Requests response, implement exponential backoff.