API Documentation

Complete reference for the AuthenlySign REST API. Integrate document signing into your applications.

Authentication

Endpoints

Webhooks

SDKs

Authentication

All API requests require authentication using an API key. Include your API key in the Authorization header:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.authenlysign.com/v1/documents

Keep your API key secure

Never expose your API key in client-side code. Use environment variables and server-side requests.

Generate API keys in your Dashboard Settings. API access requires Medium Team plan or higher.

Base URL

Production

https://api.authenlysign.com/v1

Sandbox (Testing)

https://sandbox-api.authenlysign.com/v1

Rate Limits

Standard

1,000

requests/hour

Large Team

5,000

requests/hour

Enterprise

Unlimited

custom limits available

Rate limit headers are included in all responses: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

API Endpoints

Documents

POST/api/documents/uploadAuth Required

Upload a new document for signing

GET/api/documentsAuth Required

List all documents for the authenticated user

GET/api/documents/:idAuth Required

Get a specific document by ID

POST/api/documents/:id/sendAuth Required

Send document for signature

DELETE/api/documents/:idAuth Required

Delete a draft document or void a pending document

GET/api/documents/:id/downloadAuth Required

Download the signed document PDF

GET/api/documents/:id/audit-trailAuth Required

Get the complete audit trail for a document

Templates

GET/api/templatesAuth Required

List all templates

POST/api/templatesAuth Required

Create a new template from a document

POST/api/templates/:id/useAuth Required

Create a new document from a template

Signers

POST/api/documents/:id/signersAuth Required

Add signers to a document

POST/api/documents/:id/remindAuth Required

Send reminder to pending signers

Webhooks

GET/api/webhooksAuth Required

List configured webhooks

POST/api/webhooksAuth Required

Create a new webhook endpoint

DELETE/api/webhooks/:idAuth Required

Delete a webhook endpoint

Users & Teams

GET/api/user/profileAuth Required

Get current user profile

GET/api/team/membersAuth Required

List team members (admin only)

POST/api/team/inviteAuth Required

Invite a new team member

Webhooks

Webhooks allow you to receive real-time notifications when events occur in AuthenlySign. Configure webhook endpoints in your dashboard or via the API.

Webhook Payload Structure

{
  "id": "evt_abc123",
  "event": "document.completed",
  "created_at": "2025-12-02T10:00:00Z",
  "data": {
    "document_id": "doc_xyz789",
    "title": "Service Agreement",
    "status": "completed",
    "completed_at": "2025-12-02T10:00:00Z",
    "signers": [
      { "email": "client@example.com", "signed_at": "2025-12-02T10:00:00Z" }
    ]
  }
}

Available Events

document.createdA new document was uploaded

document.sentDocument was sent for signing

document.viewedA signer viewed the document

document.signedA signer completed their signature

document.completedAll signers have signed, document is complete

document.voidedDocument was voided/cancelled

document.expiredDocument expired before completion

document.declinedA signer declined to sign

signer.remindedA reminder was sent to a signer

template.createdA new template was created

team.member_addedA new team member joined

team.member_removedA team member was removed

Webhook Security

Verify webhook signatures to ensure requests are from AuthenlySign:

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(`sha256=${expectedSignature}`)
  );
}

SDKs & Libraries

Install: npm install @authenlysign/sdk

import AuthenlySign from '@authenlysign/sdk';

const client = new AuthenlySign({
  apiKey: process.env.AUTHENLYSIGN_API_KEY
});

// Upload a document
const document = await client.documents.upload({
  file: fs.readFileSync('contract.pdf'),
  title: 'Service Agreement'
});

// Add signers and send
await client.documents.send(document.id, {
  signers: [
    { email: 'client@company.com', name: 'Client Name' }
  ],
  message: 'Please sign this agreement'
});

// Listen for completion
client.webhooks.on('document.completed', (event) => {
  console.log('Document signed:', event.data.documentId);
});

Error Codes

The API returns standard HTTP status codes and JSON error objects:

{
  "error": {
    "code": "validation_error",
    "message": "Invalid email address format",
    "field": "signers[0].email",
    "status": 422
  }
}

400Bad RequestInvalid request parameters or body

401UnauthorizedMissing or invalid API key

403ForbiddenInsufficient permissions for this action

404Not FoundResource not found

409ConflictResource already exists or state conflict

422Unprocessable EntityValidation error in request data

429Too Many RequestsRate limit exceeded

500Internal Server ErrorUnexpected server error

Need Help?

Our developer support team is here to help you integrate AuthenlySign

Authentication

All API requests require authentication using an API key. Include your API key in the Authorization header:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.authenlysign.com/v1/documents

Keep your API key secure

Never expose your API key in client-side code. Use environment variables and server-side requests.

Generate API keys in your Dashboard Settings. API access requires Medium Team plan or higher.

Webhooks

Webhooks allow you to receive real-time notifications when events occur in AuthenlySign. Configure webhook endpoints in your dashboard or via the API.

Webhook Payload Structure

{
  "id": "evt_abc123",
  "event": "document.completed",
  "created_at": "2025-12-02T10:00:00Z",
  "data": {
    "document_id": "doc_xyz789",
    "title": "Service Agreement",
    "status": "completed",
    "completed_at": "2025-12-02T10:00:00Z",
    "signers": [
      { "email": "client@example.com", "signed_at": "2025-12-02T10:00:00Z" }
    ]
  }
}

Available Events

document.createdA new document was uploaded

document.sentDocument was sent for signing

document.viewedA signer viewed the document

document.signedA signer completed their signature

document.completedAll signers have signed, document is complete

document.voidedDocument was voided/cancelled

document.expiredDocument expired before completion

document.declinedA signer declined to sign

signer.remindedA reminder was sent to a signer

template.createdA new template was created

team.member_addedA new team member joined

team.member_removedA team member was removed

Webhook Security

Verify webhook signatures to ensure requests are from AuthenlySign:

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(`sha256=${expectedSignature}`)
  );
}

SDKs & Libraries

Install: npm install @authenlysign/sdk

import AuthenlySign from '@authenlysign/sdk';

const client = new AuthenlySign({
  apiKey: process.env.AUTHENLYSIGN_API_KEY
});

// Upload a document
const document = await client.documents.upload({
  file: fs.readFileSync('contract.pdf'),
  title: 'Service Agreement'
});

// Add signers and send
await client.documents.send(document.id, {
  signers: [
    { email: 'client@company.com', name: 'Client Name' }
  ],
  message: 'Please sign this agreement'
});

// Listen for completion
client.webhooks.on('document.completed', (event) => {
  console.log('Document signed:', event.data.documentId);
});

Error Codes

The API returns standard HTTP status codes and JSON error objects:

{
  "error": {
    "code": "validation_error",
    "message": "Invalid email address format",
    "field": "signers[0].email",
    "status": 422
  }
}

400Bad RequestInvalid request parameters or body

401UnauthorizedMissing or invalid API key

403ForbiddenInsufficient permissions for this action

404Not FoundResource not found

409ConflictResource already exists or state conflict

422Unprocessable EntityValidation error in request data

429Too Many RequestsRate limit exceeded

500Internal Server ErrorUnexpected server error