Building your own signing flow
Yousign's API provides the option to sign a Signature Request without asking Signers to go through Yousign's pre-made signing flow (in an iFrame or directly on Yousign's platform).
Indeed, you have the opportunity to build your own signing flow, matching your needs. This is particularly useful if:
- you want to build a custom signing flow
- you need to interface with physical devices to collect signatures (such as a signature pad for example)
- you need to integrate the signing flow into a mobile application, without having to use Yousign's iFrame or be redirected to Yousign's platform.
Who should create their own signature flow?
The vast majority of Yousign's customers want to have a turnkey signing interface which is easy to integrate. If you recognize yourself in this case, it's better to use the pre-built signing flow.
On the contrary, if you have very specific needs, building your signing flow might be the best option. In this case, you take full responsibility for implementing the signing flow according to the mandatory steps defined below, proving that it is properly implemented, and providing Yousign with accurate information relating to the signing process and Signers.
How to sign a document without using the pre-made signing flow?
Before starting
Pre-requisite
Before jumping to the tutorial below, make sure you are familiar with the Signature Request concept and particularly the delivery_mode.
Conditions
Please note that signing documents without using Yousign's signing flow requires matching the following conditions:
- You need to have an ongoing trial on our API product or an active Scale plan.
- The Signature Request
delivery_modemust be set tonone. - The Signature Request must not have any Approver.
- The Signature Request must not have the parameter
signers_allowed_to_declineset totrue - The signature level must be "Simple eSignature".
- No Signer Fields can be used, except the Signature Field.
Signing flow mandatory steps
The signing flow you are going to create must match the following criteria:
- The signer must be able to read entirely the document to sign before giving their consent.
- The signer authentication must be done before the consent collection.
- The signer must be able to give their consent.
- Once the consent is given and the document signed, the signer must be able to download the signed version of the document.
Let's take a step-by-step guide to setting up a Signature Request and recreating the end-to-end signature scenario via our API.
Step 1: Initiate a Signature Request and upload a document to sign
Initiate a Signature Request with a delivery_mode set to none.
POST /signature_requests
application/json
{
"name": "Signature Request",
"delivery_mode": "none",
"timezone": "Europe/Paris"
}
Then, upload the document to sign.
POST /signature_requests/{signatureRequestId}/documents
multipart/form-data
curl --location --request POST '{baseUrl}/signature_requests/{signatureRequestId}/documents' \
--header 'Authorization: Bearer {apiKey}' \
--form 'file=@"/path/to/the/document/test.pdf"' \
--form 'nature="signable_document"'
Step 2: Add a Signer and activate the Signature Request
The signer's signature level should be set to simple eSignature. The authentication mode can be: OTP by email, OTP by SMS, or no OTP.
In our example, we are going to add a Signer with OTP by email.
POST /signature_requests/{signatureRequestId}/signers
application/json
{
"info": {
"first_name": "John",
"last_name": "Doe",
"email": "[email protected]",
"phone_number": "+33700000000",
"locale": "fr"
},
"signature_level": "electronic_signature",
"signature_authentication_mode": "otp_email",
"fields": [
{
"document_id": "{{documentId}}",
"type": "signature",
"page": 1,
"width": 180,
"x": 400,
"y": 650
}
]
}
Then, activate the Signature Request:
POST /signature_requests/{signatureRequestId}/activate
Step 3: Collect the signer consent through your own signing flow
This step is fully on your side, it relies on the signing flow you have built. For this tutorial, we consider that you have built a signing flow in your mobile application composed of:
- a step allowing the signer to view the document to sign
- a step allowing the signer to receive the OTP by email
- a step allowing the signer to fill in the OTP received by email and accept to sign the document
The objective for you is to build your own signature flow and plug it with Yousign's API for the document signature. To do so, you will have to follow those two steps:
- Trigger the OTP sending
- Forward the OTP and trigger the signature
To send the email containing the OTP to the signer, you have to use this end-point and proceed as follows:
POST /signature_requests/{signatureRequestId}/signers/{signerId}/send_otp
This step is not necessary if there is no OTP authentication set. Please note that the OTP message is not customisable.
Once the Signer has received the OTP and filled it into your signing flow, you can finally send to Yousign the command to sign the document.
This API call should contain:
- the OTP filled by the Signer
- the Signer's IP Address
- the Signer's consent time
Once this call is received by Yousign, the OTP will be verified and if valid, the document will be signed.
POST /signature_requests/{signatureRequestId}/signers/{signerId}/sign
application/json
{
"otp": "123456",
"ip_address": "192.0.2.146",
"consent_given_at": "2024-04-19T22:10:00+00:00"
}
If you want to inform your signers with the right level of detail, here is our retry policy on OTP codes
- After 5 attempts, the OTP will not be valid anymore and will need to be sent again.
- After 10 minutes, the OTP will not be valid anymore and will need to be sent again.
Step 5: Make sure the Signer can access the signed document
Once the document is signed, the Signer must be able to access and download it through your flow. You can download all the documents of a Signature Request with one API call or download them one by one.
Updated about 2 months ago