Secured Signing API Without OAuth 2

  1. Getting Started
  2. Authentication
  3. Client & UI SDK
  4. Documentation
* For Partner API, please click here.

* For API With OAuth 2 version, please click here.

Getting Started

Add an API Account by logging in to your account

Navigate to My Account  > My SettingsAPI Settings

Add an API key using the button a the top. This will generate an API account, with configurable settings for your connection.

* It is important to specify a domain from where the API requests come.

Using the API

The API is Rest based, and can be found at Documentation

Response Codes

The following response codes apply to all requests. Check each request type in the list below for more response codes specific to that request.

200OKThe request was processed successfully
401UnauthorizedAuthentication failed or the Authenticate header was not provided
404Not FoundThe URI does not match any of the recognised resources

Response and Request Data Formats

Supported Request Formats

Use the Content-Type header to specify the format your data is in.

  • JSON: application/json
  • Multipart Form Data: multipart/form-data

Supported Response Formats

Use the Accept header to specify the output desired format. If you can’t set that header, use the format parameter in the query string. The format parameter takes precedence over the Accept header.

  • JSON: application/json

Getting Started Walk-throughs

Please feel free to Contact Us for any questions or help


The REST API uses stateless authentication using HMAC SHA-256.

All requests to resources (excluding the schema pages) must be accompanied by the correct Authentication headers as per this specification.

Authentication headers

  • X-CUSTOM-API-KEY : This is your ApiKey which can be generated from “My Settings” in the Account page
  • X-CUSTOM-SIGNATURE : This is a HMAC SHA-256 hash of a string of properties outlined below using your api secret which is generated at the same time as your ApiKey
  • X-CUSTOM-DATE : This is a Unix timestamp of the time you made the request. We allow a slight buffer on this in case of any time sync issues.
  • X-CUSTOM-NONCE : A randomly generated string of your choice. Ensure it is unique to each request, and no more than 32 characters long.
  • * Referer :The address where the request originated. Please specify the domain you set in API Settings.

The signature header value to be hashed is created using the following properties ApiKey, time stamp and nonce as show below


Please use ‘\n’ as shown above.

After the string is created above, it is hashed using HMAC SHA-256 using your API Secret. It must be Base64 string encoded before adding it to the header.

e.g. In JavaScript (We are using Googles CryptoJS library for the hashing and Base64 encoding)

var hash = CryptoJS.HmacSHA256(apiKey + '\n' + timestamp + '\n' + nonce, apiSecretKey);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);

Our client SDK libraries perform these functions for you, as well as adding the headers automatically.

Client & UI SDK

The client SDK provides an encapsulated library exposing simple to use methods that hide the complexity of integrating with our Rest API.

* The provided SDKs’ codes are on Github. Fork me on GitHub


We also host the JavaScript version from our hosting.

Please add the following script reference in the header section of your page

<script data-main="//" src="//"></script>

To initialise the JavaScript SDK library

First create a config object as shown below

var config = {
    "apiKey": <YOUR API KEY HERE>,
    "baseUrl": "//",
    "version": "v1.4",
    "secret": <YOUR API SECRET HERE>

Next initialise the library.

We have provided a function SSApiLoaded that executes when the scripts have loaded if you are using our hosted JavaScript libraries

function SSApiLoaded() {
    securedsigning = new SecuredSigning(config); 

An SDK method call normally takes 3 parameters

  1. requestData: the data required for performing the task
  2. onSuccess: Callback function to handle a successful request
  3. onError: Callback function to handle any errors

An example

securedsigning.sendSmartTagDocument(requestData, function (data) {
},function (error) {


You can view the source code on GitHub here.

Install our .NET client SDK

SecuredSigning.Client PM> Install-Package SecuredSigning.Client

This library has the following dependencies ServiceStack.Client.SignedServiceStack.Text.Signed and ServiceStack.Interfaces

To initialise the library call the constructor

var client = new ServiceClient("","v1.4", <YOUR API KEY HERE>, <YOUR API SECRET HERE>);

We have provided data objects for the requests e.g.

public class EmailTemplate
    public string Reference { get; set; }

    public string Name { get; set; }

An example of a function call

var forms = client.getFormList();

Other Languages

We have provided more client SDKs of different programing languages as well, with their source codes on GitHub.


The UI SDK is provided as part of the JavaScript sdk. Please add the scripts as below

<script data-main="//" src="//"></script>

Initialising SDK

To initialise the JavaScript SDK library

First create a config object as shown below

var config = {
    "apiKey": <YOUR API KEY HERE>,
    "baseUrl": "//",
    "version": "v1.4",
    "secret": <YOUR API SECRET HERE>

Uploading a document

You can use our uploader to add a document for signing

Use the following JavaScript function passing in a DOM element id for the upload button

This then on Success starts an ISign or WeSign process

 securedsigning.CreateUpload(<DOM ELEMENT ID>, function(data) {
            },function (error) {

After a document is submitted, a reference will return.

Embedding html resources

I Sign

For an I Sign signing resource

This embeds a signing resource in a DOM element with the id of ‘content’

function ISign(ref) {
    var request = {
        Email: "",
        FirstName: "firstname",
        LastName: "lastname",
        DocumentReference: ref
    securedsigning.getISignResource(request, "content", function (error) {
We Sign

For an We Sign signing resource

This embeds a signing resource in a DOM element with the id of ‘content’

function WeSign(ref) {
    var request = {
        DocumentReference: ref
    securedsigning.getWeSignResource(request, "content", function (error) {

Download a sample webpage here.


Do you need anything else?