Build with BuiltSign
Integrate legally binding e-signatures directly into your own application. Upload PDFs, send signing requests, place signature fields, and receive webhook events — all via a simple REST API.
https://builtsign.com/api/v1Settings → API Keys
Quick Start
Get a document signed in 4 API calls.
1. Create an API key
Go to Settings → API Keys in your BuiltSign dashboard and create a key with write scope. Store it securely — it is shown only once.
Settings → API Keys2. Upload a PDF
Upload any PDF (up to 50 MB) as multipart form data. You'll receive a document_id to use in the next step.
curl -X POST https://builtsign.com/api/v1/documents/upload \
-H "X-API-Key: bsk_live_xxxxxxxxxxxxxxxxxxxx" \
-F "file=@contract.pdf"3. Create a signing request
Create a signing request with the document_id and a list of signers. Set auto_send: false to place fields first.
curl -X POST https://builtsign.com/api/v1/signing-requests \
-H "X-API-Key: bsk_live_xxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"document_id": "doc_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"signers": [
{ "name": "Jan de Vries", "email": "jan@example.com" }
],
"message": "Graag de offerte ondertekenen.",
"expires_in_days": 7,
"auto_send": false
}'4. Add fields and send
Place signature fields using percentage-based coordinates, then send to trigger the invitation email.
curl -X POST https://builtsign.com/api/v1/signing-requests/{request_id}/fields \
-H "X-API-Key: bsk_live_xxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"fields": [
{
"signer_id": "sgn_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"field_type": "signature",
"page_number": 1,
"x_percent": 60.0,
"y_percent": 82.0,
"width_percent": 30.0,
"height_percent": 8.0
}
]
}'Authentication
All v1 endpoints require an API key passed in the X-API-Key request header.
curl https://builtsign.com/api/v1/signing-requests \
-H "X-API-Key: bsk_live_xxxxxxxxxxxxxxxxxxxx"Scopes
| Scope | Permissions |
|---|---|
read | List and retrieve resources |
write | Create, update, and send resources |
admin | Reserved for future use |
Rate Limits
Each API key has a configurable rate limit (default: 60 requests/minute, max: 1000). Exceeding the limit returns HTTP 429.
Documents
Upload PDFs and list previously uploaded documents.
Signing Requests
Create, manage, and track signing requests.
Signature Fields
Place fields on a document that signers must fill in before they can complete the signing.
Field Positioning
Coordinates are percentage-based (0–100) relative to the page dimensions. The origin (0, 0) is the top-left corner of the page.
Field Types
| field_type | Description |
|---|---|
signature | Full signature |
initials | Initials / paraaf |
date | Date (auto-filled on sign) |
text | Free text input |
checkbox | Checkbox |
select | Dropdown (provide options[]) |
Webhooks
Receive real-time event notifications when something happens in BuiltSign.
Setup
Create a webhook in Settings → Webhooks. Choose which events to subscribe to. BuiltSign will send an HTTP POST to your endpoint for each event.
Events
| Event | Trigger |
|---|---|
signing_request.created | Signing request created |
signing_request.sent | Signing request sent to signers |
signing_request.completed | All signers have signed |
signing_request.cancelled | Signing request cancelled |
signing_request.expired | Signing request expired |
signer.viewed | Signer opened the signing page |
signer.signed | Signer completed their signature |
signer.declined | Signer declined to sign |
document.signed | Signed PDF generated |
Payload Format
Every webhook POST includes these fields:
{
"event": "signer.signed",
"timestamp": "2026-05-02T10:30:00Z",
"webhook_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"data": {
"signer_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"signing_request_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
}Request Headers
| Header | Value |
|---|---|
| Content-Type | application/json |
| X-Webhook-Signature | HMAC-SHA256 hex digest |
| X-Webhook-Event | event type (e.g. signer.signed) |
| X-Webhook-ID | webhook UUID |
| X-Webhook-Retry | attempt number (only on retries) |
Signature Verification
Validate every incoming webhook by verifying the HMAC-SHA256 signature. Always verify — do not trust the payload without checking the signature.
import crypto from "crypto";
// Express middleware example
app.post("/webhook", express.raw({ type: "application/json" }), (req, res) => {
const signature = req.headers["x-webhook-signature"];
const secret = process.env.BUILTSIGN_WEBHOOK_SECRET;
const expected = crypto
.createHmac("sha256", secret)
.update(req.body) // raw Buffer, not parsed JSON
.digest("hex");
if (expected !== signature) {
return res.status(401).send("Invalid signature");
}
const event = JSON.parse(req.body);
// TODO: handle event (e.g. event.event === "document.signed")
res.sendStatus(200);
});Retry Behavior
BuiltSign retries failed deliveries up to 3 times: after 1 minute, 5 minutes, and 15 minutes. After 10 consecutive failures the webhook is automatically paused.
Enterprise
Built for enterprise teams
Need white-label branding, SSO, or a dedicated environment? BuiltSign is a SaaS product — no self-installation required. Contact us to discuss enterprise onboarding, custom contracts, and advanced integrations.
- White-label API & signing UI
- SSO (SAML 2.0 / OIDC)
- Custom domain
- Dedicated environment
- SLA + priority support
- Custom rate limits & volume pricing
Error Codes
All errors return a JSON body with a detail field describing the problem.
| Code | Description |
|---|---|
400 | Bad request — invalid input or constraint violation |
401 | Unauthorized — missing or invalid API key |
403 | Forbidden — insufficient scope or plan restriction |
404 | Not found — resource does not exist or belongs to another org |
409 | Conflict — action not allowed in current state |
422 | Unprocessable — validation error (check field details) |
429 | Too many requests — rate limit exceeded |
502 | Upstream error — S3 or email provider temporarily unavailable |