CT Signature API

Embed e-signature in your own product.

Clean REST endpoints, iframe embedding, webhooks, and multi-tenant from day one. ESIGN/UETA compliant. Pay-as-you-go pricing on top of subscription tiers, so the teams you serve aren't paying per-seat tolls just because you embedded signing.

Get API credentials How it works
REST
Clean JSON, predictable
Webhooks
Real-time events with retries
Multi-tenant
Strict isolation per tenant
What an embedded signing flow looks like
Send an envelope, get webhooks, render iframe

Three primitives cover most of what product teams need: create envelope, embed signing iframe, listen on webhook.

  • POST /v1/envelopes — create the signing flow
  • GET /v1/envelopes/:id/signing-url — iframe URL
  • Webhook events for signed, completed, expired
  • Reusable templates referenced by ID
  • Per-tenant white-labeling
REST + JSON
No XML, no SOAP
Webhooks with retries
Events you can rely on
Multi-tenant isolation
Database-level per tenant
ESIGN/UETA
Compliant by default
Why this matters

Building e-signature in-house is a quarter of work for one feature your customers will use once a month.

Most product teams that decide they need signing in their app start by scoping it as a quick build — how hard could it be? PDFs are open. Signature capture is just a canvas. Two weeks tops. Then they discover the long tail: ESIGN/UETA compliance requires consent disclosure, intent-to-sign tracking, identity capture, and a tamper-evident audit certificate. Tamper-evident means cryptographic hashing, which means PDF manipulation that respects the existing structure. Multi-signer means workflow state machines. Webhooks mean retry logic. The two-week build becomes a quarter and ships with caveats.

CT Signature is the alternative: embed legally-binding signing in your product via an API that handles the long tail. POST to create an envelope, get a signing URL back, render it in an iframe (or send signers to a hosted page), listen on a webhook for completion, and pull the executed PDF + audit certificate from the API. The compliance, cryptographic integrity, and audit trail are the platform's job. Your job is the product feature you actually wanted to ship.

For SaaS teams serving multiple end customers, CT Signature is multi-tenant from day one with strict per-tenant data isolation. Each of your customers can have their own templates, their own white-labeled sender brand, and their own envelope history without bleeding into another customer's data. Pricing is pay-as-you-go on top of subscription tiers — the per-envelope cost flows through to your usage model however you want to handle it (pass through, mark up, fold into your own pricing).

What a clean signing API actually delivers
  • Three primitives — create envelope, get signing URL, listen on webhook
  • Compliance handled — ESIGN/UETA, audit trail, tamper-evident PDF
  • Multi-tenant — per-tenant templates, branding, isolation
  • Iframe or hosted — embed in your app or send signers to a hosted page
  • Webhooks with retries — events you can build on without polling
API capabilities

What you can build on top of CT Signature.

Clean REST + JSON API

Predictable, documented endpoints. Standard auth, standard error responses, standard pagination. No XML, no SOAP, no hand-rolled enterprise protocols. The kind of API a backend engineer can integrate in an afternoon.

Iframe embedding for in-app signing

Get a signing URL from the API, render it in an iframe inside your product. Signer never leaves your app. Or send signers to a hosted page if your product is server-rendered. Per-envelope choice.

Webhooks with retries

Real-time events for sent, viewed, signed, declined, completed, expired. Webhooks include event metadata and retry on transient failures. No polling required.

Templates referenced by ID

Upload templates once via the API or web app, reference them by template_id when creating envelopes. Different signer roles can have different field sets pre-assigned. Updating a template propagates to future envelopes.

Multi-tenant from day one

API keys are scoped per tenant. Templates, envelopes, and audit history are isolated per tenant. White-label sender brand, email domain, and signing UI per tenant. Built for the SaaS-serving-SaaS case.

Tamper-evident PDFs + audit certificate

Every executed envelope produces a cryptographically signed PDF and a separate audit certificate showing every action with timestamps, IP, and device fingerprint. Pull both from the API for storage in your customer's records.

What it looks like in practice

A few ways teams use this.

Embedding in a property management app

Property management SaaS needs to send leases, notice-to-cure, and addenda for signature inside its app. They use CT Signature's API: tenant uploads document, system creates envelope via API, renders iframe, webhook fires when lease is signed. Tenants never leave the property management app to sign. The compliance, audit trail, and tamper-evident PDF are CT Signature's responsibility.

Multi-tenant SaaS for medical practices

Healthcare SaaS serving many independent practices needs HIPAA-aligned signing for consent forms, releases, and authorizations. They use CT Signature multi-tenant: each practice has their own templates, white-labeled sender brand, isolated envelope history. Patient signs from a hosted page on the practice's white-labeled domain. SaaS pricing absorbs per-envelope cost; practices see one bill from the SaaS.

Drop-in for an existing product roadmap quarter

Engineering team had 'add e-signature' on the roadmap with a 6-week estimate. They evaluate CT Signature on a Tuesday, write integration on Wednesday and Thursday, ship to staging Friday. The 6 weeks become 3 days. The roadmap quarter delivers other features instead.

Frequently asked

Common questions from product teams.

Is the API stable enough to build on?
CT Signature's API follows semantic versioning. The /v1 namespace is stable; new capabilities are added without breaking existing endpoints. Deprecations are announced with long sunset windows. The product is under active development — capabilities are added regularly — but the contract you build against doesn't shift under you.

Can I white-label the signing experience for my customers?
Yes. Per-tenant white-labeling covers the sender brand on signature request emails, the signing UI's primary color and logo, and the email domain that signature requests come from. The signing experience your customers see can match your product's brand entirely; the CT Signature name doesn't appear in the signer flow.

How does pricing work for embedded use cases?
API access is on a subscription tier covering the platform capabilities (templates, multi-tenant, webhooks, white-labeling), plus pay-as-you-go pricing per envelope sent. Volume discounts apply at higher usage. SaaS teams typically either pass through the per-envelope cost to their customers or fold it into their own pricing — either model works.

What about HIPAA, SOC 2, and other compliance frameworks?
The platform is HIPAA-aligned and ESIGN/UETA compliant out of the box. SOC 2 Type II is on the roadmap. For HIPAA Business Associate Agreement coverage, contact us — BAAs are available for healthcare-serving SaaS embedded use cases. Your own compliance posture is your responsibility; the platform's compliance posture covers the signing layer.

Are there SDKs or just the raw REST API?
The REST API is the primary integration surface, designed to be approachable from any language with an HTTP client. Official SDKs for common languages are on the roadmap; community-contributed SDKs are welcome. Most teams find that for the small surface area of e-signature integration (a few endpoints + webhooks), the raw API is fine to integrate directly.

What happens to envelopes if I stop using the API?
Existing executed envelopes remain accessible — you can pull the executed PDFs and audit certificates from the API at any time during your account's life. For long-term retention, the downloaded PDF + audit certificate is the legally complete record. Cryptographic hashes mean you can verify integrity independently of the platform.
Related

More on CT Signature

CT Signature

Electronic signature for real estate

Send purchase agreements, listing forms, and disclosures from any device.

Read more
CT Signature

Online document signing for small business

Pay-as-you-go signing for any document a small business sends.

Read more
CT Signature

CT Signature overview

The full e-signature platform — including the web app side and the API side.

Read more

Embed signing in days, not a quarter.

Get API credentials and we'll walk through your specific embed scenario — iframe vs hosted, white-labeling, multi-tenant setup, webhook reliability.

Get API credentials Back to CT Signature