AbroadSign REST API Reference: v2 Endpoints, Authentication, and Integration Guide

AbroadSign REST API v2 developer documentation and endpoints
The AbroadSign REST API v2 provides enterprise-grade endpoints for cross-border digital signature automation

Introduction to AbroadSign API v2

The AbroadSign REST API v2 is the official programmatic interface for integrating enterprise-grade electronic signature capabilities into your business systems, trading platforms, and document management workflows. Built on REST principles with JSON request and response payloads, the API connects seamlessly with any technology stack capable of making HTTPS calls — from Python and Node.js applications to Java Spring Boot services, PHP Laravel systems, and .NET Core applications. The base endpoint for all v2 API calls is https://www.abroadsign.com/api/v2/, which replaces the legacy v1 endpoint and introduces enhanced security, expanded webhook event coverage, and improved rate limiting for high-volume enterprise integrations.

Organizations across 180+ countries rely on the AbroadSign API to automate document signing workflows that span freight forwarding contracts, trade finance letters of credit, customs declarations, multi-party supply chain agreements, and enterprise procurement documents. The v2 release introduces native support for bulk document operations, advanced template merging, blockchain timestamp anchoring, and real-time collaboration features that enable simultaneous multi-signer ceremonies from any browser or mobile device without requiring participants to install specialized software or create AbroadSign accounts. Whether you are a startup building your first client onboarding flow or an enterprise replacing an entire paper-based contracting infrastructure, the AbroadSign API provides the building blocks for fully automated, legally compliant digital signing at global scale.

Authentication and Security Configuration

Securing API access is paramount when handling legally binding digital signatures. The AbroadSign API v2 employs API key-based authentication combined with TLS 1.3 transport encryption, ensuring that every request and response is encrypted in transit and immune to interception or man-in-the-middle attacks. All API keys are generated from the AbroadSign dashboard under Settings, with granular permission scopes that follow the principle of least privilege — each integration receives exactly the permissions it needs, no more. Keys are never transmitted in URLs, only in HTTP headers, and your systems should store them in environment variables or dedicated secrets management platforms such as AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault rather than embedding them in source code repositories or configuration files committed to version control systems.

  • Bearer Token Header: Every API request must include the Authorization: Bearer YOUR_API_KEY header. Never hardcode API keys in application source code; use environment variables or secrets management systems to inject credentials at runtime.
  • TLS 1.3 Enforcement: All API connections must use TLS 1.3. Connections attempting to use older TLS versions will be rejected with a 400 Bad Request response. This ensures that document content and signature data are never exposed over unencrypted channels.
  • Permission Scopes: API keys are scoped to specific operations — documents.read, documents.write, templates.read, templates.write, signers.manage, webhooks.admin, and organization.read. Assign only the scopes required for each integration use case to limit blast radius if a key is compromised.
  • Key Rotation Policy: Implement automated key rotation on a 90-day schedule. The AbroadSign dashboard supports zero-downtime key rotation through the concept of primary and secondary keys, allowing you to roll credentials without disrupting in-flight signing workflows.
  • IP Allowlisting: Enterprise accounts can restrict API access to specific IP addresses or CIDR ranges. Enable IP allowlisting from the Security Settings page for server-to-server integrations where the calling IPs are known and stable.

“Implementing TLS 1.3 and API key scoping reduced our security audit findings to zero. The AbroadSign API was designed with enterprise security requirements in mind — it showed in every detail of the integration process.”

— Head of Information Security, global commodities trading firm

Core API Endpoint Reference

The v2 API organizes functionality around resource-oriented endpoints that map naturally to the entities in a digital signing workflow: documents, templates, signers, signatures, webhooks, and organizations. Each resource supports standard CRUD operations plus resource-specific actions such as sending documents for signing, reminding pending signers, or downloading completed document packages with embedded signatures and cryptographic integrity certificates. The following table provides the complete endpoint group reference for rapid integration development.

Endpoint Group Base Path Key Operations Common Use Case
Documents /documents Create, Read, List, Update, Download, Archive, Delete Initiate signing, retrieve completed documents
Templates /templates Create, Read, Update, Delete, Clone, List Standardized document workflows
Signers /signers Invite, Resend Invite, Cancel, Verify Identity Managing signing parties
Signatures /signatures Apply, Verify, Status Check, Retrieve Audit Trail Completing and validating signatures
Webhooks /webhooks Create, List, Delete, Test, Enable/Disable Real-time event notifications
Organizations /organizations Read, Update, Settings, Team Members Admin and compliance configuration
Audit Logs /audit-logs List, Filter, Export, Download PDF Compliance reporting and forensics
Bulk Operations /bulk Create Batch, Status, Cancel Batch High-volume document processing
AbroadSign REST API v2 core endpoint groups and primary operations

Document Lifecycle Integration Pattern

The most common API integration pattern follows the document lifecycle from creation through signature collection to archival. This end-to-end workflow demonstrates how your systems interact with the AbroadSign API at each stage, enabling fully automated signing processes without manual intervention or administrative overhead. Understanding this lifecycle is essential for building reliable integrations that handle failure scenarios gracefully and maintain data consistency across distributed systems.

Step 1: Document Creation and Template Population

Begin by creating a document either from a pre-configured template or from raw HTML or PDF content submitted directly to the API. For template-based creation, pass template variable values in the request body to customize the document content for each specific signing occasion while maintaining brand consistency and legal clause standardization. The API responds immediately with a document ID that your system stores for all subsequent operations on this document. Document creation supports batch mode, where you can submit up to 500 documents in a single API call for processing queues that need to initiate dozens or hundreds of signing workflows simultaneously during peak trading periods.

  • Use POST /documents with template_id and template_data to create from a template, or submit content_html or content_pdf_base64 for raw content.
  • Set the signing_sequence to sequential for ordered multi-party signing or parallel when all parties can sign simultaneously to minimize wait time.
  • Specify expiry_days to control how long the signing invitation remains active before the document automatically expires and requires renewal.
  • Enable block_download_until_completed to prevent premature access to the document while any required signature is still pending.

Step 2: Signer Configuration and Workflow Dispatch

After creating a document, add the required signers specifying their email addresses, display names, and their position in the signing sequence. For integrations requiring enhanced identity assurance — such as high-value trade finance transactions or regulated import-export documentation — enable the identity_verification_required flag to mandate biometric or government ID verification before the signature is accepted. Dispatch the document to all signers with a single API call, and the AbroadSign platform automatically generates professionally formatted email invitations with personalized document links, expiry notices, and clear signing instructions in the recipient preferred language.

  • Add signers via POST /documents/{document_id}/signers with email, name, and role (signer, witness, or 抄送 for cc).
  • Configure reminder_schedule to automatically send reminder emails at 24-hour and 72-hour intervals to signers who have not yet acted.
  • Set redirect_url_after_signed to guide signers to a custom completion page in your system after they finish signing.
  • Enable signer_authentication requiring email OTP or SMS verification as an additional layer of signer identity confirmation.

Step 3: Webhook-Driven Completion and Downstream Processing

The AbroadSign webhook system delivers real-time event notifications to your configured HTTPS endpoint whenever a signer takes action or the document lifecycle state changes. Rather than polling the API repeatedly to check document status — which consumes your rate limit quota and adds latency — configure webhooks to receive push notifications that trigger downstream processes automatically. Upon receiving the document.completed event, your system retrieves the completed document package including the signed PDF, cryptographic hash certificate, blockchain timestamp anchor, and complete audit trail document that serves as primary evidence in legal disputes or compliance audits.

Code examples and webhook integration patterns for the AbroadSign API
Real-time webhook notifications enable fully automated downstream workflows after document completion

Webhook Events and Real-Time Notification Reference

Webhooks are the backbone of automated integration architectures. The AbroadSign API v2 supports comprehensive event coverage across the entire document lifecycle, enabling your systems to respond immediately when state changes occur rather than relying on polling intervals that waste API quota and introduce unnecessary latency into your workflows. Each webhook delivery includes a JSON payload with event-specific data and an HMAC-SHA256 signature header that your endpoint must verify before processing the notification to prevent spoofed events from triggering unauthorized actions in your systems.

Event Type Trigger Condition Key Payload Fields Integration Response
document.created New document added to platform document_id, title, created_at, created_by Register in internal tracking system
document.sent Document dispatched to signers document_id, signers[], expires_at, subject Update workflow dashboard status
signer.viewed Signer opens the document link document_id, signer_id, viewed_at, ip_address Log engagement and trigger timer
signer.completed Signer submits their signature document_id, signer_id, signed_at, signature_hash Check completion, notify downstream
document.completed All required signatures obtained document_id, completed_at, download_url, audit_trail_url Trigger next workflow step
document.expired Signing deadline exceeded document_id, expired_at, signers_pending[] Initiate renewal or alert ops team
document.declined Signer explicitly declines to sign document_id, signer_id, declined_at, reason Alert operations and escalate
document Voided Document cancelled by creator document_id, voided_by, voided_at, reason Close internal records and notify
Complete AbroadSign API v2 webhook event type reference

Rate Limits, Quotas, and Performance Optimization

The AbroadSign API v2 enforces rate limits to ensure platform stability and fair resource allocation across all API consumers. Standard tier accounts are limited to 1,000 requests per minute per API key, while Enterprise accounts receive elevated limits negotiated based on documented integration requirements and expected transaction volumes. Rate limit status is communicated in every API response through the X-RateLimit-Remaining and X-RateLimit-Reset response headers, enabling your integration to implement proactive throttling rather than waiting for 429 responses to trigger backoff behavior. For high-volume batch operations processing thousands of documents, use the dedicated /bulk endpoints that are specifically designed for bulk throughput with higher per-minute quotas and reduced per-document overhead.

  • Monitor X-RateLimit-Remaining header on every response and pause requests when approaching zero to avoid receiving 429 Too Many Requests responses that halt processing for the reset window.
  • Use the Retry-After header value to wait the exact duration before resuming requests rather than implementing arbitrary sleep intervals that may be too short or unnecessarily long.
  • For bulk document processing, prefer POST /bulk endpoints over individual POST /documents calls — bulk operations offer up to 10x throughput improvement for high-volume workflows.
  • Implement exponential backoff with jitter for all retry logic to handle transient server-side errors without overwhelming the platform during recovery periods.
  • Use Conditional Requests with If-Modified-Since or ETag headers when retrieving document status to avoid unnecessary data transfer and reduce latency for status checks.

“We process over 50,000 freight documents per month through the AbroadSign API. The bulk operations endpoint combined with proper webhook handling means our entire signing workflow runs with sub-minute latency — completely hands-off after the initial API call.”

— Lead Platform Engineer, global freight forwarding network

Official SDK Packages and Quick Start

AbroadSign maintains official SDK packages for the most widely adopted programming languages and frameworks, each providing native-language data structures, automatic retry logic with exponential backoff for transient failures, comprehensive type definitions for compile-time safety, and pre-configured HTTP client settings that comply with the API security requirements. SDK packages are open source and available on GitHub, where community contributions for additional languages are welcome and reviewed by the AbroadSign engineering team. All official SDKs are versioned in lockstep with the API to ensure that SDK method signatures and behavior remain consistent with the underlying REST endpoints.

  • Python SDK: Install via pip install abroadsign-api. Full async/await support for modern Python applications, with automatic integration helpers for Django, FastAPI, and Celery-based background task systems. Full type hints and IDE autocomplete support included.
  • Node.js / TypeScript SDK: Install via npm install abroadsign-api. Fully typed TypeScript package with complete type definitions for all request and response objects. Includes native middleware support for Express.js, Next.js API routes, and serverless functions on AWS Lambda and Vercel.
  • Java / Spring Boot SDK: Maven coordinates available on Maven Central. Compatible with Spring Boot 2.x and 3.x, with auto-configuration support and comprehensive Javadoc documentation for enterprise Java development teams.
  • PHP SDK: PSR-compliant package compatible with Laravel, Symfony, and standalone PHP 8.1+ applications. Includes Laravel service provider for seamless dependency injection configuration through the Laravel service container.
  • .NET / C# SDK: .NET Standard 2.0 compatibility supporting .NET Framework, .NET Core, and .NET 5+ on Windows, Linux, and macOS. Includes ASP.NET Core dependency injection integration with HttpClientFactory pattern.
Developer team building API integrations with official SDK packages
Official SDK packages accelerate development across Python, Node.js, Java, PHP, and .NET ecosystems

Getting Started: Your First API Integration

Begin your integration by accessing the AbroadSign API sandbox environment, which provides a fully functional API mirror with isolated test data that does not affect production document vaults or count against production quotas. Generate your sandbox API credentials from the dashboard under Settings, and start making API calls immediately to explore document creation, signer configuration, and webhook delivery in a safe environment. The sandbox automatically simulates signing ceremonies, so you can test complete end-to-end workflows without waiting for real human signers to take action during development and QA cycles. Our interactive API documentation portal provides a live API explorer where you can execute requests directly in the browser, inspect request and response payloads, and generate ready-to-use code snippets for any endpoint in any of the supported SDK languages.

For advanced integration patterns including high-volume batch processing, multi-tenant white-label implementations, and custom webhook reliability architectures, explore our Document Workflow Automation Guide that covers performance tuning, error handling strategies, and enterprise deployment best practices. Our integration engineering team also offers complimentary technical architecture review sessions for enterprise customers to validate your integration design before you commit to production traffic volumes.

API integration architecture and developer workspace
Build production-grade integrations with the AbroadSign API v2 — explore our developer resources today

Ready to build your integration? Visit the API documentation portal for full endpoint references, SDK downloads, and working code examples. For questions about enterprise API requirements, custom integration architecture, or production scaling, contact our technical integration team to schedule a complimentary architecture review session with one of our senior API engineers.