Show HN: SignatureAPI – Electronic Signature API

(signatureapi.com)

22 points | by victop 11 days ago

7 comments

  • cuxoco 11 days ago
    First thanks for shring this. Why should one use this (or docusign hellosign etc) if there are open source esignature platforms like documenso docuseal etc
    • victop 11 days ago
      We believe using an independent third party (like SignatureAPI, Docusign, etc) for electronic signatures adds value. If you host your own electronic signature platform instance, you act as both the authority and the signer/signee. In case of a dispute, this could make the signature difficult to defend.

      That said, there may be cases where a self-hosted solution makes sense (eg in high-trust situations), and I always like seeing new electronic signature platforms come in and challenge the incumbents.

  • irq-1 11 days ago
    I didn't see any verification of the person, like checking an ID. Is that not a normal part of electronic signatures?

    It seems like a path that a tech savvy company could excel in: document/ID photos, voice or video confirmations, recorded interviews..

    • victop 11 days ago
      Out of the box, we authenticate using email links, which is not the strongest method but sufficient for most cases and legally recognized.

      You can also bring your own identity verification provider (eg ID card comparison with live video, biometrics, HSM token, etc) and integrate that verification into the signing process. Our API is flexible enough to support this.

  • silva96 11 days ago
    Finally an affordable competitor in this bureauoratic market
    • written-beyond 11 days ago
      Can you explain how is this affordable, like it is 1/4th the price but it still seems exorbitant (¢25) given that it's a basic service.
  • jheinvirta 11 days ago
    I always found DocuSign way too expensive for what it is. Hope to see you guys take them over
  • anabellag7 11 days ago
    I am just here to support any competitor kicking off DocuSign off the market.
  • thro-away700 11 days ago
    Do people sign documents through an API, like in an API call?
    • victop 11 days ago
      Our API lets you create and track e-signature transactions ("envelopes"), while the actual signing (the "ceremony") happens in a user interface we provide. You can customize, localize, and brand this UI, embed it into your web or mobile app, or send a link to your signers to sign.
  • aamatte 9 days ago
    What's the green checkmark?
    • victop 9 days ago
      We cryptographically sign (or seal) the document to meet the integrity and tamper-proof requirements of most regulations.

      Here on HN, we know you can seal the document by signing the hash with a private key and a self-signed certificate. Technically, the e-signatures inside are OK, the seal is cryptographically valid, and the document is tamper-proof, but good luck explaining that to a layperson (like a judge) when they open the document in Acrobat and get a scary red alert saying the signatures are invalid.

      At SignatureAPI, we seal the document with a certificate that has a trust chain ending in a root certificate in the Adobe Approved Trust List. This gets you a reassuring green checkmark and a message "the signatures are valid" when the document is opened in Acrobat or Acrobat Reader.

      You can check out an example here: https://signatureapi.com/docs/resources/deliverables/audit-l...

      Not many e-signature providers offer this green checkmark. Docusign, Dropbox, and Adobe do, but most others don't even cryptographically seal the document—which should raise red flags about whether they really know what they're doing legally.