First thanks for shring this. Why should one use this (or docusign hellosign etc) if there are open source esignature platforms like documenso docuseal etc
We believe using an independent third party (like SignatureAPI, Docusign, etc) for electronic signatures adds value. If you host your own electronic signature platform instance, you act as both the authority and the signer/signee. In case of a dispute, this could make the signature difficult to defend.
That said, there may be cases where a self-hosted solution makes sense (eg in high-trust situations), and I always like seeing new electronic signature platforms come in and challenge the incumbents.
Out of the box, we authenticate using email links, which is not the strongest method but sufficient for most cases and legally recognized.
You can also bring your own identity verification provider (eg ID card comparison with live video, biometrics, HSM token, etc) and integrate that verification into the signing process. Our API is flexible enough to support this.
Our API lets you create and track e-signature transactions ("envelopes"), while the actual signing (the "ceremony") happens in a user interface we provide. You can customize, localize, and brand this UI, embed it into your web or mobile app, or send a link to your signers to sign.
We cryptographically sign (or seal) the document to meet the integrity and tamper-proof requirements of most regulations.
Here on HN, we know you can seal the document by signing the hash with a private key and a self-signed certificate. Technically, the e-signatures inside are OK, the seal is cryptographically valid, and the document is tamper-proof, but good luck explaining that to a layperson (like a judge) when they open the document in Acrobat and get a scary red alert saying the signatures are invalid.
At SignatureAPI, we seal the document with a certificate that has a trust chain ending in a root certificate in the Adobe Approved Trust List. This gets you a reassuring green checkmark and a message "the signatures are valid" when the document is opened in Acrobat or Acrobat Reader.
Not many e-signature providers offer this green checkmark. Docusign, Dropbox, and Adobe do, but most others don't even cryptographically seal the document—which should raise red flags about whether they really know what they're doing legally.
That said, there may be cases where a self-hosted solution makes sense (eg in high-trust situations), and I always like seeing new electronic signature platforms come in and challenge the incumbents.
It seems like a path that a tech savvy company could excel in: document/ID photos, voice or video confirmations, recorded interviews..
You can also bring your own identity verification provider (eg ID card comparison with live video, biometrics, HSM token, etc) and integrate that verification into the signing process. Our API is flexible enough to support this.
Here on HN, we know you can seal the document by signing the hash with a private key and a self-signed certificate. Technically, the e-signatures inside are OK, the seal is cryptographically valid, and the document is tamper-proof, but good luck explaining that to a layperson (like a judge) when they open the document in Acrobat and get a scary red alert saying the signatures are invalid.
At SignatureAPI, we seal the document with a certificate that has a trust chain ending in a root certificate in the Adobe Approved Trust List. This gets you a reassuring green checkmark and a message "the signatures are valid" when the document is opened in Acrobat or Acrobat Reader.
You can check out an example here: https://signatureapi.com/docs/resources/deliverables/audit-l...
Not many e-signature providers offer this green checkmark. Docusign, Dropbox, and Adobe do, but most others don't even cryptographically seal the document—which should raise red flags about whether they really know what they're doing legally.