Embedded Signature Flows for SaaS Products
How embedded signature UX works inside your app, what signers expect, and how Atlas helps platform teams ship without email detours.
Shaan F.
Co-founder & CEO, Atlas
On this page
Product teams search "embedded signature" when legal approved e-sign but the CEO rejected "send them a DocuSign email." They want the contract finished inside onboarding, checkout,. Or a partner portal.
> Share: "Embedded signature keeps the signer in your product; the legal ceremony stays the same."
What Embedded Means in Practice
You still create an envelope, place fields, and produce a tamper-evident PDF. You change where the signer experiences those steps. Options:
- Full-page redirect to a hosted sign URL with your logo params
- Iframe inside your logged-in shell
- Mobile web view for native apps
Atlas returns a party-scoped sign_url after send. Wrap it in your layout. Never share one URL across multiple signers on the same deal.
Build Checklist
- Server-side
POST /api/envelopewith PDF or DOCX - Human review at
review_urlfor new templates - Store envelope ID beside your user or deal record
- Embed or redirect to
sign_urlwith the party token - Webhook handler flips your app state to signed
Details: embedded e-signature API.
UX Details That Matter
Loading states: field detection may take seconds on first upload. Do not show an empty iframe while fields_status is pending.
Mobile keyboards: signature pads need height. Test iOS Safari.
Auth: tie the sign session to the logged-in user before revealing the iframe.
Branding: Atlas sign pages show sender context. You still own surrounding nav and success screens.
Embedded vs Email-First
| Signal | Prefer embedded | Prefer email |
|---|---|---|
| Signer is your logged-in user | Yes | Rare |
| Counterparty is external counsel | Maybe | Often |
| Mobile app primary | Yes | OK |
| Zero eng capacity | No | Yes |
Atlas Platform Angle
Atlas charges per send, not per seat. Five free sends on signup. MCP tools let agents create envelopes from Claude or ChatGPT when you need ops automation alongside embedded UX.
Platforms overview covers white-label positioning. Signup to test one embedded flow on your staging domain.
Common Mistakes
Sharing a bare /sign/{id} link on multi-party deals. Each signer needs their token.
Creating envelopes from the browser with API keys exposed.
Sending before field detection completes (409 on send).
Iframe Sizing and CSP
If you embed Atlas sign URLs, set iframe height to at least 640px on desktop and prefer full viewport on mobile. Content Security Policy must allow the Atlas sign domain in frame-src.
Test with ad blockers enabled. Some corporate extensions block third-party iframes even when first-party cookies are fine.
Post-sign redirect: listen for webhook signed event rather than polling iframe URL. Browsers hide cross-origin navigation from parent pages.
Partner Portal Example
A B2B marketplace onboarding vendor agreement inside the seller dashboard follows the same pattern: create on sell. Er acceptance, review by ops once, embed sign URL for the seller principal, webhook flips seller status to active. Store envelope ID on the seller row for support.
Platform overview lists white-label positioning. Embedded signing iframe API covers layout notes.
Support Runbook
When signers see a blank iframe, check fields_status, party token, and CSP frame-src for the sign domain. Escalate with envelope ID.
Pilot Week Schedule
Day one: sandbox credentials and one PDF. Day two: two-party sequential sign. Day three: webhook to staging CRM. Day four: signed PDF to legal. Day five: scorecard with latency and admin hours.
Do not skip day four. Counsel rejects migrations on formatting deltas you could have caught in staging.
Parallel Run Policy
Run incumbent and challenger on the same doc type for two weeks when politics allow. Compare support tickets, not slide decks.
Rollback stays available until webhook parity proven on three consecutive production-like envelopes.
Internal Comms Template
Tell signers which email domain to expect during pilot. Surprise branding triggers phishing reports and skews UX feedback.
Tell finance which cost center absorbs parallel license fees during overlap.
Instrumentation During Pilot
Log envelope create latency, webhook delivery time, and support escalations per vendor. Numbers beat opinions in renewal meetings.
Store redacted webhook samples in the decision memo appendix for audit later.
FAQ
PDF and DOCX?
Both supported at create. DOCX converts to PDF for signing.
Credits?
One per send. Drafts free.
Start here?
Platforms and embedded signing blog.