E-Sign Webhook

---

title: E-Sign Webhook

description: Start E-Sign Webhook on Atlas REST: envelope lifecycle from draft through signed PDF without seat licenses. Includes five free sends on signup.

date: 2026-06-11

updated: 2026-06-11

---

Developers searching "e-sign webhook" usually want a concrete REST path, not a marketing overview. This guide documents Atlas patterns and maps common incumbent concepts where relevant.

Share: One POST to create, one review click, one webhook when signed.

Atlas quick start

Authenticate with Authorization: Bearer <api_key>. Create accepts PDF or DOCX on JSON or multipart transports.

curl -X POST https://atlaswork.ai/api/envelope \
 -H "Authorization: Bearer $ATLAS_API_KEY" \
 -H "Content-Type: application/json" \
 -H "Idempotency-Key: e-sign-webhook-demo-1" \
 -d '{
 "document_url": "https://example.com/agreement.pdf",
 "parties": [{"email": "signer@example.com", "name": "Signer", "role": "Customer"}]
 }'

Response includes envelope_id and review_url. Field detection runs async. Poll GET /api/envelope/{id} until fields_status is ready, failed, or recovered_empty.

Send after review:

curl -X POST "https://atlaswork.ai/api/envelope/$ENVELOPE_ID/send" \
 -H "Authorization: Bearer $ATLAS_API_KEY" \
 -H "Content-Type: application/json" \
 -d '{"parties": [{"email": "signer@example.com", "name": "Signer", "role": "Customer"}], "fields_version": 1}'

One credit consumes at send. Drafts and detection are free. Full reference: e-signature API.

Webhooks

Pass webhook_url at create. Atlas POSTs lifecycle events with HMAC in X-Atlas-Signature. Verify with your API key.

Common events: envelope.sent, envelope.signed, envelope.voided, envelope.declined, contract.extracted.

Test with a request bin before production. Retry logic on your side should treat duplicate delivery as idempotent.

Error handling

402 when credits exhausted. 409 on fields_version mismatch or send while detection pending. 400 on malformed parties.

Log envelope_id on every create for support traces.

Testing checklist

1. Create with two-page PDF
2. Open review_url, confirm fields
3. Send to mailbox you control
4. Sign on mobile
5. Verify webhook and signed PDF download

Sign up for five free sends.

Implementation depth for "e-sign webhook"

Production signing integrations fail on edge cases, not happy-path demos. Below is a checklist teams wish they had before the first production send.

Create path hardening

Always pass Idempotency-Key on POST /api/envelope. Retries from Zapier, n8n, or your job runner must not spawn duplicate envelopes.

Upload PDF or DOCX via multipart when bytes live on disk. Use document_url when the file already sits on S3 or your object storage.

Poll fields_status before send. Sending while detection is pending returns 409.

Review gate semantics

Atlas defaults to review-first on ad-hoc creates. Your agent or API uploads the file; a human opens review_url, confirms detected fields and parties, then clicks Send.

That gate prevents misaddressed contracts without building a custom approval service. Templates can auto-send once legal trusts the shape.

If you need immediate dispatch from server code only, pass auto_send: true at create on REST. MCP tools always return review links for new uploads.

Webhook verification

Set webhook_url at create. Verify X-Atlas-Signature HMAC with your API key before you mutate CRM or billing state.

Handle at least: envelope.sent, envelope.signed, envelope.voided, envelope.declined, and contract.extracted if you use post-sign extraction.

Treat duplicate webhook delivery as idempotent using envelope_id plus event type as a natural key.

Sequential signing rules

Atlas signs in order. Party 1 receives email first. Party 2 waits until party 1 finishes.

Multi-party sign URLs must include ?t=<token> so each signer only sees their fields. Never share a bare /sign/{id} link on multi-party envelopes.

API surface map

OpenAPI: /openapi.json. Agent instructions: /llms.txt.

MCP parity

Ten MCP tools mirror the lifecycle: create, template send, get, status, list, void, remind, extract, and more.

Connect at /mcp/claude or /mcp/chatgpt when the caller is an agent rather than your backend.

Agents should not hold long-lived user OAuth tokens for incumbents when MCP discovery handles auth.

Error codes you will hit

402 when credits exhausted at send time. Buy envelopes at /dashboard/billing or upgrade before peak season.

409 when fields_version or parties_version mismatch, or when send runs while fields_status is still pending.

400 when required parties missing on send or malformed JSON on create.

Stakeholder alignment

Legal cares about audit trail export. Finance cares about seat true-up. Engineering cares about sandbox uptime and API stability.

Agents introduce a fourth stakeholder: platform team cares about MCP, OAuth, and whether send requires human review by default.

Run a 30-minute workshop with each group before vendor selection. Publish internal FAQ after decision to stop repeated Slack debates.

Pilot success metrics

Time from upload to first signed PDF on a test envelope.

Webhook delivery latency p95 under load.

Support tickets per hundred sends in the first month.

Cost per signed document at peak volume including admin seat overhead.

If e-sign webhook brought you here, test one metric above on Atlas. /signup gives you five free sends.

FAQ

Does Atlas support PDF and DOCX? Yes on every create path.

Can agents call this API? Yes via MCP or REST. See /mcp.

Where is OpenAPI? /openapi.json and /llms.txt.

Related reading

• E-signature API docs
• Signature API patterns
• MCP electronic signatures