OAuth Dcr E-Sign API
---
title: OAuth Dcr E-Sign API
description: OAuth Dcr E-Sign API guide for developers: Bearer auth, envelope create paths, review URL, and status polling. Includes five free sends on signup.
date: 2026-06-16
updated: 2026-06-16
---
"oauth dcr esign api" sits at the intersection of product shipping and compliance. Atlas keeps the surface small: create, review, send, webhook, download.
Share: One POST to create, one review click, one webhook when signed.
This guide walks through oauth dcr e-sign api on the Atlas REST API. PDF and DOCX are supported on every upload path.
OAuth for MCP clients
Atlas exposes OAuth 2.0 with PKCE and Dynamic Client Registration (RFC 7591) for MCP connectors in Claude Desktop and ChatGPT.
Discovery:
https://atlaswork.ai/.well-known/oauth-authorization-serverhttps://atlaswork.ai/.well-known/mcp
REST integrations typically use API keys (Authorization: Bearer). OAuth is the path when a hosted agent needs user consent without you embedding a long-lived key in the client binary.
Password login remains available for dashboard users. SAML SSO is additive for orgs that enable it.
Connect walkthrough: /mcp/connect.
Quick reference
Base URL: https://atlaswork.ai/api/. Singular /api/envelope for resource ops, plural /api/envelopes for list.
FAQ
Does Atlas support PDF and DOCX? Yes on every create path. DOCX converts to PDF at ingest.
How do I authenticate? Authorization: Bearer with an API key from dashboard settings. OAuth is for MCP connectors.
What does send cost? One credit per envelope dispatched. Five free credits on signup.
Can I skip review? REST supports auto_send: true on create or template send after legal approval. Default is review-first.
Where is the full API reference? /dev and /docs/guides/e-signature-api.
Related reading
Next steps
Open /dev for OpenAPI detail. Sign up when you are ready to send.
Testing
Run one loop in staging: create with a two-page PDF, open review, send to a mailbox you control, sign on mobile, confirm webhook delivery. Use is_test: true in metadata when you want internal accounts skipped from Slack alerts.
Security
Store API keys server-side. Rotate keys from dashboard settings if leaked. Verify webhook signatures before updating production database rows.
Observability
Log envelope_id, fields_status, and webhook event types. When send fails, read metadata.send_error on the envelope row via GET /api/envelope/{id}.
Additional context for oauth dcr e-sign api
Atlas charges per send, not per seat. Detection and drafts are free. Multi-party envelopes sign sequentially. Each party receives a tokenized sign URL. Platform mode scopes child tenants with Atlas-Account. OpenAPI lives at /openapi.json. Agents can use MCP at /mcp while your backend uses REST for production traffic.
Send after review
When fields_status is ready, open review_url in a browser or call send from your backend:
curl -X POST https://atlaswork.ai/api/envelope/{id}/send \
-H "Authorization: Bearer $ATLAS_API_KEY" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: send-{id}-001" \
-d '{
"parties": [{"email": "signer@example.com", "name": "Jane Signer", "role": "Customer"}],
"fields_version": 1
}'
Send consumes one credit. Drafts are free. Match fields_version from GET /api/envelope/{id} or receive 409 on conflict.
Poll status
Lightweight progress:
curl https://atlaswork.ai/api/envelope/{id}/status \
-H "Authorization: Bearer $ATLAS_API_KEY"
Returns status, signed_count, total, and next_signer_email. Prefer webhooks in production.
Sequential signing
Multi-party envelopes sign in order. Each sign_url includes ?t=<token>. Fields filter server-side per party. See Sequential signing.
Field detection
Upload triggers async detection on PDF or DOCX. Poll until fields_status is not pending. Manual placement fallback when status is recovered_empty. Guide: Field detection.
Templates
Repeat sends use POST /api/templates/{id}/send. Do not pass template_id to envelope create (returns 400).
Platform mode
Multi-tenant SaaS can provision POST /api/platform/connected-accounts and scope with Atlas-Account: ext_<id>. See /platforms.
Credits and billing
Five free credits on signup. One credit per send. 402 when exhausted. Purchase more in dashboard billing. No seat minimums.
MCP parity
Agents use MCP at /mcp. Production backends typically use REST. Both share envelope rows.
Security checklist
Store API keys server-side only. Verify webhook HMAC before updating database rows. Rotate keys from dashboard settings if leaked.
Troubleshooting
409 on send while fields_status is pending means detection still running. 409 on version mismatch means refresh fields_version. Log envelope_id on every create for support traces.
Webhook events
Set webhook_url at create. Atlas POSTs JSON with X-Atlas-Signature: sha256=.... Verify HMAC with your API key.
| Event | When |
|---|---|
envelope.sent | Email dispatched to first signer |
envelope.signed | All parties finished |
envelope.declined | A signer declined |
envelope.voided | Sender voided pending envelope |
contract.extracted | Post-sign structured extract ready |
See platform webhooks.
Void and remind
Cancel pending work:
curl -X POST https://atlaswork.ai/api/envelope/{id}/void \
-H "Authorization: Bearer $ATLAS_API_KEY"
Nudge the next signer:
curl -X POST https://atlaswork.ai/api/envelope/{id}/remind \
-H "Authorization: Bearer $ATLAS_API_KEY"
Download signed PDF
When status is signed, GET /api/envelope/{id} returns signed download URLs if the artifact is archived.
OpenAPI reference
Interactive docs: /dev. Machine-readable: /openapi.json. Agent instructions: /llms.txt.
Getting started checklist
- Sign up and copy an API key.
- Run create with
Idempotency-Key. - Poll
fields_statusor watch review UI. - Send after review.
- Wire webhooks before production traffic.