Signature API

Signature API searches blend category intent ("how do signing APIs work?") with vendor evaluation. This guide documents REST patterns on Atlas and maps common DocuSign concepts for migrations.

What a signature API must do

Minimum viable signing API:

Create envelope with PDF or DOCX
Place or detect signature fields
Send to ordered signers
Poll or webhook status changes
Download signed PDF with audit metadata

Optional: templates, remind, void, decline, post-sign extraction.

Atlas exposes these on POST /api/envelope, GET /api/envelope/{id}, POST /api/envelope/{id}/send, and webhooks. MCP mirrors lifecycle for agents.

Atlas signature API quick start

Authenticate: Authorization: Bearer <api_key>

Create with URL:

curl -X POST https://atlaswork.ai/api/envelope \
  -H "Authorization: Bearer $ATLAS_API_KEY" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: sig-api-demo-1" \
  -d '{
    "document_url": "https://example.com/agreement.pdf",
    "parties": [
      { "email": "signer@example.com", "name": "Signer", "role": "Customer" }
    ]
  }'

Response:

{
  "envelope_id": "uuid",
  "review_url": "https://atlaswork.ai/review/uuid?rt=..."
}

Field detection runs async. Poll until fields_status is ready, failed, or recovered_empty.

Send after review:

curl -X POST "https://atlaswork.ai/api/envelope/$ENVELOPE_ID/send" \
  -H "Authorization: Bearer $ATLAS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "parties": [{ "email": "signer@example.com", "name": "Signer", "role": "Customer" }],
    "fields_version": 1
  }'

One credit consumes at send. Drafts free.

Multipart create (PDF or DOCX)

curl -X POST https://atlaswork.ai/api/envelope \
  -H "Authorization: Bearer $ATLAS_API_KEY" \
  -F "file=@contract.docx" \
  -F 'parties=[{"email":"a@example.com","name":"A","role":"Vendor"}]'

DOCX converts to PDF for signing.

Webhooks

Set webhook_url at create. Verify X-Atlas-Signature HMAC with API key. Events include envelope.sent, envelope.signed, envelope.voided, envelope.declined, contract.extracted.

DocuSign signature API mapping

DocuSign	Atlas
POST /envelopes	POST /api/envelope
Tabs in payload	Detection + review UI
status=sent	POST .../send
GET /envelopes/{id}	GET /api/envelope/{id}
Connect	webhook_url + HMAC

Full route table: DocuSign envelope API guide.

Rate limits and idempotency

Atlas idempotency uses Idempotency-Key header (24-hour window). DocuSign limits vary by plan. See DocuSign API limits.

Agent signature API (MCP)

Claude and ChatGPT connect via OAuth to /api/mcp. Tools include send_contract_for_review, check_signing_status, get_envelope, void_envelope, extract_contract_data.

Agents get review_url on ad-hoc uploads. Humans retain send authority unless template auto_send is configured.

Read MCP electronic signatures guide.

Sequential signing

Parties sign in array order. Sign URLs include party token query param for multi-party envelopes. Signers only see their fields server-side.

Error codes to handle

402 credits exhausted
409 fields_version mismatch or send while detection pending
400 missing parties on send

FAQ

Is signature API the same as e-signature API?

Same category. See e-signature API guide for extended reference.

Embedded signing?

Return sign URLs to your app. Platform mode supports multi-tenant SaaS. See platform embedded signing blog.

HelloSign / Dropbox Sign mapping?

Similar envelope model. Atlas differentiates on usage pricing and MCP.

Status polling versus webhooks

Poll GET /api/envelope/{id}/status for simple scripts. Production should use webhooks to avoid hammering API during signer completion window.

Lightweight status fields: status, signed_count, total, next_signer_email.

Version headers on PATCH

PATCH /api/envelope/{id}/fields requires fields_version. Send route may include fields and fields_version when updating at dispatch. Mismatch returns 409.

List and filter

GET /api/envelopes?status=pending helps reconciliation jobs find stuck sends.

Platform signature API

Pass Atlas-Account header for connected accounts. Platform keys stay on your server; child tenants do not share envelope IDs.

See /platforms and platform quickstart in docs.

Security checklist

API keys server-side only
Verify webhook HMAC before updating CRM
Do not embed API keys in mobile apps
Rotate keys on offboarding

Testing signature API integration

Create with is_test metadata if supported in your environment
Use Idempotency-Key on duplicate retry test
Void pending test envelope after assert
Confirm 402 when credits exhausted in staging account

Comparison to category searches

Searchers typing signature API may also read electronic signature vs DocuSign for vendor context.

Remind and void endpoints

POST /api/envelope/{id}/remind nudges next unsigned party. POST /api/envelope/{id}/void cancels pending envelope. Map DocuSign void to same lifecycle handler.

Extract after sign

contract.extracted webhook fires structured data post-sign when configured. Useful for warehouse loads without CLM repository.

Multipart versus JSON create

Choose multipart when file bytes already on app server. Choose document_url when CDN or Drive hosts PDF. Choose base64 only for small files to avoid payload bloat.

OpenAPI and llms.txt

Agent clients should load /openapi.json and /llms.txt for machine-readable route list alongside this guide.

Credits and billing

Send consumes one credit. Check dashboard balance before batch jobs. Admins bypass credit check; service accounts use standard profile credits unless on platform billing mode.

Idempotency-Key headers prevent duplicate envelopes when clients retry POST on timeout. Always send stable keys per logical business action.