Forem: BoldSign

ASP.NET Core Minimal APIs: When to Use Them and When Not To Use Them

Vijay Amalan — Wed, 29 Apr 2026 03:44:33 +0000

Minimal APIs are an endpoint-first way to build HTTP APIs in ASP.NET Core by mapping routes directly to handlers (no controllers required). They’re best for teams building small-to-medium, bounded services (microservices, BFFs, webhooks, internal APIs) that want fast iteration with less ceremony, as long as you add structure early. They solve the “too much framework for a small API” problem, and they matter because choosing the wrong model (or letting Program.cs become a dumping ground) creates long-term maintenance pain.

What decision should you make: Minimal APIs or Controllers?

Use this checklist and pick the first match.

Choose Minimal APIs when your API is bounded and you can enforce conventions

You’re building a focused service boundary (webhooks, microservice, BFF, internal tool API).
You can enforce a module convention (route groups + one file per feature).
Your team likes explicit routing and fluent metadata (OpenAPI tags, response types).
You want cross-cutting behavior via middleware + endpoint filters rather than MVC filters.

Choose Controllers when the API surface is large or the team is large

You expect many endpoints across multiple domains/features.
You rely heavily on attribute-driven conventions (routing/filters/versioning patterns).
Many developers contribute and you need high discoverability via familiar conventions.
Your org already has controller-first templates, libraries, or standards.

Checkpoint: If you can’t commit to a module convention on day 1, controllers are usually the safer default.

What will you build in this guide?

You’ll build a production-shaped Minimal API starter with one clear outcome:

End result: A Minimal API that’s structured with route groups + feature modules, uses endpoint-filter validation, returns consistent Problem Details errors, exposes OpenAPI docs, and is verifiable with curl + an integration test.

What prerequisites do you need before starting?

.NET SDK installed
Basic C# knowledge
Terminal access (PowerShell/Bash)
Optional: Postman/Insomnia

Checkpoint: dotnet –version prints a version successfully.

How does a Minimal API request flow work in production?

A[HTTP Request] –> B[Middleware pipeline]

B –> C[Routing selects endpoint]

C –> D[Endpoint filters (optional)]

D –> E[Handler runs]

E –> F[Result writes response (JSON, status code)]

F –> G[HTTP Response]

Checkpoint: You can point to exactly where you’ll put (1) global behavior (middleware), (2) per-feature behavior (endpoint filters), and (3) business orchestration (handlers).

How do you avoid a giant Program.cs with Minimal APIs?

Use a feature-module convention:

Program.cs only wires dependencies, middleware, and “maps modules”
Endpoints/Endpoints.cs defines routes for a feature via a route group
Infrastructure/ holds cross-cutting filters (validation, correlation, etc.)
Services/ holds business logic (handlers stay thin)

Checkpoint: You can add a new feature by creating one new Endpoints/*Endpoints.cs file, without touching existing endpoint files.

How do you build the production starter step by step?

1) How do you create a Minimal API project?

.NET

    dotnet new web -n MinimalApiStarter 
    cd MinimalApiStarter

Checkpoint: dotnet run starts the server without errors.

2) How do you enable OpenAPI document generation?

.NET

    Add the official OpenAPI package: 
    dotnet add package Microsoft.AspNetCore.OpenApi

Checkpoint: Package install succeeds.

3) How do you create a service layer so handlers don’t become “mini controllers”?

.NET

    Create Services/ProductService.cs: 
    namespace MinimalApiStarter.Services;
    public record ProductDto(int Id, string Name, decimal Price);
    public record CreateProductRequest(string Name, decimal Price);
    public interface IProductService
    {
        Task GetAsync(int id, CancellationToken ct);
        Task CreateAsync(CreateProductRequest request, CancellationToken ct);
    }
    public sealed class ProductService : IProductService
    {
        public Task GetAsync(int id, CancellationToken ct)
            => Task.FromResult(id == 404 ? null : new ProductDto(id, "Demo", 10m));
        public Task CreateAsync(CreateProductRequest request, CancellationToken ct)
            => Task.FromResult(new ProductDto(123, request.Name, request.Price));
    }

Checkpoint: No ASP.NET-specific types appear in the service.

4) How do you centralize validation using an endpoint filter?

.NET

    Create Infrastructure/ValidateCreateProductFilter.cs:
    using Microsoft.AspNetCore.Http.HttpResults;
    using MinimalApiStarter.Services;

    namespace MinimalApiStarter.Infrastructure;

    public sealed class ValidateCreateProductFilter : IEndpointFilter
    {
       public async ValueTask InvokeAsync(
          EndpointFilterInvocationContext context,
          EndpointFilterDelegate next)
       {
           var request = context.Arguments.OfType().FirstOrDefault();

           if (request is null)
               return TypedResults.BadRequest(new { error = "Request body is required." });

           var errors = new Dictionary();

           if (string.IsNullOrWhiteSpace(request.Name))
              errors["name"] = new[] { "Name is required." };

           if (request.Price < 0)
              errors["price"] = new[] { "Price must be >= 0." };

           if (errors.Count > 0)
               return TypedResults.ValidationProblem(errors);

           return await next(context);
       }
    }

Checkpoint: Validation rules are written once and reused, handlers stay clean.

5) How do you define endpoints as a feature module with a route group?

.NET

    Create Endpoints/ProductsEndpoints.cs: 
    using Microsoft.AspNetCore.Http.HttpResults;
    using MinimalApiStarter.Infrastructure;
    using MinimalApiStarter.Services;
    namespace MinimalApiStarter.Endpoints;
    public static class ProductsEndpoints
    {
        public static RouteGroupBuilder MapProductsEndpoints(this IEndpointRouteBuilder app)
        {
            var group = app.MapGroup("/api/products")
                .WithTags("Products")
                .RequireAuthorization("api");
            group.MapGet("/{id:int}", async Task<Results<Ok<ProductDto>, NotFound>> (
                int id,
                IProductService service,
                CancellationToken ct) =>
            {
                var product = await service.GetAsync(id, ct);
                return product is null ? TypedResults.NotFound() : TypedResults.Ok(product);
            })
            .Produces<ProductDto>(StatusCodes.Status200OK)
            .Produces(StatusCodes.Status404NotFound)
            .WithOpenApi();
            group.MapPost("/", async Task<Created<ProductDto>> (
                CreateProductRequest request,
                IProductService service,
                CancellationToken ct) =>
            {
                var created = await service.CreateAsync(request, ct);
                return TypedResults.Created($"/api/products/{created.Id}", created);
            })
            .AddEndpointFilter<ValidateCreateProductFilter>()
            .Produces<ProductDto>(StatusCodes.Status201Created)
            .ProducesValidationProblem()
            .WithOpenApi();
            return group;
        }
    }

Checkpoint: No endpoints are mapped inside Program.cs.

6) How do you wire auth, ProblemDetails, OpenAPI, and modules in Program.cs?

.NET

    Replace Program.cs with: 
    using MinimalApiStarter.Endpoints;
    using MinimalApiStarter.Services;
    var builder = WebApplication.CreateBuilder(args);
    // OpenAPI document generation
    builder.Services.AddOpenApi();
    // Problem Details support (standardized error shape)
    builder.Services.AddProblemDetails();
    // Demo authorization policy (replace with real auth in production)
    builder.Services.AddAuthorization(options =>
    {
        options.AddPolicy("api", policy => policy.RequireAssertion(_ => true));
    });
    builder.Services.AddScoped();
    var app = builder.Build();
    // Centralized exception handler (works well with ProblemDetails)
    app.UseExceptionHandler();
    app.UseAuthorization();
    // Expose OpenAPI JSON endpoint
    app.MapOpenApi();
    // Map feature modules
    app.MapProductsEndpoints();
    app.Run();
    // For integration tests (WebApplicationFactory)
    public partial class Program { }

Checkpoint: dotnet run compiles and starts successfully.

How do you test and verify the API?

How do you run the API locally?

.NET

    dotnet run

How do you verify GET returns a product?

cURL

    curl -i http://localhost:5000/api/products/1

Expected:

200 OK
JSON like: {“id”:1,”name”:”Demo”,”price”:10}

Checkpoint: You get a 200 with JSON for /1.

How do you verify GET returns 404 for missing

cURL

    curl -i http://localhost:5000/api/products/404

Expected:

404 Not Found

Checkpoint: /404 returns 404.

How do you verify validation runs via the endpoint filter?

cURL

    curl -i -X POST http://localhost:5000/api/products \ 
      -H "Content-Type: application/json" \ 
      -d "{\"name\":\"\",\"price\":-1}"

Expected:

400 Bad Request
A validation payload (from ValidationProblem)

Checkpoint: Validation fails before the handler runs.

How do you verify OpenAPI is being generated?

Fetch the OpenAPI JSON exposed by MapOpenApi() (path depends on your ASP.NET Core version/config). Confirm you see a JSON document containing /api/products/{id} and /api/products.

Checkpoint: OpenAPI JSON includes your endpoints and response metadata.

How do you add an integration test to prove endpoint wiring works?

1) How do you add a test project?

.NET

    dotnet new xunit -n MinimalApiStarter.Tests 
    dotnet add MinimalApiStarter.Tests reference MinimalApiStarter 
    dotnet add MinimalApiStarter.Tests package Microsoft.AspNetCore.Mvc.Testing

2) How do you write a minimal integration test?

.NET

    Create MinimalApiStarter.Tests/ProductsApiTests.cs: 
    using System.Net; 
    using Microsoft.AspNetCore.Mvc.Testing; 
    using Xunit; 

    public class ProductsApiTests : IClassFixture> 
    { 
        private readonly HttpClient _client; 

        public ProductsApiTests(WebApplicationFactory factory) 
        { 
            _client = factory.CreateClient(); 
        } 

        [Fact] 
        public async Task Get_Product_ReturnsOk() 
        { 
            var resp = await _client.GetAsync("/api/products/1"); 
            Assert.Equal(HttpStatusCode.OK, resp.StatusCode); 
        } 

        [Fact] 
        public async Task Get_MissingProduct_ReturnsNotFound() 
        { 
            var resp = await _client.GetAsync("/api/products/404"); 
            Assert.Equal(HttpStatusCode.NotFound, resp.StatusCode); 
        } 
    }

Run:

.NET

    dotnet test

Checkpoint: Tests pass and confirm routing + module mapping works.

What are the most common production mistakes with Minimal APIs and how do you fix them?

1) Why did my Minimal API turn into a “giant Program.cs”?

Cause: You mapped endpoints directly in Program.cs as the project grew.

Fix: Move each feature into Endpoints/_Endpoints.cs with Map_Endpoints().

2) Why are my endpoints inconsistent (validation, errors, logging)?

Cause: Each handler does its own checks and error shapes.

Fix: Use endpoint filters for validation, and standardize error responses using Problem Details.

3) Why does RequireAuthorization(“api”) throw “policy not found”?

Cause: Policy wasn’t registered or name mismatch.

Fix: Ensure AddAuthorization(options => options.AddPolicy(“api”, …)) matches exactly.

4) Why does my POST look like the handler runs even with bad input?

Cause: Validation is in-handler, or the filter wasn’t applied.

Fix: Confirm .AddEndpointFilter() is on the endpoint or group.

5) Why is my OpenAPI endpoint returning 404?

Cause: OpenAPI services weren’t added or endpoint wasn’t mapped.

Fix: Confirm builder.Services.AddOpenApi() and app.MapOpenApi() are both present.

What did you achieve, and what should you do next?

You now have a Minimal API starter that’s intentionally “production-shaped”:

Route groups + feature modules keep code discoverable
Endpoint-filter validation keeps handlers thin
ProblemDetails gives predictable error responses
OpenAPI generation keeps API docs accurate
Integration tests prove wiring won’t regress

Next step: Replace the demo authorization policy with real authentication (JWT/OAuth), then align your API security checklist with OWASP’s API Security Top 10.

Start today and unlock all features of BoldSign.

Need assistance? Request a demo or visit our Support Portal for quick help.

Bring fast, secure eSignatures to your Minimal APIs with BoldSign’s developer-friendly API.

Try BoldSign API Free

Related blogs

Note: This blog was originally published at boldsign.com

Prevent “I Didn’t Sign This” Claims with ID Verification Methods & Audit Trails

Vijay Amalan — Tue, 28 Apr 2026 05:29:15 +0000

“I didn’t sign this” claims, also known as repudiation claims, pose a serious risk in electronic signature workflows. They can delay deals, trigger costly disputes, damage trust, and create compliance issues, especially for legal paperwork, high‑value contracts, financial documents, and HR agreements. BoldSign effectively minimizes these risks by combining advanced signer identity verification with comprehensive, tamper-evident audit trails.

This layered approach delivers undeniable proof of who signed, when they signed, their intent, and that the document remained unchanged, ensuring strong non-repudiation and legally defensible agreements.

What are repudiation claims

Repudiation claims happen when a signer denies signing a document or claims the signature was unauthorized, forged, or completed through a compromised account. In electronic signature workflows, these disputes can delay agreements, create legal challenges, and increase operational risk. They are especially common in low-security workflows that rely only on email access without stronger identity checks.

What is the risk of repudiation in electronic signatures

Repudiation occurs when a signer denies signing a document, claiming it was forged, unauthorized, or completed through a compromised account. This is more common in basic email-only workflows with minimal identity checks. High-value or regulated agreements are especially vulnerable, as disputes can invalidate contracts, lead to legal challenges, and cause financial or operational harm.

For an electronic signature to be enforceable and provide non-repudiation, it must prove three key elements:

Signer intent – Clear evidence they meant to sign.
Signer identity – Reasonable (or strong) confirmation of who they are.
Document integrity – Proof the document wasn’t altered after signing.

BoldSign exceeds these requirements through layered security features, making repudiation claims extremely difficult to sustain.

BoldSign’s advanced identity verification methods

BoldSign offers flexible, multi-layered authentication options to confirm the signer is the authorized person before they access or complete the document. You can apply these selectively per signer (including in multi-party workflows) or standardize them via templates.

Key methods include:

Email OTP – A one-time password sent to the signer’s email; they must enter it to proceed, confirming email ownership.
SMS OTP – A one‑time code sent to the signer’s phone by text message.
Access Code – A custom PIN you create and share securely through a separate channel; the signer enters it for access.
Government ID Verification with Biometric Selfie – For higher-risk documents, require:
- Upload of a government-issued ID (e.g., passport, driver’s license, national ID card).
- A live biometric selfie.
- Advanced matching (powered by technology like Stripe Identity) compares the selfie to the ID photo, with configurable strictness levels (strict, moderate, lenient) and options like live document capture to prevent photos or photocopies.

Identity Verification

These controls, especially government ID with a selfie, tie the signing process to real‑world identity and significantly reduce impersonation and unauthorized access risks.

What does an audit trail prove

Every BoldSign document includes a detailed, tamper-evident audit trail that logs the entire signing process. This creates a consistent, court-admissible record supporting non-repudiation.

The audit trail typically captures:

Precise timestamps for events (sent, viewed, authenticated, signed, completed).
IP addresses and device details.
Authentication activity, including methods used such as OTP, access code, and ID verification.
Signer actions and consent to electronic disclosures.
Document integrity verification, using cryptographic hashes to confirm that no alterations were made after signing.
Sender and recipient information, including names and email addresses.

After completion, download the audit trail as a branded PDF (separately or combined with the signed document). It is digitally signed to prevent tampering, ensuring reliability for reviews, audits, or disputes.

How do ID verification and audit trails work together

This combination forms a powerful, multi-layered defense:

Identity is verified upfront – Blocking unauthorized users before access.
Every key action is logged – With timestamps, IP/device data, and verification outcomes.
Integrity is preserved – Through hashes and tamper-evident records.

Together, they generate a complete evidence package: Proven identity + documented intent + unaltered document. This makes repudiation claims unsustainable and supports compliance with standards like ESIGN Act, UETA, and eIDAS.

Key business benefits

Here’s how these features translate into real business advantages:

Stronger legal defensibility – Meets or exceeds global e-signature laws with verifiable non-repudiation.
Fewer disputes and faster resolution – Clear and reliable evidence minimizes challenges and speeds up issue handling.
Enhanced trust – Signers, partners, legal teams, and stakeholders gain confidence from robust security.
Flexible security – Apply stricter verification only where needed (e.g., high-value documents), balancing protection with efficiency.
Operational efficiency – Avoids costly delays from repudiation claims and streamlines workflows.

Conclusion

“I didn’t sign this” claims don’t have to derail your agreements. BoldSign’s robust identity verification paired with detailed, tamper-evident audit trails provides strong proof of identity, intent, and document integrity, virtually eliminating repudiation risks.

Secure your high-value or regulated workflows with confidence. Try BoldSign free and explore powerful audit logging, automated workflows, and secure signing.

Have questions? Our team is here, schedule a demo and get expert support.

Related blogs

Note: This blog was originally published at boldsign.com

Free Email QR Code Generator for Ready‑to‑Use Email Drafts

Vijay Amalan — Mon, 27 Apr 2026 05:34:12 +0000

We are excited to introduce the free BoldSign Email QR Code Generator, a simple and secure tool that helps anyone share a complete email template, including email address, subject, and message, with a quick scan. Whether you’re a freelancer adding contact details to business cards, a professional sharing support information on brochures, or a small business placing QR codes on packaging, this tool makes communication effortless. There is no software to install, no account required, and no cost. Everything runs inside your browser, keeping your information private and helping you connect faster.

Why choose the free BoldSign Email QR Code Generator

Our email QR code generator is built for convenience, privacy, and professional results. It works entirely inside your browser, so your email information is never stored. It is perfect for professionals, creators, and businesses who want a quick way for people to reach their inbox.

Here are the main reasons for choosing our tool:

Completely free: No sign up, no fees, and no restrictions. Create email QR codes online for free.
Privacy first: All processing happens on your device. Your information is never saved or shared.
Professional look: Generate clean and polished QR codes ideal for business cards, posters, menus, flyers, resumes, and printed materials.
Works everywhere: Create email QR codes from your phone, tablet, or computer without installing anything.
Fast and simple: Add your email address, subject, or message and generate a QR code in seconds.

Key features of the free Email QR Code Generator

Whether you’re sharing a support email or a personal contact address, these features make BoldSign your go‑to solution:

Custom email details: Add your email address along with a subject and an optional predefined message so people can contact you instantly with the right context.
High quality downloads: Download clear and print ready QR codes perfect for physical or digital use.
Unlimited creation: Generate as many email QR codes as you need. There are no limits and no watermarks.
Simple customization: Adjust the appearance of the QR code if supported on the page, so it matches your brand or design.
Beginner friendly: No technical knowledge is needed. Enter your details and download them immediately.

How to create an email QR code in three simple steps

Getting started takes only a few clicks. Follow these three steps to create your first email QR code:

Open the tool: Go to the free BoldSign Email QR Code Generator.
Enter your information: Type your email address, subject line, and optional message. Customize the appearance if needed.
Download your email QR Code: Save your QR code as PNG, SVG, or JPEG, and display it anywhere so guests can scan and connect instantly.

Start sharing your email smarter today

The free BoldSign Email QR Code Generator makes sharing your email address fast, simple, and accessible to everyone. Whether you are a freelancer, business owner, job seeker, or student, this tool helps people reach you instantly with a quick scan. There is no cost, no setup, and no technical skills required. Create your QR code in minutes and make communication easier than ever.

Ready to simplify your document workflows? Sign up for a free 30-day trial or connect with our support team for a personalized demo.

Related blogs

Note: This blog was originally published at boldsign.com

BoldSign Edit Document API: Update Signers, Fields, and Files Without Restarting

Vijay Amalan — Tue, 21 Apr 2026 03:44:23 +0000

Updating documents mid-workflow usually means recreating them, reassigning fields, and disrupting signers. The BoldSign Edit Document API lets you update signer details, fields, metadata, and even files without restarting the signing process.

This guide is for developers, product teams, and automation engineers working with BoldSign. It explains what the Edit Document API can update, how it works, when to use it, and how to perform safe updates with clear examples.

What problem this solves

Most eSignature systems treat documents as nearly immutable once created. Any mistakes, such as incorrect signer emails, missing signature fields, outdated clauses, or wrong files, often require:

Recreating the document
Reapplying all fields manually
Re-inviting all signers
Losing audit continuity

The BoldSign Edit Document API eliminates all of these problems.

It helps you:

Correct signer details without interrupting signing
Add or modify fields dynamically
Replace or remove files without re uploading a document package
Update instructions, messages, or labels instantly
Keep workflows running even when your business logic changes

How does the BoldSign edit document API work?

The API uses a flexible update model where you send only the changes you need. It supports two modes of processing based on whether the request includes files.

How does the completed (synchronous) mode work?

If your request does not include files, edits are applied immediately.

Useful for:

Metadata updates
Signer property updates
Adding or removing form fields
Label changes
Reminder setting modifications

You receive a response with: “status”: “Completed”

How does the queued (asynchronous) mode work?

If your request includes files, BoldSign processes the update in the background.

You receive: “status”: “Queued”

After processing finishes, you receive webhook events:

Edited → change successful
EditFailed → change unsuccessful, includes failure reason

This makes file replacement safe and traceable.

Why you need document properties before editing?

To update files, signers, or form fields, you must have their corresponding IDs:

fileId
ignerId
formFieldId

These IDs are retrieved from the Document Properties API, which returns the complete document structure, including all editable resources and their IDs.

This is mandatory for safe, targeted updates.

How do partial updates differ from nested updates?

What do partial updates change?

Partial updates allow you to send only the fields you want modified, BoldSign leaves the rest untouched.

Perfect for top level updates such as:

Message
Labels
Reminder settings

How do nested updates work for files, signers & fields?

Nested resources require:

EditAction = Add | Update | Remove
The resource’s ID (fileId, signerId, formFieldId)

For example:

Updating a signer requires signerId
Removing a form field requires formFieldId

This prevents overwriting the entire signer or field structure.

What you’ll need before calling the edit document API?

Make sure you have the following ready:

A BoldSign account (sandbox or production).
An API key (or OAuth2 access token) to call BoldSign APIs over HTTPS.
A REST client such as cURL, Postman, or your preferred HTTP library.
documentId – The ID of the document you want to edit.
Property IDs – File IDs, signer IDs, and form field IDs (retrieved via /v1/document/properties).
Basic API Tooling – Ability to make HTTP calls (e.g., cURL, Postman, or any BoldSign SDK).

Authentication headers

Use one of the following:

API Key: X-API-KEY:
OAuth2: Authorization: Bearer

How do you update signers and metadata without editing files?

Because no files are included, this triggers synchronous mode (Completed).

Below is an example code snippet

cURL

    curl -X PUT 'https://api.boldsign.com/v1-beta/document/edit?documentId=YOUR-DOCUMENT-ID' \
    -H 'Content-Type: application/json' \
    -H 'X-API-KEY: {API-KEY}' \
    -d '{
        "Message": "Please sign this document.",
        "Signers": [
            {
                "EditAction": "Update",
                "Id": "YOUR-SIGNER-ID",
                "AuthenticationType": "EmailOTP",
                "FormFields": [
                    {
                        "EditAction": "Add",
                        "FieldType": "TextBox",
                        "Bounds": {
                            "X": 100,
                            "Y": 100,
                            "Width": 100,
                            "Height": 20
                        },
                        "IsRequired": false,
                        "PageNumber": 1
                    }
                ]
            },
            {
                "EditAction": "Add",
                "Name": "Signer",
                "EmailAddress": "signer@gmail.com",
                "AuthenticationType": "AccessCode",
                "AuthenticationCode": "1234",
                "FormFields": [
                    {
                        "EditAction": "Add",
                        "FieldType": "Signature",
                        "Bounds": {
                            "X": 150,
                            "Y": 150,
                            "Width": 200,
                            "Height": 30
                        },
                        "IsRequired": true,
                        "PageNumber": 1
                    }
                ]
            }
        ],
        "Labels": ["Label1", "Label2"],
        "ReminderSettings": {
            "EnableAutoReminder": true,
            "ReminderDays": 2,
            "ReminderCount": 4
        }
    }'

    var apiClient = new ApiClient("https://api.boldsign.com", "YOUR_API_KEY");
    var documentClient = new DocumentClient(apiClient);
    // --- Form fields for existing signer ---
    var textField = new EditFormField()
    {
        EditAction = EditAction.Add,
        Type = FieldType.TextBox,
        IsRequired = false,
        Bounds = new Rectangle()
        {
            X = 100,
            Y = 100,
            Width = 100,
            Height = 20,
        },
        PageNumber = 1,
    };
    var signerToUpdate = new EditDocumentSigner()
    {
        EditAction = EditAction.Update,
        Id = "YOUR-SIGNER-ID",
        AuthenticationType = AuthenticationType.EmailOTP,
        FormFields = new List<EditFormField>()
        {
            textField
        }
    };
    // --- Form fields for new signer ---
    var signatureField = new EditFormField()
    {
        EditAction = EditAction.Add,
        Type = FieldType.Signature,
        IsRequired = false,
        Bounds = new Rectangle()
        {
            X = 150,
            Y = 150,
            Width = 200,
            Height = 30,
        },
        PageNumber = 1,
    };
    var signerToAdd = new EditDocumentSigner()
    {
        EditAction = EditAction.Add,
        Name = "Signer",
        EmailAddress = "signer@gmail.com",
        AuthenticationType = AuthenticationType.AccessCode,
        AuthenticationCode = "1234",
        FormFields = new List<EditFormField>()
        {
            signatureField
        }
    };
    // --- Signers collection ---
    var documentSigners = new List<EditDocumentSigner>()
    {
        signerToUpdate,
        signerToAdd
    };
    // --- Labels ---
    var labels = new List<string>()
    {
        "Label1",
        "Label2"
    };
    // --- Reminder settings ---
    var reminderSettings = new ReminderSettings()
    {
        EnableAutoReminder = true,
        ReminderCount = 4,
        ReminderDays = 2,
    };
    // --- Final request ---
    var editDocumentRequest = new EditDocumentRequest()
    {
        DocumentId = "YOUR-DOCUMENT-ID",
        Message = "Please sign this document.",
        Signers = documentSigners,
        Labels = labels,
        ReminderSettings = reminderSettings
    };
    var documentEdited = documentClient.EditDocument(editDocumentRequest);

Python

    import boldsign
    configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
    with boldsign.ApiClient(configuration) as api_client:
        document_api = boldsign.DocumentApi(api_client)
        document_id = "YOUR-DOCUMENT-ID"
        signer1 = boldsign.EditDocumentSigner(
            edit_action="Update",
            id="YOUR-SIGNER-ID",
            authentication_type="EmailOTP",
            form_fields=[
                boldsign.EditFormField(
                    edit_action="Add",
                    fieldType="TextBox",
                    is_required=False,
                    bounds=boldsign.Rectangle(x=100, y=100, width=100, height=20),
                    page_number=1
                )
            ]
        )
        signer2 = boldsign.EditDocumentSigner(
            edit_action="Add",
            name="Signer22",
            email_address="signer@gmail.com",
            authentication_type="AccessCode",
            authentication_code="1234",
            form_fields=[
                boldsign.EditFormField(
                    edit_action="Add",
                    type="Signature",
                    is_required=False,
                    bounds=boldsign.Rectangle(x=150, y=150, width=200, height=30),
                    page_number=1
                )
            ]
        )
        edit_request = boldsign.EditDocumentRequest(
            message="Please sign this document.",
            signers=[signer1, signer2],
            labels=["Label1", "Label2"],
            reminder_settings=boldsign.ReminderSettings(
                enable_auto_reminder=True,
                reminder_count=4,
                reminder_days=2
            )
        )
        response = document_api.edit_document(document_id, edit_request)

PHP

    <?php require_once "vendor/autoload.php";
    use BoldSign\Configuration;
    use BoldSign\Api\DocumentApi;
    use BoldSign\Model\EditDocumentRequest;
    use BoldSign\Model\EditDocumentSigner;
    use BoldSign\Model\EditFormField;
    use BoldSign\Model\Rectangle;
    use BoldSign\Model\ReminderSettings;
    use BoldSign\Model\EditDocumentFile;
    $config = new Configuration();
    $config->setApiKey('YOUR_API_KEY');
    $apiInstance = new DocumentApi($config);
    $document_id = "YOUR-DOCUMENT-ID";
    $formField2 = new EditFormField();
    $formField2->setEditAction("Add");
    $formField2->setFieldType("TextBox");
    $formField2->setIsRequired(false);
    $formField2->setBounds(new Rectangle([100, 100, 100, 20]));
    $formField2->setPageNumber(1);
    $signer1 = new EditDocumentSigner();
    $signer1->setEditAction("Update");
    $signer1->setId("YOUR-SIGNER-ID");
    $signer1->setAuthenticationType("EmailOTP");
    $signer1->setFormFields([$formField2]);
    $formField3 = new EditFormField();
    $formField3->setEditAction("Add");
    $formField3->setFieldType("Signature");
    $formField3->setBounds(new Rectangle([100, 100, 100, 70]));
    $formField3->setPageNumber(1);
    $signer2 = new EditDocumentSigner();
    $signer2->setEditAction("Add");
    $signer2->setName("Signer");
    $signer2->setEmailAddress("signer@gmail.com");
    $signer2->setAuthenticationType("AccessCode");
    $signer2->setAuthenticationCode("1234");
    $signer2->setFormFields([$formField3]);
    $reminderSettings = new ReminderSettings();
    $reminderSettings->setEnableAutoReminder(true);
    $reminderSettings->setReminderCount(4);
    $reminderSettings->setReminderDays(2);
    $edit_document_request = new EditDocumentRequest();
    $edit_document_request->setMessage('Please sign this document.');
    $edit_document_request->setSigners([$signer1, $signer2]);
    $edit_document_request->setLabels(["Label1", "Label2"]);
    $edit_document_request->setReminderSettings($reminderSettings);
    $edit_document_response = $apiInstance->editDocument($document_id, $edit_document_request);

Java

    ApiClient apiClient = Configuration.getDefaultApiClient();
            apiClient.setApiKey("YOUR_API_KEY");
            DocumentApi documentApi = new DocumentApi(apiClient);
            Rectangle bounds = new Rectangle();
            bounds.setX(50f);
            bounds.setY(100f);
            bounds.setWidth(100f);
            bounds.setHeight(60f);
            EditFormField formField = new EditFormField();
            formField.setEditAction(EditFormField.EditActionEnum.ADD);
            formField.setFieldType(EditFormField.FieldTypeEnum.SIGNATURE);
            formField.setPageNumber(1);
            formField.setBounds(bounds);
            EditDocumentSigner signers = new EditDocumentSigner();
            signers.setEmailAddress("signer@gmail.com");
            signers.setName("signername");
            signers.setFormFields(Arrays.asList(formField));
            signers.setEditAction(EditDocumentSigner.EditActionEnum.ADD);
            EditDocumentRequest editDocumentJsonRequest = new EditDocumentRequest();
            editDocumentJsonRequest.setSigners(Arrays.asList(signers));
            editDocumentJsonRequest.setMessage("Updated documents");
            String documentId = "YOUR-DOCUMENT-ID";
            documentApi.editDocument(documentId, editDocumentJsonRequest);

Node js

    import {
        DocumentApi,
        EditDocumentFile,
        EditDocumentRequest,
        EditDocumentSigner,
        EditFormField,
        Rectangle,
        ReminderSettings
    } from "boldsign";
    import * as fs from 'fs';
    const documentApi = new DocumentApi();
    documentApi.setApiKey("YOUR_API_KEY");
    const documentId = "YOUR-DOCUMENT-ID";
    const bounds1 = new Rectangle();
    bounds1.x = 100;
    bounds1.y = 100;
    bounds1.width = 100;
    bounds1.height = 20;
    const formField1 = new EditFormField();
    formField1.editAction = EditFormField.EditActionEnum.Add;
    formField1.fieldType = EditFormField.FieldTypeEnum.TextBox;
    formField1.isRequired = false;
    formField1.bounds = bounds1;
    formField1.pageNumber = 1;
    const signer1 = new EditDocumentSigner();
    signer1.editAction = EditDocumentSigner.EditActionEnum.Update;
    signer1.id = "YOUR-SIGNER-ID";
    signer1.authenticationType = EditDocumentSigner.AuthenticationTypeEnum.EmailOtp;
    signer1.formFields = [formField1];
    const bounds2 = new Rectangle();
    bounds2.x = 150;
    bounds2.y = 150;
    bounds2.width = 200;
    bounds2.height = 30;
    const formField3 = new EditFormField();
    formField3.editAction = EditFormField.EditActionEnum.Add;
    formField3.fieldType = EditFormField.FieldTypeEnum.Signature;
    formField3.isRequired = false;
    formField3.bounds = bounds2;
    formField3.pageNumber = 1;
    const signer2 = new EditDocumentSigner();
    signer2.editAction = EditDocumentSigner.EditActionEnum.Add;
    signer2.name = "Signer";
    signer2.emailAddress = "signer@gmail.com";
    signer2.authenticationType =EditDocumentSigner.AuthenticationTypeEnum.AccessCode;
    signer2.authenticationCode = "1234";
    signer2.formFields = [formField3];
    const reminderSettings = new ReminderSettings();
    reminderSettings.enableAutoReminder = true;
    reminderSettings.reminderCount = 4;
    reminderSettings.reminderDays = 2;
    const editDocumentRequest = new EditDocumentRequest();
    editDocumentRequest.message = "Please review and sign the attached document.";
    editDocumentRequest.signers = [signer1, signer2];
    editDocumentRequest.labels = ["Label1", "Label2"];
    editDocumentRequest.reminderSettings = reminderSettings;
    const editDocumentResponse = await documentApi.editDocument(documentId, editDocumentRequest);

How do you edit files using the edit document API?

Files in the request immediately enable asynchronous processing(Queued).

Remove a file → all form fields linked to that file are automatically removed. (Because the file no longer exists, its fields cannot remain.)
Add a file → the new file is added as the last file in the document. (It appears at the end of the file list; fetch Document Properties to get its new fileId.)
Replace a file → form fields on pages that no longer exist are deleted. (Example: Old file had 5 pages, new file has 3 → fields on pages 4–5 are removed.

Below is an example code snippet

cURL

    curl -X PUT 'https://api.boldsign.com/v1-beta/document/edit?documentId=YOUR-DOCUMENT-ID' \
    -H 'Content-Type: application/json' \
    -H 'X-API-KEY: {API-KEY}' \
    -d '{
          "files": [
        {
          "editAction": "Add",
          "fileUrl": "YOUR_FILE_URL"
        }
      ]
    }'

    var apiClient = new ApiClient("https://api.boldsign.com", "YOUR_API_KEY");
    var documentClient = new DocumentClient(apiClient);
    // File to edit
    var editDocumentFile = new EditDocumentFile()
    {
        EditAction = EditAction.Add,
        FileUrl = new Uri("YOUR_FILE_URL")
    };
    var filesToEdit = new List<EditDocumentFile>()
    {
        editDocumentFile
    };
    // Final request
    var editDocumentRequest = new EditDocumentRequest()
    {
        DocumentId = "YOUR-DOCUMENT-ID",
        Files = filesToEdit
    };
    var documentEdited = documentClient.EditDocument(editDocumentRequest);

Python

    import boldsign
    configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
    with boldsign.ApiClient(configuration) as api_client:
        document_api = boldsign.DocumentApi(api_client)
        document_id = "YOUR-DOCUMENT-ID"
        document_file = boldsign.EditDocumentFile(
            edit_action="Add",
            file='YOUR_FILE_PATH'
        )
        edit_request = boldsign.EditDocumentRequest(
            files=[document_file]
        )
        response = document_api.edit_document(document_id, edit_request)

PHP

    <?php require_once "vendor/autoload.php";
    use BoldSign\Configuration;
    use BoldSign\Api\DocumentApi;
    use BoldSign\Model\EditDocumentRequest;
    use BoldSign\Model\EditDocumentFile;
    $config = new Configuration();
    $config->setApiKey('YOUR_API_KEY');
    $apiInstance = new DocumentApi($config);
    $document_id = "YOUR-DOCUMENT-ID";
    $edit_document_request = new EditDocumentRequest();
    $document1 = new EditDocumentFile();
    $document1->setFileUrl("YOUR_FILE_URL");
    $document1->setEditAction('Add');
    $edit_document_request->setFiles([$document1]);
    $edit_document_response = $apiInstance->editDocument($document_id, $edit_document_request);

Java

    ApiClient apiClient = Configuration.getDefaultApiClient();
            apiClient.setApiKey("YOUR_API_KEY");
            DocumentApi documentApi = new DocumentApi(apiClient);
            EditDocumentFile document = new EditDocumentFile();
            document.setEditAction(EditDocumentFile.EditActionEnum.ADD);
            document.setFileUrl( new URI( "YOUR_FILE_URL"));
            EditDocumentRequest editDocumentJsonRequest = new EditDocumentRequest();
            editDocumentJsonRequest.setFiles(Arrays.asList(document));
            String documentId = "YOUR-DOCUMENT-ID";
            documentApi.editDocument(documentId, editDocumentJsonRequest);

Node js

    import {
        DocumentApi,
        EditDocumentFile,
        EditDocumentRequest
    } from "boldsign";
    import * as fs from 'fs';
    const documentApi = new DocumentApi();
    documentApi.setApiKey("YOUR_API_KEY");
    const documentId = "YOUR-DOCUMENT-ID";
    const documentfile = new EditDocumentFile();
    documentfile.file = fs.createReadStream("YOUR_FILE_PATH");
    documentfile.editAction = EditDocumentFile.EditActionEnum.Add;
    const editDocumentRequest = new EditDocumentRequest();
    editDocumentRequest.files = [documentfile];
    const editDocumentResponse = await documentApi.editDocument(documentId, editDocumentRequest);

How do you edit single field to the same signer using the edit document API?

You can update just one property of a signer without resending all their details.

When you update a signer:

Only the specific field you send is changed.
If you remove a signer, all form fields linked to that signer are automatically removed.

How do you update only the IsRequired property on an existing form field?

cURL

    curl -X PUT 'https://api.boldsign.com/v1-beta/document/edit?documentId=YOUR-DOCUMENT-ID' \
    -H 'Content-Type: application/json' \
    -H 'X-API-KEY: {API-KEY}' \
    -d '{
        "Signers": [
            {
                "EditAction": "Update",
                "Id": "YOUR-SIGNER-ID",
                "FormFields": [
                    {
                        "EditAction": "Update",
                        "Id": "YOUR-FIELD-ID",
                        "IsRequired": false
                    }
                ]
            }
        ]
    }'

    var apiClient = new ApiClient("https://api.boldsign.com", "YOUR_API_KEY");
    var documentClient = new DocumentClient(apiClient);
    var signerToUpdate = new EditDocumentSigner()
    {
        EditAction = EditAction.Update,
        Id = "YOUR-SIGNER-ID",
        AuthenticationCode = "1234"
    };
    // --- Signers collection ---
    var documentSigners = new List<EditDocumentSigner>()
    {
        signerToUpdate
    };
    // --- Final request ---
    var editDocumentRequest = new EditDocumentRequest()
    {
        DocumentId = "YOUR-DOCUMENT-ID",
        Signers = documentSigners
    };
    var documentEdited = documentClient.EditDocument(editDocumentRequest);

Python

    import boldsign
    configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
    with boldsign.ApiClient(configuration) as api_client:
        document_api = boldsign.DocumentApi(api_client)
        document_id = "YOUR-DOCUMENT-ID"
        signer1 = boldsign.EditDocumentSigner(
            edit_action="Update",
            id="YOUR-SIGNER-ID",
            authentication_code="1234"
        )
        edit_request = boldsign.EditDocumentRequest(
            signers=[signer1],
        )
        response = document_api.edit_document(document_id, edit_request)

PHP

    <?php require_once "vendor/autoload.php";
    use BoldSign\Configuration;
    use BoldSign\Api\DocumentApi;
    use BoldSign\Model\EditDocumentRequest;
    use BoldSign\Model\EditDocumentSigner;
    $config = new Configuration();
    $config->setApiKey('YOUR_API_KEY');
    $apiInstance = new DocumentApi($config);
    $document_id = "YOUR-DOCUMENT-ID";
    $signer1 = new EditDocumentSigner();
    $signer1->setEditAction("Update");
    $signer1->setId("YOUR-SIGNER-ID");
    $signer1->setAuthenticationCode("1234");
    $edit_document_request = new EditDocumentRequest();
    $edit_document_request->setSigners([$signer1]);
    $edit_document_response = $apiInstance->editDocument($document_id, $edit_document_request);

Java

    ApiClient apiClient = Configuration.getDefaultApiClient();
            apiClient.setApiKey("YOUR_API_KEY");
            DocumentApi documentApi = new DocumentApi(apiClient);
            EditDocumentSigner signers = new EditDocumentSigner();
            signers.setAuthenticationCode("1234");
            signers.setId("YOUR-SIGNER-ID");
            signers.setEditAction(EditDocumentSigner.EditActionEnum.UPDATE);
            EditDocumentRequest editDocumentJsonRequest = new EditDocumentRequest();
            editDocumentJsonRequest.setSigners(Arrays.asList(signers));
            String documentId = "YOUR-DOCUMENT-ID";
            documentApi.editDocument(documentId, editDocumentJsonRequest);

Node js

    import {
        DocumentApi,
        EditDocumentRequest,
        EditDocumentSigner,
    } from "boldsign";
    import * as fs from 'fs';
    const documentApi = new DocumentApi();
    documentApi.setApiKey("YOUR_API_KEY");
    const documentId = "YOUR-DOCUMENT-ID";
    const signer1 = new EditDocumentSigner();
    signer1.editAction = EditDocumentSigner.EditActionEnum.Update;
    signer1.id = "YOUR-SIGNER-ID";
    signer1.authenticationCode = "1234";
    const editDocumentRequest = new EditDocumentRequest();
    editDocumentRequest.signers = [signer1];
    const editDocumentResponse = await documentApi.editDocument(documentId, editDocumentRequest);

You can update just one property of a form field, such as IsRequired, without modifying anything else in the signer or document.

What updates are restricted or not allowed when editing documents?

Some elements are immutable for security and compliance reasons.

Always immutable

You cannot change:

documentId
Completed signatures
Completed signer actions
Audit trail entries

Editable only in draft status

These can be changed only when the document is still a draft:

Title
BrandId
EnableSigningOrder
ScheduledSendTime

What if the document was created from a template?

When a document is created from a template, certain elements may already be locked based on the template’s settings:

Templates can restrict editing of files, signers, and form fields.
If the template disables editing, you cannot modify existing form fields, signers, or files using the Edit Document API.
These restrictions are defined during template creation and enforced to maintain template consistency and compliance.

What changes are restricted after any signer has already signed?

Once any signer has completed signing, the following changes are restricted:

Editing the details of a signer who has already signed is not allowed.
Removing a signer who has already signed is not allowed.
Uploading, replacing, or deleting document files is not allowed.
Form fields assigned to a signer who has completed signing cannot be changed.
Title, BrandId, and Signing Order cannot be edited after the document has been sent (they are editable only in draft).
Labels and hyperlinks cannot be edited or added because a signer has already completed signing.

How does the completion and error model work when you edit a document?

The Edited event confirms that your update was successfully applied. This is especially helpful for edits that were queued because they involved file changes. Available Webhook Events
The EditFailed event indicates the update could not be applied. It also includes error details, which you must fix before retrying the edit.
File-related edits run in the background and return Queued, so you won’t know the final result immediately. The Edited or EditFailed event is what confirms whether the update eventually succeeded or failed.

Best practices

What steps should you always follow?

Fetch → Edit → Verify
Always retrieve IDs using Document Properties
Only send the fields you want to modify

Why editing documents matters for API workflows?

Workflows change often; signer details, clauses, and form fields may need updates after a document is created.
Programmatic edits keep workflows running by allowing your backend to adjust documents without restarting the signing process.
Reduces human error because updates happen through predictable API calls rather than manual changes.
Supports scalable automation where documents can evolve dynamically based on business logic or real time data

Conclusion

The Edit Document API is most useful when your documents need updates after they’ve been created or sent, without disrupting the signing process. Whether you’re correcting signer details, adding new fields, updating instructions, or replacing files, the API lets you make precise changes safely and efficiently. By always fetching Document Properties first, using the right IDs, and understanding when edits run in Completed vs. Queued mode, you ensure that updates are applied smoothly and reliably.

In short, use the Edit Document API whenever your workflow requires mid-process adjustments, automation-friendly updates, or flexible document handling, all while keeping signers uninterrupted and your workflow running cleanly end‑to‑end.

If you’d like to explore more about BoldSign capabilities, sign up for a free BoldSign Sandbox account leave a comment, book a demo, or connect with our support team through the BoldSign support portal.

Related blogs

Note: This blog was originally published at boldsign.com

Track Approvals and Sign-Offs with a Construction Audit Trail

Vijay Amalan — Mon, 20 Apr 2026 05:29:50 +0000

Construction managers know the drill, a change of order needs three signatures, but the PDF on your laptop shows no clue who signed first or whether a subcontractor used an old version. That uncertainty slows projects, causes rework, and risks disputes. You need a clear audit trail that records who approved what (and when), so decisions are verifiable and projects keep moving. BoldSign can store that audit trail as part of each signed construction document without extra paperwork.

Why this topic matters

Construction projects depend on timely, accurate approvals. Missing or unclear approval records lead to:

Costly delays and rework.
Risk of non-compliance with contracts or regulations.
Disputes that require time-consuming evidence of gathering.

A robust audit trail reduces the risks and speeds of decision-making.

Simple real-life scenario

You’re a site engineer approving RFI responses on your phone between site checks. Later an owner asks – who approved change X and when. Without an audit trail, you guess. With the right audit trail, you pull a single document record showing the approver, timestamp, and the exact file version.

Naive approach

Many teams rely on:

Folder naming conventions (e.g., v1_FINAL.pdf).
Email chains with attachments.
Manual sign-off spreadsheets.

Problems:

Names don’t prove who signed.
Emails lose context when threads break.
Spreadsheets are easy to mis-edit.

Checkpoint: Don’t rely on file names or fragmented email threads to prove approvals.

Better approach

Use a structured audit trail attached to each document that captures:

Signer identity (name, email, authenticated method)
Approval timestamp
Document version or hash
Action type (approved, rejected, delegated)
IP address / device metadata
Audit event ID and chain-of-custody information

Why is this better?

A single source of truth for every approval
Easily searchable and exportable audit records
Strong support for electronic signature and compliance requirements

Checkpoint: A defensible audit trail always links actions to verified identities and exact document versions.

Example Use Cases

Change Orders: See who approved a cost increase and the timestamp for payment release.
RFIs: Track which engineer approved an RFI response and which version was attached.
Submittals: Keep approvals linked to exact spec versions to avoid on-site mistakes.
Claims & Disputes: Exported audit trails show a verifiable chain of custody.

Checkpoint: Audit trails help with daily site coordination and provide reliable evidence in disputes.

How BoldSign fits this workflow

BoldSign stores the audit trail with every signed document, so you do not juggle separate logs or spreadsheets. When a signature or approval happens, BoldSign records the event details and bundles them with the signed PDF and metadata. That means every change of order, RFI, or submittal can carry its own verifiable approval history.

What BoldSign captures for each audit event

Who acted – name and email, authenticated by the account method
When it happened – timestamp in UTC (ISO 8601)
What happened – action type and signer role
What file was seen – document hash for version proof
Where it happened – IP address and basic device info
A tamper-evident chain-of-custody log

Simple workflow to add audit trails to your project folder

Upload the document to BoldSign App.
Add signers and approvers in the correct order and require authentication
Send the approval or signature request.
Download the signed PDF and the attached audit trail.
Store both files in the job folder or project system.

Refer the details to Send Document in BoldSign App and for Audit Trail details.

Tip – Embed the audit summary into the signed PDF so a portable copy always includes the verification details.

BoldSign API examples

These examples show the idea. Replace YOUR_API_KEY and DOC_ID with your account values

cURL

    # Send document for signature request
    curl -X 'POST' \
      'https://api.boldsign.com/v1/document/send' \
      -H 'accept: application/json' \
      -H 'X-API-KEY: {your API key}' \
      -H 'Content-Type: application/json' \
      -d '{
        "DisableExpiryAlert": false,
        "ReminderSettings": {
            "ReminderDays": 5,
            "ReminderCount": 3,
            "EnableAutoReminder": true
        },
        "BrandId": "",
        "EnableReassign": true,
        "Message": "",
        "Signers": [
            {
                "Name": "Alex",
                "EmailAddress": "alexgayle@boldsign.dev",
                "SignerType": "Signer",
                "FormFields": [
                    {
                        "Id": "string",
                        "Name": "string",
                        "FieldType": "Signature",
                        "PageNumber": 1,
                        "Bounds": {
                            "X": 50,
                            "Y": 50,
                            "Width": 125,
                            "Height": 25
                        },
                        "IsRequired": true
                    },
                    {
                        "Id": "string",
                        "Name": "string",
                        "FieldType": "Label",
                        "PageNumber": 1,
                        "Bounds": {
                            "X": 150,
                            "Y": 250,
                            "Width": 125,
                            "Height": 25
                        },
                        "IsRequired": true,
                        "Value": "string",
                        "BackgroundHexColor": "string"
                    }
                ],
                "Locale": "EN"
            }
        ],
        "ExpiryDays": 30,
        "EnablePrintAndSign": false,
        "AutoDetectFields": false,
        "OnBehalfOf": "",
        "EnableSigningOrder": false,
        "UseTextTags": false,
        "SendLinkValidTill": "",
        "Files": [
            "data:application/pdf;base64,JVBERi0xLjcKJcfs..."
        ],
        "Title": "Sampledocument",
        "HideDocumentId": false,
        "EnableEmbeddedSigning": false,
        "ExpiryDateType": "Days",
        "ExpiryValue": 60,
        "DisableEmails": false,
        "DisableSMS": false,
        "MetaData": {
        "DocumentType": "new",
        "DocumentCategory": "Software"
      }
      }'
    //Download Audit trail
    curl -X GET 'https://api.boldsign.com/v1/document/downloadAuditLog?documentId={{:documentId}}' \
         -H 'accept: application/json' \
         -H 'X-API-KEY: {your-api-key}'

Node js

    //Send document for Signature request
    import { DocumentApi, DocumentSigner, FormField, Rectangle, SendForSign } from "boldsign"; 
    import * as fs from 'fs'; 
    const documentApi = new DocumentApi(); 
    documentApi.setApiKey("YOUR_API_KEY"); 
    const bounds = new Rectangle(); 
    bounds.x = 100;
    bounds.y = 50;
    bounds.width = 100; 
    bounds.height = 100; 
    const formField = new FormField();
    formField.fieldType = FormField.FieldTypeEnum.Signature; 
    formField.pageNumber = 1; 
    formField.bounds = bounds; 
    const documentSigner = new DocumentSigner(); 
    documentSigner.name = "David"; 
    documentSigner.emailAddress = "david@cubeflakes.com"; 
    documentSigner.signerType = DocumentSigner.SignerTypeEnum.Signer; 
    documentSigner.formFields = [formField];
    const files = fs.createReadStream("YOUR_FILE_PATH");
    const sendForSign = new SendForSign(); 
    sendForSign.title = "Agreement";
    sendForSign.signers = [documentSigner]; 
    sendForSign.files = [files]; 
    const documentCreated =documentApi.sendDocument(sendForSign);
    //Download Audit trail
    import { DocumentApi } from "boldsign";
    const documentApi = new DocumentApi();
    documentApi.setApiKey("YOUR_API_KEY");
    const documentStream = documentApi.downloadAuditLog("YOUR_DOCUMENT_ID");

Best practices

Enforce signer authentication (SSO or MFA) for critical approval.
Embed the audit summary directly into the signed PDF.
Use UTC timestamps to avoid time‑zone confusion.
Apply document hashes (such as SHA‑256) to prove file integrity.
Automate retention policies to meet legal and compliance needs.
Train field staff on how to read and verify audit trail details.

Summary table – Naive vs Better approach

Area tracked	Naive Approach	Better Approach
Document retrieval	Paper stacks or scattered emails, hard to find	Single signed PDF with an embedded audit trail, quick to locate
Approver identity	Name on a sheet or chat message, approval uncertain	Verified signer (email + timestamp), who exactly signed and when
Version control	Manual filenames like “v1_FINAL.pdf”, high risk	Versioned file with a document hash (exact match proof)
Dispute resolution	Slow and unclear, little proof	Fast verification using the audit JSON and signed PDF, clear evidence

Conclusion

An audit trail for construction docs turns messy email threads and ambiguous file names into a clear, verifiable record of who approved what (and when). Capture signer identity, timestamps, document versions, and device metadata; store records immutably; and present them in an easy-to-read export. The result: fewer disputes, faster approvals, and projects that keep moving.

Related blogs

Note: This blog was originally published at boldsign.com

Implementing Multi‑Factor Authentication for Zero‑Trust eSignatures

Vijay Amalan — Fri, 17 Apr 2026 05:26:00 +0000

An email link can show where a document was sent, but it does not always prove who actually signed it. A signature without authentication introduces uncertainty and weakens document security. Implementing signer authentication enhances trust by verifying the signer’s identity and ensuring signatures are legally valid and securely executed.

Multi‑Factor Authentication for Zero‑Trust eSignatures solve this by requiring every signer to verify their identity at the moment of signing. With authentication methods like Email OTP, SMS OTP, access codes, or ID verification, organizations can reduce fraud, strengthen compliance, and create more defensible signed documents, while BoldSign keeps the experience smooth and friction‑free.

Why zero-trust matters in eSignature workflows

Zero‑trust security follows one core principle: Never trust by default. Always verify.

Email access alone isn’t enough to confirm a signer’s identity. Every signer must verify who they are during signing.

With eSignatures widely adopted across HR, finance, healthcare, and legal teams, organizations need signatures that are:

Secure
Verifiable
Tamper-evident audit trails

This verification‑first approach ensures that every agreement meets those expectations, especially for high‑value or regulated documents.

Authentication vs verification in eSignatures

These terms are often used interchangeably, but they serve different purposes:

Authentication answers: Who is signing right now? This happens before or during the signing process.
Verification answers: Is the signed document authentic and unchanged? This happens after signing using audit trails and tamper‑evident records.

Zero‑trust eSignatures require both:

Strong authentication before signing
Strong verification evidence after signing

Why “email-only signing” is not enough

For high‑value or regulated documents, organizations need stronger access controls. Zero‑trust signing assumes any single factor can fail, which is why additional authentication steps are essential.

Email links are easy to use, but they don’t prove who is actually opening or signing a document. Risks include:

Shared inboxes
Account takeovers
Accidental or intentional forwarding

Why multi-factor authentication

MFA significantly reduces the risk of unauthorized access and identity fraud. For eSignatures, it provides stronger proof that the signer is exactly who they claim to be at the moment of signing.

Multi‑factor authentication combines two or more signals to confirm identity. For example:

Email link + one‑time passcode
Password + phone verification

MFA methods you can apply in BoldSign

BoldSign supports multiple signer authentication options, allowing you to verify signer identity without sacrificing usability.

Email OTP

A one-time password is sent to the signer’s email and must be entered to open the document.

Best for:

Low to medium risk workflows
Internal approvals
Faster adoption with minimal friction

SMS OTP

A one-time password is sent to the signer’s phone via SMS

Best for:

Medium to high risk workflows
External agreements where phone possession adds stronger assurance

Access Code

You set a code (PIN) and share it with the signer through a separate channel.

Best for:

Known parties (repeat vendors, employees)
Workflows where you want an extra verification step outside email

Identity Verification

Signer identity is verified using additional checks to confirm the signer is who they claim to be.

Best for:

High‑risk or regulated workflows
Legal, financial, and compliance‑driven agreements
Scenarios requiring stronger assurance of signer identity

ID verification for secure eSignatures

BoldSign’s ID verification serves as a high‑security authentication method by validating signer identity before access or signing. By combining government‑issued ID checks with biometric verification, it helps prevent fraud and ensures trust in compliance‑critical and high‑risk workflows.

Highlights:

Verifies signers using government‑issued photo IDs
Uses biometric selfie checks to prevent impersonation
Supports configurable verification frequency and attempt limits
Enables selective verification for specific signers
Available across web, mobile, and API‑based workflows

How to implement MFA for every signer in BoldSign

A consistent setup helps teams avoid missed steps.

Define document risk levels
Choose a default authentication method
Apply authentication settings in templates
Assign authentication to each signer in multi‑signer workflows
Confirm audit trails capture authentication events

BoldSign gives senders full control over how authentication is applied, making zero‑trust implementation flexible and scalable.

How audit trails complete the zero-trust model

Authentication reduces unauthorized access. Audit trails provide the evidence if questions arise later.

BoldSign audit trails record:

Who accessed and signed the document
When each action occurred
Which authentication method was used
IP address and device information
Document integrity through tamper detection

Together, authentication and audit trails support compliance reviews and dispute resolution.

Conclusion

Zero-trust eSignatures make digital signing more than just fast. They make it trustworthy. By requiring every signer to verify their identity before signing and backing each action with a detailed audit trail, organizations can reduce fraud, prevent disputes, and strengthen compliance across critical workflows.

With BoldSign, teams can apply the right level of authentication for every document, from simple approvals to high-risk agreements. Start with a baseline MFA method for all signers, then add stronger verification for sensitive transactions when needed. That way, every signature is not only easy to collect, but also easier to trust.

Make every signature easier to trust. Sign up for a free 30-day trial or connect with our support team for a personalized demo and see how zero-trust signing works in practice.

Related blogs

Note: This blog was originally published at boldsign.com

How to Submit a Data Subject Request with BoldSign

Vijay Amalan — Wed, 15 Apr 2026 05:27:34 +0000

For BoldSign users, we now have a streamlined process for submitting a data subject request for those individuals based in the European Economic Area (EEA) and UK.

Rights provided under the General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and UK GDPR allow individuals to have more control over their data. In this blog, we will outline how BoldSign users in the EEA and UK can exercise these rights.

Overview of data subject rights

Access: You have the right to be informed about the personal data we process about you and to request access to it.
Rectification: You can ask us to amend or update your personal data if it’s inaccurate or incomplete.
Erasure: You may request that we delete certain personal data we hold about you.
Restriction: You can ask us to temporarily or permanently stop processing all or some of your personal data.
Object: You have the right to object to our processing of your personal data at any time, especially if it relates to your specific situation or involves direct marketing.
Data portability: You can request a copy of your personal data in electronic format and have the right to transmit that data to another service provider.

How to exercise rights with BoldSign

As part of our commitment to data protection and transparency, BoldSign provides clear mechanisms for individuals to exercise their rights under GDPR. If you wish to access, correct, delete, restrict, or transfer your personal data, or object to its processing, you may submit a formal request through our designated channels. We are dedicated to responding promptly and in accordance with applicable legal requirements.

1. Access the GDPR Request Form

If you wish to exercise your GDPR rights, you can make a request by filling out our GDPR Request Form. Our legal team will respond in a timely manner to your request in accordance with GDPR requirements.

2. Fill out the required fields

Customer Name: Enter your full name to help BoldSign identify your account.

Customer email address: Provide the email address associated with your BoldSign account.

Details: Describe your request clearly. Include specific information to ensure timely and accurate handling.

Requested action: Select the GDPR right you wish to exercise from the dropdown menu:

Request corrections to your data.
Request erasure of your data.
Request a copy of your data.
Request a restriction on the processing your data.
Object to data processing.
Exercise your data portability rights.
Other: specify what you would like us to provide.

3. Submit the form

Once completed, submit the form securely. BoldSign will acknowledge receipt and begin processing your request.

What to expect after submission

Upon submission of the form, our legal team will be notified. You should expect a timely receipt of submission. If any follow-up information is required, our team will reach out to you directly. We review each data subject access request carefully to ensure compliance and consideration.

BoldSign also maintains a GDPR representative. Individuals in the UK and EU can additionally submit their data subject requests through the following means:

EU Representative

Bird & Bird GDPR Representative Services SRL for EU
Avenue Louise 235
1050 Bruxelles
Belgium
EUrepresentative.syncfusion@twobirds.com

UK Representative

Bird & Bird GDPR Representative Services for UK
12 New Fetter Lane
London EC4A 1JP
United Kingdom
UKrepresentative.syncfusion@twobirds.com

Free Facebook QR Code Generator for Profiles, Pages & Posts

Vijay Amalan — Tue, 14 Apr 2026 06:15:03 +0000

BoldSign is thrilled to introduce our free Facebook QR Code Generator a fast, intuitive, and secure way to turn any Facebook profile, Page, post, or event link into a scannable QR code. Whether you’re a creator growing your audience, a business promoting your Page, or an event host driving RSVPs, this tool is built to simplify how people find you on Facebook at no cost and without complexity.

With no sign‑up required and unlimited code generation, the BoldSign Facebook QR Code Generator helps you create and customize QR codes online in seconds. Enjoy instant, client‑side processing that keeps your data private, and share your Facebook presence effortlessly across print and digital on any device, securely and with ease.

Key features of the BoldSign Facebook QR Code Generator

Our Facebook QR code generator is designed with simplicity, speed, and security at its core. Here’s what makes it exceptional:

Client‑side security: All processing happens directly in your browser. Your URL and QR code data never leave your device, ensuring complete privacy.
Zero sign‑ups: Create your Facebook QR code instantly, no account creation or registration needed.
Clean, intuitive interface: Just paste your Facebook profile, Page, or post link, customize if needed, and generate your QR code with one click.
Cross‑platform compatibility: Works smoothly across Windows, macOS, Linux, iOS, and Android, no downloads, no installations.
Customization options: Adjust colors, patterns to match your brand or personal style and make your QR code stand out.
Unlimited usage: Generate as many Facebook QR codes as you want with no limits on scans, downloads, or usage.
High‑quality downloads: Download crisp, watermark‑free QR codes suitable for print materials, posters, packaging, or online sharing.
Instant preview: See your QR code update in real time as you customize it.

Why use the free BoldSign Facebook QR Code Generator

Choosing our Facebook QR code generator offers a range of valuable benefits that make it the ideal solution for individuals, creators, and businesses looking to increase their visibility on Facebook:

Fast sharing: Skip long links-let people reach your Facebook profile or page instantly just by scanning.
Boost engagement: Perfect for businesses, creators, and brands looking to drive likes, follows, event responses, or page visits.
Enhanced accessibility: Great for printing materials like flyers, menus, business cards, posters, and product packaging.
Time-saving and professional: Generate polished, reliable QR codes without extra tools or paid software.
Secure by design: Your data stays local because processing is fully client-side, ensuring privacy for both personal and business profiles.

How to create a Facebook QR code using BoldSign

1. Paste your Facebook link: Enter the link to your profile, Page, event, or post.

2. Customize your QR code (optional): Choose your preferred pattern color, background color, and size.

3. Download instantly: Click Generate and download your QR code in seconds-ready to use anywhere.

Conclusion

Our free Facebook QR Code Generator is a powerful solution for anyone looking to share their Facebook presence quickly, securely, and without any cost. Designed for creators, professionals, and businesses alike, it offers a smooth, intuitive experience that makes connecting with your audience effortless. With client‑side processing, cross‑platform compatibility, and unlimited, watermark‑free QR code creation, you get a reliable tool that keeps your data private while delivering professional‑grade results.

Whether you’re growing a Facebook Page, promoting an event, sharing a profile, or driving engagement for a post, this tool ensures your audience can reach you instantly with a simple scan. Start generating your free Facebook QR codes today and simplify how people discover and engage with you online. If you’re ready to enhance your workflow even further, explore more tools in the BoldSign ecosystem designed to support secure, seamless digital interactions.

Ready to simplify your document workflows? Sign up for a free 30-day trial or connect with our support team for a personalized demo.

Related blogs

Note: This blog was originally published at boldsign.com

Digital Patient Intake Workflow for Clinics: Faster, Simpler Check-Ins

Vijay Amalan — Mon, 13 Apr 2026 06:34:20 +0000

Busy mornings at clinics often look the same, patients lining up, staff flipping through forms, someone asking for a pen, and someone else trying to read handwriting that looks like a treasure map. But the real problem? Everyone is waiting for paperwork that shouldn’t take this long.

What clinics need is a smooth, predictable process where patients fill and sign everything on their phone , even before stepping inside.

Tools like BoldSign simply help collect the signatures and consents in this workflow, without complicating the process.

Why digital patient intake matters now

Clinic front desks are often the most overloaded area. Paper intake multiplies the stress:

More waiting
More missing info
More data entry
More risk of lost documents

Digital intake flips this around by letting patients:

✔ Fill forms anytime

✔ Sign consents securely

✔ Upload ID/insurance photos

✔ Reduce lobby congestion

Front desk staff finally focus on helping patients, not chasing paperwork.

Key Takeaway: Every minute saved at intake reduces delays throughout the rest of the day.

Simple real-life scenario

A pediatric clinic started sending parents a link the evening before appointments. Parents complete the child’s history, medication list, and sign the consent on their phone while preparing school bags. When they arrive the next morning, check-in takes under 60 seconds. The doctor has cleaner data, the nurses don’t retype anything, and the clinic runs smoother.

In simple words, “Parent completing a mobile-friendly digital patient intake form on a smartphone before a clinic visit.”

Manual workaround

Many clinics think they’re “digital” by emailing a PDF to patients. But in reality:

Patient needs to print it
Fill it manually
Scan or photograph each page
Send low-quality images back
Clinic staff re-type everything

This doesn’t save time; it simply moves the same problems to email.

Note: If any step requires scanning or printing, it’s not truly digital.

Better, simpler approach: A patient-first workflow

Here’s a clean, clinic-friendly workflow almost any practice can adopt:

Step 1: Send a pre-visit intake link: 24–48 hours before the appointment, send the intake form via email or SMS.
Step 2: Patient fills the form on mobile: Demographics, history, symptoms, all with required fields to prevent missing info.
Step 3: Collect digital signatures: General consent, telehealth consent, privacy notices, imaging consent, etc. Tools like BoldSign handle this part smoothly.
Step 4: Collect uploads: Patients snap and upload insurance card, ID, Previous reports (optional).
Step 5: Automated checks: The system prevents submission if something essential is missing.
Step 6: Front desk verifies quickly: No more data entry. No more scrambling. Just a quick confirmation.

How BoldSign supports digital intake

BoldSign fits naturally into the intake workflow by handling the signature part:

Reusable consent templates
Place required signature/date fields
Patient signs on mobile
Clinic gets a final PDF and audit trail

You can use no-code templates or add light automation.

Using BoldSign templates (no coding needed)

Upload your consent form to BoldSign.
Drag signature/date fields onto the form.
Save as a Template.
For every patient, send only the name and email, done.
Patient signs on mobile; you receive the finished document securely.

Callout: You don’t need to automate on day one. Start with templates. Add automation only when your workflow is stable.

Clinic use cases

Family Medicine: Digital intake helps collect basic health history and consent forms ahead of time, making check-ins faster and smoother.
Eye Clinics: Patients can review imaging and lens‑fitting consents before arriving, reducing delays during busy appointment hours.
Dermatology: Photo consent and treatment agreements are completed early, so dermatologists can focus directly on the patient’s condition.
Pediatrics: Parents can complete guardian authorization and vaccination consent from home, making the visit less stressful for everyone.
Telehealth: Patients sign video‑visit consent and upload ID before the call, ensuring a compliant and hassle‑free virtual appointment.

Best practices for smooth digital intake

Keep the form short, ask only what’s necessary.
Make the form mobile-first, larger fields, easy taps.
Use required fields to prevent missing details.
Use templates for all recurring consent types.
Send reminders 24 hours before the appointment.
Train staff on how to verify digital submissions quickly.
Review wording yearly for clarity and legal compliance.

Conclusion

Digital patient intake isn’t complicated, it simply replaces slow paperwork with a smoother, faster check in process. Clinics get accurate information, patients skip the clipboard wait, and everyone moves through the day with less stress. To get started, set up a BoldSign template for your most used consent form, it’s a small change that makes a big difference.

Start your free BoldSign trial today

Need assistance? Request a demo or visit our Support Portal for quick help.

Related blogs

Note: This blog was originally published at boldsign.com

BoldSign Wins 10 G2 Winter 2026 Badges in eSignature

Vijay Amalan — Fri, 10 Apr 2026 06:40:38 +0000

We’re thrilled to share that BoldSign has earned 10 badges in G2’s Winter 2026 reports for the e-signature category, including multiple Leader and regional recognitions across segments like Small Business and Mid-Market. Being recognized in these grids reinforces what we aim for every release: an e-signature experience that’s powerful, simple to use, and accessible for teams at every stage of growth.

This isn’t BoldSign’s first time being recognized by G2, but we never take it for granted. Every badge reflects feedback from real users, and it pushes us to keep improving our product month after month.

G2 awards overview

G2 is a leading software review and comparison platform that helps organizations evaluate solutions using verified customer feedback and market signals. It is widely used by buyers to research, compare, and shortlist software with greater confidence.

G2’s quarterly awards recognize products that demonstrate strong customer satisfaction and market presence across key criteria such as usability, support, and overall performance. Receiving a G2 award reflects consistent customer trust and provides a credible reference point for teams making software decisions.

BoldSign earns 10 G2 winter 2026 badges

In the Winter 2026 report, BoldSign received recognition across multiple subcategories in the eSignature space.

Badges received:

Regional Leader – Canada
Regional Leader – EMEA
Leader
Leader – Small Business
Regional Leader – Small Business (Canada)
Regional Leader – Small Business (EMEA)
Regional Leader – Small Business (Europe)
Regional Leader – Small Business (Asia Pacific)
Momentum Leader
Leader – Mid‑Market

These recognitions reflect strong customer satis

Why G2 recognition matters

G2 recognition is based on real user reviews, which makes it meaningful for buyers comparing eSignature tools.

For teams evaluating eSignature platforms, these badges provide:

Trusted customer validation.
Proof of product usability.
Confidence in choosing the right solution.

Earning multiple badges signals that BoldSign consistently delivers a strong experience for its users.

Why businesses choose BoldSign

Organizations use BoldSign to simplify document signing and accelerate approvals.

Key features include:

Fast document-signing workflows.
Reusable templates for common agreements.
Bulk sending for high‑volume workflows.
In‑person signing support.
Multiple signer authentication options.
Detailed audit trails for regulatory compliance.
Mobile‑optimized signer experience.
Integrations with popular business tools.
Conditional fields with smart logic.
AI-powered document features.

These features help teams reduce paperwork delays and simplified document processes.

Thank you to our users

This recognition wouldn’t be possible without the valuable feedback shared by our customers.

Your reviews help us continue improving BoldSign to delivering a better document-signing experience.

If you are not yet a BoldSign subscriber, please check out our reviews to see why our customers believe our e-signature platform is a leader in the market. Take a look at our features and start a free trial or schedule a live demo to see what BoldSign can do for your company.

Leave or read a review BoldSign Reviews 2025: Details, Pricing, & Features | G2

Related blogs

Note: This blog was originally published at boldsign.com

Webinar Show Notes: Find Contracts in Seconds with BoldSign AI Search

Vijay Amalan — Thu, 09 Apr 2026 05:25:17 +0000

In this webinar, Gayathri Annamalai, Software Developer at BoldSign, demonstrates how BoldSign AI Search helps you find what you need in seconds using conversational search. Instead of relying on multiple manual filters, you can type a request that includes details such as status, signer, owner, or date, and AI Search returns relevant results quickly.

If you missed the webinar or would like to watch it again, the recording is available on our YouTube channel and is embedded.

Webinar recap

The webinar opened with a look at common challenges users face when searching with traditional filter-based methods, especially when multiple conditions are needed or when users do not remember where a document is stored.

Gayathri then introduced BoldSign AI Search and shared practical examples showing how it interprets intent, combines conditions automatically, and returns accurate results across your BoldSign account. The session also covered how you can refine or broaden results by adjusting your query without resetting filters and starting over.

Highlights

Search using simple, conversational queries
Combine conditions such as status, date, signer, owner, and type in a single search
Quickly locate pending, viewed, stalled, or recently updated items
Search both documents and templates from one place
Refine results naturally by adding or removing words in your query
Get more accurate results by including clear details such as status or signer

Key takeaways

Use conversational search to find documents faster
Combine multiple conditions in a single query
Quickly identify items by status, date, signer, or owner
Refine results without manual filtering

Related blogs

Note: This blog was originally published at boldsign.com

Convert PDF to PNG Easily with Our Free Online Converter

Vijay Amalan — Wed, 08 Apr 2026 09:01:40 +0000

We are excited to introduce another powerful addition to the BoldSign free tools collection, the PDF to PNG converter. It is fast, secure, and designed to turn PDF pages into crisp PNG images in just seconds.

Use this free online tool to convert PDF pages into high quality PNG images for previews, documentation, blog posts, social media, presentations, thumbnails, and UI mockups. No installations, no signups, and no watermarks.

To help you begin right away, here is a quick step by step guide.

How to use this tool

It’s super easy to use. Just follow these four simple steps to convert your PDFs into PNG images:

Go to the online converter: Open the BoldSign PDF to PNG converter in your web browser.
Upload your PDF: Drag and drop your PDF or click to select it from your device.
Customize PNG quality: Choose your preferred DPI to set the exact clarity and image sharpness you want.
Download your images: Click Download as ZIP to save all PNG pages to your device.

What you can do with this tool

BoldSign’s PDF to PNG converter includes simple but powerful customization options to give you full control:

PNG image quality: Pick the DPI you need for crisp, high resolution PNG output that is ideal for graphics, reports, thumbnails, and documentation.
Multi page conversion: Convert every page automatically. Great for reports, slide decks, illustrated guides, and scanned documents.
Download convenience: Save everything as a single ZIP for quick sharing and storage.
Cross platform compatibility: Use PNGs anywhere images are required, including sites that do not accept PDFs and apps that only allow image uploads.

Why you should use this tool

Our PDF to PNG converter is built for everyone, whether you’re a student, freelancer, designer, marketer, or corporate team member. Here’s why it’s the best choice:

100% free for everyone: Convert unlimited PDFs with no fees, no subscriptions, and no hidden charges.
No sign up and no installation: Open the tool in your browser and start converting instantly.
Safe and secure: All processing happens in your browser. Your files never leave your device and are never uploaded or stored on servers.
No watermarks or limits: Download clean PNG images and convert as many PDFs as you want.
Works on any device: Use it on Windows, Mac, Linux, iOS, or Android with no software required.
Fast and easy: Drag and drop, set DPI, and download. The interface is built for speed and simplicity.

Part of the BoldSign free tools collection

This converter is part of a growing set of free, browser-based utilities that simplify document workflows. No downloads and no signups required.

Explore more in our  free tools collection and enhance your workflow with BoldSign.

Ready to try it out?

Use BoldSign’s Free PDF to PNG converter now. Convert your PDF pages into pixel perfect PNG images quickly and securely on any device.

Need to sign PDFs instead? Use BoldSign e-signature to add secure, legally binding signatures with a complete audit trail.

Need assistance? Request a demo or visit our support portal for quick help.

Related blogs

Note: This blog was originally published at boldsign.com