Forem: Dhinesh Sekar

Create and Manage Users Easily with BoldSign API

Dhinesh Sekar — Tue, 13 Jan 2026 14:21:49 +0000

TL;DR: The BoldSign Users API enables end-to-end automated user management by allowing applications to invite users, assign roles and teams, manage invitations, update user details, and audit users programmatically, removing the need for manual administration.

If you want to automate user onboarding and access control in BoldSign, you can do it end-to-end with the BoldSign Users API: invite users, assign roles, list and fetch user details for auditing, update roles, and resend or cancel invitations.

This guide is for developers embedding eSignatures into an app who need consistent, programmatic user provisioning instead of manual admin work.

What you can automate with the BoldSign Users API

Provision users during onboarding (bulk invite by email)
Assign teams and roles (Admin/Member/ TeamAdmin)
Track and audit user rosters (list users + get user details)
Manage invitation state (resend/cancel for pending users)
Optionally manage organization changes (metadata updates, team moves)

What you’ll need before you start

A BoldSign account(sandbox or production).
An API key(orOAuth2 access token) to call BoldSign APIs over HTTPS.
A REST client such as cURL, Postman, or your preferred HTTP library.

Authentication headers should be in one of the following formats:

API Key: X-API-KEY:
OAuth2: Authorization: Bearer

Note: The examples below use API key authentication for clarity.

BoldSign Users API endpoints used in this guide

Core users endpoints (v1)

Task	Method	Endpoint
Invite users (create users)	POST	`https://api.boldsign.com/v1/users/create`
List users	GET	`https://api.boldsign.com/v1/users/list`
Get a user	GET	`https://api.boldsign.com/v1/users/get`
Update user role	PUT	`https://api.boldsign.com/v1/users/update`
Resend invitation	POST	`https://api.boldsign.com/v1/users/resendInvitation`
Cancel invitation	POST	`https://api.boldsign.com/v1/users/cancelInvitation`
Update user metadata	PUT	`https://api.boldsign.com/v1/users/updateMetaData`
Move user to another team	PUT	`https://api.boldsign.com/v1/users/changeTeam`

How to auto-provision users during app onboarding

If your SaaS product maps each customer to a BoldSign organization, your onboarding flow typically needs to:

Assign users to the right team
Set the correct role (Admin/Member/TeamAdmin)
Attach department metadata (for reporting)
Handle invitations (resend/cancel)
Keep the roster auditable via API

The rest of this document implements that flow step-by-step.

How to create and manage BoldSign users

Step 1: Authenticate your requests

For each request, include any one of the following:

API Key (server-to-server): X-API-KEY:
OAuth2 (delegated): Authorization: Bearer

Pro tip: Keep API keys and OAuth tokens server-side only—never embed them in browser/mobile apps.

Step 2: Get the Team ID you want to assign users to

Before inviting users, list teams and pick the right teamId.

You can find detailed instructions in the Teams API documentation.

What this does: Fetches teams (including teamId) so you can place users into the correct team.

Note: teamId is not mandatory when creating a user. If you want to assign the user to a team, include the teamId; otherwise, you can skip this step.

Step 3: Invite users with team, role, and metadata

Creating users is an invite flow: you send email addresses and BoldSign emails the invite. Users complete verification and set a password.

Required fields for invitations

Field	Required	What it’s for	Notes
EmailId	Yes	User’s email (treat this as your natural unique key)	Use a valid email format
TeamId	No	Which BoldSign team the user belongs to	Get from `/v1/teams/list`
UserRole	No	Admin or Member or TeamAdmin	Set explicitly for predictable access
MetaData	No	Key-value attributes (department, designation, etc.)	Useful for reporting and filters

For more details, refer to the official Create User API documentation

    curl -X POST 'https://api.boldsign.com/v1/users/create' \ 
    -H 'accept: */*' \ 
    -H 'X-API-KEY: {your API key}' \ 
    -H 'Content-Type: application/json' \ 
    -d '[ 
        { 
            "EmailId": "luthercooper@cubeflakes.com", 
            "TeamId": "xxc5b097-xxxx-xxxx-xxxx-afd07c66xxxx", 
            "UserRole": "Admin", 
            "MetaData": { 
                "Employee": "Permanent", 
                "Department": "Sales", 
                "Designation": "Sales Manager" 
            } 
        }, 
        { 
            "EmailId": "hankwhite@cubeflakes.com", 
            "TeamId": "xxc5b097-xxxx-xxxx-xxxx-afd07c66xxxx", 
            "UserRole": "Member", 
            "MetaData": { 
                "Employee": "Contract", 
                "Department": "Sales", 
                "Designation": "Sales Executive" 
            } 
        } 
    ]'

Step 4: List users to verify provisioning

After invites are sent, list users to confirm they exist and capture userId for future actions.

For more details, see the official List Users API documentation

Which query parameters control pagination and search?

Parameter	Required?	What it does	Notes
page	No	Page number to fetch	Typically starts from 1
pageSize	No	Number of users per page	Defaults to 10; can be set between 1 and 100
search	No	Filter results by user attributes (e.g., username, email, userId)	Useful for quick lookups


    curl -X 'GET' \ 
      'https://api.boldsign.com/v1/users/list?pageSize=10&page=1&search=xxxx' \ 
      -H 'accept: application/json' \ 
      -H 'X-API-KEY: {your API key}'

Step 5: Get a single user’s details****

Use users/get when you have a stored userId and want the latest status, role, teamId, and metadata.

Check the official Get User API documentation for complete usage guidelines.


    curl -X 'GET' \ 
      'https://api.boldsign.com/v1/users/get?userId=e892ea92-xxxx-xxxx-xxxx-bbdbcaa5xxxx' \ 
      -H 'accept: application/json' \ 
      -H 'X-API-KEY: {your API key}' \

Pro tip: Read before your right. Fetch current values before you update roles or team assignment to avoid accidental overwrites.

Step 6: Update a user’s role

Promote a user to Admin (or demote back to Member) using the update endpoint.

Refer to the official Update User API documentation for detailed information and examples.


    curl -X 'PUT' \ 
      'https://api.boldsign.com/v1/users/update' \ 
      -H 'accept: */*' \ 
      -H 'X-API-KEY: {your API key}' \ 
      -H 'Content-Type: application/json;odata.metadata=minimal;odata.streaming=true' \ 
      -d '{ 
      "UserId": "77f0a721-xxxx-xxxx-xxxx-17fcb032xxxx", 
      "UserRole": "Admin" 
    }'

What this does: Updates the role of a specified user in your BoldSign organization.

Step 7: Resend or cancel invitations

If a user hasn’t accepted their invitation yet, you can resend or cancel it.

Resend invitation

Refer to the official Resend invitations guide for detailed steps and best practices.


    curl -X 'POST' \ 
      'https://api.boldsign.com/v1/users/resendInvitation?userId=e892ea92-xxxx-xxxx-xxxx-bbdbcaa5xxxx' \ 
      -H 'accept: */*' \ 
      -H 'X-API-KEY: {your API key}'

Cancel invitation

For detailed instructions, see the cancel invitations guide.



    curl -X 'POST' \ 
      'https://api.boldsign.com/v1/users/cancelInvitation?userId=e892ea92-xxxx-xxxx-xxxx-bbdbcaa5xxxx' \ 
      -H 'accept: */*' \ 
      -H 'X-API-KEY: {your API key}'

Edge case: Resend/cancel applies only to users who haven’t accepted the invite.

How to update user metadata

If you store extra information like department or employee type, the endpoint supports partial updates.

For detailed guidance, see the official Update user metadata documentation


    curl -X PUT 'https://api.boldsign.com/v1/users/updateMetaData' \ 
    -H 'accept: */*' \ 
    -H 'X-API-KEY: {apikey}' \ 
    -H 'Content-Type: application/json' \ 
    -d '{ 
      "UserId": "6e455aa5-xxx-xxxx-xxx-2c6590521811", 
      "MetaData": { 
        "Department": "Sales" 
      } 
    }'

How to move a user to another team

When a user changes departments, move them to a different team. The change-team endpoint can optionally transfer documents.

Parameter	Type	Required	Description
userId (Query)	string	Yes	The unique identifier of the user being moved. Obtainable from the Users or Teams section of the web app.
toTeamId (Request Body)	string	Yes	The target team ID to which the user will be transferred.
transferDocumentsToUserId (Request Body)	string	No	The user ID of the recipient who will inherit the documents of the transferred user.

Consult the official Change team API documentation for comprehensive guidance and best practices.


    curl --location --request PUT 'https://api.boldsign.com/v1/users/changeTeam?userId=d98c14c5- xxx-xxxx-xxx-b39ca83c0da8' \ 
    --header 'accept: */*' \ 
    --header 'X-API-KEY: {apikey}' \ 
    --header 'Content-Type: application/json' \ 
    --data '{ 
      "toTeamId": "9bca0986-xxx-xxxx-xxx-30ffe3a2c5b7"}'

What this does: Moves a user to a new team and optionally transfers their documents.

Plan ahead for: document ownership, in-progress workflows, and approval side effects.

Important Notes

In-progress documents: If a document is currently in-progress, it will be declined or revoked during transfer.
Completed documents: All completed documents will remain in the completed state and are moved along with the user when they change to another team.
Sender identity approvals: All sender identity approvals associated with the changed user will be revoked. The reassigned user must obtain approval again from those sender identities to access on-behalf documents.
Impact & Risks:
- Transferred documents become accessible under the new team, which may alter visibility and permissions.
- Sensitive or confidential files could unintentionally be exposed to new team members.
- TransferDocumentsToUserId behavior*:* If specified, all transferred documents will be accessible only to the new target user. The old user will no longer have access once the transfer is complete.

Testing checklist for a reliable onboarding flow

List teams → pick a teamId.
Create (invite) user(s) → confirm invitation sent.
List users → capture userId.
Get user → verify userStatus, role, teamId, metadata.
Update role or resend/cancel invite as needed.
Optional: update metadata or change team.

Best practices for production-grade provisioning

Never expose credentials client-side. Keep API keys/OAuth tokens on the server.
Avoid duplicate provisioning. Treat email as your unique key, and store a mapping to BoldSign userId.
Implement retries with exponential backoff for transient failures.
Read before you write. Fetch current role/team/status before applying updates.
Validate behavior and plan for change.

Key takeaways

With the BoldSign Users API, you can run a complete provisioning lifecycle inside your product: invite in bulk, audit users, update roles, and manage invitations. For richer admin workflows, endpoints like metadata updates and team moves help model real org changes, just plan carefully around document ownership and workflow side effects.

Take advantage of a 30-day free trial, or get expert assistance via the BoldSign support portal to design your ideal integration.

Related blogs

Note: This blog was originally published at boldsign.com

Introducing Push Notifications: Real-Time Alerts on BoldSign Mobile App

Dhinesh Sekar — Wed, 31 Dec 2025 05:33:59 +0000

We’re thrilled to announce an update that many of our customers have been eagerly waiting for: Push Notifications are now available in the BoldSign mobile app! This feature ensures you stay informed about your document status with real-time alerts, eliminating the need to constantly check the app.

Notifications are delivered whether the app is open, running in the background, or completely closed, and this functionality is supported on both Android and iOS devices. You also have full control over your notification preferences. Customize which actions trigger alerts, disable notifications for specific events, or turn them off entirely if you prefer.

Push Notifications: Purpose and Flow

Push notification is an essential feature in mobile apps, designed to keep users informed and engaged. They serve two primary purposes:

Real-time alerts – Instantly notify users about important updates or events without requiring them to open the app.
Reminders – Help users stay active by reminding them of pending actions, newly assigned tasks, or relevant updates.

When an event occurs, a notification is delivered to the user’s device, even if the app is closed or running in the background. If the user is logged in on multiple devices, the notification will appear on all of them. Tapping the notification opens the app and navigates the user directly to the appropriate screen, ensuring a seamless experience.

Push Notifications Defaults

By default, push notifications will be enabled for the following events in the BoldSign mobile app:

Sender	Recipient	CC
As the sender of a document, you will automatically receive the following push notifications by default	If you are a recipient of a document, you will automatically receive the following notifications by default	If you have been added as a CC recipient in a document, you will automatically receive the following notifications by default
- Receive a document to sign or approve - Recipient declines a signature request - Document has been completed by all recipients - Recipient signs or approves a document - Document has expired - Reminders of the document	- Receive a document to sign or approve - A recipient declines to sign or approve the document - Sender revokes the document - Document has been completed by all recipients - Document has expired	- New signature request has been sent out - Document has been completed by all recipients

Types of Push Notifications Settings

In BoldSign mobile app, you will find three types of notification settings.

Email/In-app notifications – Choose the notifications you want to receive via email and within the app.
My push notifications – Choose the push notifications you’d like to receive on your device.
Recipient’s push notifications – Choose the push notifications you want your recipients to receive on their devices. Types of push notifications settings in BoldSign mobile app

Allowing Push Notifications from BoldSign

When you log in to your BoldSign account in the BoldSign mobile app, you’ll be prompted to allow BoldSign to send notifications. Be sure to allow them, else the push notifications will not be received.

Allowing BoldSign to send notifications

Enabling or Disabling Push Notifications

If you prefer not to receive push notifications, you can disable them completely. Even with push notifications turned off, you will still receive in-app notifications, which can be accessed anytime when you open the app.

You can turn off notifications in two ways:

From your device settings Navigate to your device’s Settings, find the BoldSign app, and disable notifications.
Within the BoldSign app Follow these steps:

On the Dashboard screen, tap Profile in the bottom navigation bar or tap your initials, to navigate to the Profile screen.
Navigating to profile screen from dashboard
In the Profile screen, go to Notification Settings, and select My Push Notifications.
At the top, you’ll see the Allow Push Notifications option. Toggle the switch off and tap Save changes button.
Turning off push notifications within the app

Updating Push Notification Settings

Your notification settings

You can customize the push notification that you want to receive by following these steps:

From the Profile screen, go to Notification Settings, then select My Push Notifications.
You’ll see four tabs: Sender, Recipient, CC, and Template.
Use the checkbox on the right of each option to enable or disable specific notifications based on your wish.
After making the required changes, tap Save changes button. Updating my push notification settings

Your recipient’s notification settings

In some situations, you may want to disable push notifications for your recipients. You can manage this using the Recipient Push Notification settings within the app. Even if a recipient has enabled notifications, such as alerts for receiving a document to sign or approve, disabling this option under Recipient Push Notifications before sending the document will prevent those notifications from being delivered.

Also note that enabling a notification on your side does not guarantee that it will appear to the recipient. The recipient should also have enabled push notifications for that specific scenario.

Follow the steps below to update settings:

Open the Profile screen, go to Notification Settings, then select Recipient Push Notifications.
You’ll see two tabs: Recipient, and CC.
Use the checkbox on the right of each option to enable or disable specific notifications.
After making the required changes, tap Save changes button. Updating your recipient push notification settings

Navigating From Push Notifications

Push notifications will appear on your device as shown in the images below.

Push notifications from BoldSign mobile app

When you tap the notification while the app is in the foreground: You will be taken directly to the appropriate screen.
When you tap the notification while the app is in the background: The app will come to the foreground and navigate you to the appropriate screen.
When you tap the notification while the app is closed: The app will launch and take you directly to the appropriate screen.
When you tap the notification after logging out of your account: You will be redirected to the login screen. After successfully logging in, the app will take you to the appropriate screen.
When you tap the notification after logging out and logging in with a different account: An Access Denied screen will appear, as the document is not accessible from another account.

Customizing Notification Alerts

You can easily personalize your notification preferences for the BoldSign app on both Android and iOS devices. To get started, go to Settings → Notifications → BoldSign on your device and adjust any of the following:

Change the notification sound
Enable or disable vibration for alerts
Show or hide notifications on the lock screen
Customize banner or pop‑up notification styles
Turn notification badges on or off

Conclusion

We’re sure that push notification support in the BoldSign mobile app will make it easier than ever to manage your eSignature workflows on the go.

Stay informed instantly and streamline your signing process wherever you are.

Download the BoldSign mobile app today and start benefiting from real-time push notifications:

Why wait? Unlock your Free Trial now!

Need assistance? Request a demo or visit our Support Portal for quick help.

Related blogs

Note: This blog was originally published at boldsign.com

Embed eSignature Template Creation in Your App with API

Dhinesh Sekar — Mon, 29 Dec 2025 07:25:11 +0000

Templates are predesigned layouts that serve as blueprints for creating new documents. They offer a standardized structure and format, saving time and effort when similar documents are frequently needed. With predefined structures in place, users can quickly generate new documents without starting from scratch. Let’s delve deeper into why embedding template creation into your application can further enhance your document workflow.

Why Embed Template Creation?

Embedding template creation into your application offers several advantages:

Seamless Integration: Embedding template creation within your application’s interface allows users to access template creation functionalities without switching between different platforms. This integration enhances the user experience and improves workflow efficiency.
Control and Customization: By embedding template creation, you retain control over the template creation process while letting users customize templates to their specific needs.
Increased Ease and Accuracy: Embedding template creation streamlines document creation workflows, keeping the template-creating process in familiar systems. It reduces the likelihood of errors or discrepancies when a template can be reviewed once and then just tweaked.

Integration Steps

Follow these steps to integrate template creation into your application using the BoldSign API.

Step 1: API Request for Embedded Template Creation

Utilize the BoldSign API to initiate the creation of an embedded template within your application. Following is an example code snippet demonstrating how to create an embedded template using cURL.

Curl

    curl --location --request POST 'https://api.boldsign.com/v1/template/createEmbeddedTemplateUrl' \
         --header 'X-API-KEY: {Your API Key}' \
         --form 'Title="API Template"' \
         --form 'Description="API Template Description"' \
         --form 'DocumentTitle="API Document Title"' \
         --form 'DocumentMessage="API Document Message Description"' \
         --form 'Roles[0][name]="Manager"' \
         --form 'Roles[0][index]="1"' \
         --form 'Roles[0][language]="English"' \
         --form 'ShowToolbar="true"' \
         --form 'ShowSaveButton="true"' \
         --form 'ShowSendButton="true"' \
         --form 'ShowPreviewButton="true"' \
         --form 'ShowNavigationButtons="true"' \
         --form 'ShowTooltip="false"' \
         --form 'ViewOption="PreparePage"' \
         --form 'Files=@"{Your File Path}"'

Step 2: Customize Template Creation Options

In BoldSign, you can customize various aspects of embedded template creation, including toolbar visibility, button options, and navigation controls. Tailor the template creation experience to your requirements.

Default view

ShowToolbar: Controls the visibility of the toolbar at the top of the document editor in the template editor.

Default value: false

ShowToolbar set to false

ShowSaveButton: Determines whether the Save and Close button is displayed in the template editor. Use this button to save the template as a draft for future editing or finalize the template creation process.

Default value: true

ShowSaveButton set to false

ShowCreateButton: Controls the visibility of the Create Template button, which enables users to finalize the template creation process and make the template available for immediate use.

Default value: true

ShowCreateButton set to false

ShowPreviewButton: Determines whether the Preview button is displayed in the template editor. The button allows users to preview the template before finalizing its creation.

Default value: true

ShowPreviewButton set to false

ShowNavigationButtons: Controls the visibility of the Back button in the template editor. The button enables users to navigate among different sections or pages of the template.

Default value: true

ShowNavigationButtons set to true

ViewOption: Configures the initial view page to be loaded from the generated URL. Users can choose between the Prepare page or Filling page.

Default value: PreparePage

ViewOption set to FillingPage

ShowTooltip: Determines whether the tooltip is displayed near the assignee field on the Prepare page, providing additional information or guidance to users.

Default value: false

ShowToolTip set to true

Step 3: Implementing Customizations

Modify the parameters in the API request according to your desired customizations. Update the Boolean values to either true or false based on whether you want to show or hide the corresponding toolbar elements and buttons. These customizations will help you optimize the user experience within the embedded document and template editors.

Conclusion

By integrating embedded template creation into your application using the BoldSign API, you can empower users to generate templates seamlessly and efficiently within your app’s environment. With customizable options and straightforward implementation, embedding template creation enhances productivity and streamlines document preparation workflows. Start leveraging embedded template creation with the BoldSign API today!

Begin your 30-day BoldSign free trial today and discover how template creation is simplified. We value your comments, so please any you may have below. If you have any concerns or need additional information about our services, please schedule a demo or contact our support team via our support portal.

Related blogs

Note: This blog was originally published at boldsign.com

How to Use Regex for Data Validation in the BoldSign API

Dhinesh Sekar — Wed, 24 Dec 2025 08:34:42 +0000

Ensuring data is accurate and formatted correctly is essential in any application or context. BoldSign provides an easy way to validate data when you create a document by integrating text box fields and regex validation. This blog will demonstrate how regex validation is applied to text box files using the BoldSign API.

Regex validation

Imagine expecting an email address but receiving a jumble of letters instead. Regex validation ensures that only correctly formatted data, such as email addresses, phone numbers, dates, etc., is entered based on your requirements using special strings and patterns. This ensures clean and accurate user input.

Integrating regex validation in the BoldSign API

BoldSign simplifies the process of integrating regex validation with your documents through its comprehensive API. By associating the text box field with a signer or role and specifying the regex you want, you can restrict the data to be entered during the signing process. If the validation fails, you can provide a message to the signer explaining why it failed.

Currently, regex validation can only be applied to the text box field in BoldSign.

Code snippets for adding regex validation

The following code examples demonstrate how to add regex validation that accepts only numbers in the text box field.


    curl -X 'POST' \
      'https://api.boldsign.com/v1/document/send' \
      -H 'accept: application/json' \
      -H 'X-API-KEY: {API key}' \
      -H 'Content-Type: multipart/form-data' \
      -F 'Message={your message}' \
      -F 'Signers={
        "name": "starvritsa",
        "emailAddress": "starvritsabuhungi@boldsign.dev",
        "privateMessage": "sign",
        "authenticationType": "None",
        "deliveryMode": "Email",
        "signerType": "Signer", 

        "formFields": [
            {
                "id": "textbox1",
                "name": "textbox1",
                "fieldType": "Textbox",
                "pageNumber": 1,
                "bounds": {
                    "x": 140,
                    "y": 140,
                    "width": 82,
                    "height": 32
                },
                "isRequired": true,
                "validationType": "CustomRegex",
                "validationCustomRegex": "^\\d+$",
                "validationCustomRegexMessage": "Enter numbers only"
            }
        ]
    }' \
      -F 'Files=@{Your file path};type=application/pdf' \
      -F 'Title={Document title}' \

Other programming languages — check it on the BoldSign blog page.

Conclusion

Regex validation acts as a gatekeeper, allowing only the correct data into your documents. With the BoldSign API, using regex means a smoother experience for both signers and document owners. Follow the examples in this blog and experiment with different scenarios to enhance your document signing workflows.

Start your 30-day free trial of BoldSign today to see how it makes document creation and electronic signing easier. We value your feedback, so please share your thoughts in the comments below. If you have any questions or need more information about our services, don’t hesitate to schedule a demo or contact our support team through our support portal.

Related blogs

Note: This blog was originally published at boldsign.com

How to Apply Expiration Date for eSignature Requests Through API

Dhinesh Sekar — Tue, 23 Dec 2025 10:48:11 +0000

Ensuring documents are signed on time is essential. Setting an expiration date adds a layer of security to the document, ensuring it is only valid for a specified period.

You can configure an expiration date for your document through the BoldSign API by specifying the expiration value with the expiration date type. Once the expiration date is reached, the document will no longer be available for signing.

Code snippets

Let’s see how to add expiration date via the BoldSign API in various programming languages.

Curl


    curl -X 'POST' \
      'https://api.boldsign.com/v1/document/send' \
      -H 'accept: application/json' \
      -H 'X-API-KEY: {your API key}' \
      -H 'Content-Type: multipart/form-data' \
      -F 'Message={document message}' \
      -F 'Signers={
      "name": "alexgayle",
      "emailAddress": "alexgayle@boldsign.dev",
      "signerType": "Signer",
      "formFields": [
        {
          "id": "textbox1",
          "name": "textbox1",
          "filetype": "Textbox",
          "pageNumber": 1,
          "bounds": {
            "x": 140,
            "y": 140,
            "width": 82,
            "height": 32
          },
          "isRequired": true
        }
      ]
    }' \
      -F 'ExpiryDays={The number of days after which the document expires}' \
      -F 'Files=@{your file}' \
      -F 'Title={title}' \
      -F 'ExpiryDateType={set the expirydatetype}' \
      -F 'ExpiryValue={expiryvalue}' \

Other programming languages — check it on the BoldSign blog page.

Conclusion

Incorporating expiration date into document workflows is a strategic move towards ensuring efficiency, compliance, and security. Organizations may enhance productivity, reduce wait times, and retain document control by utilizing solutions such as BoldSign’s API.

Begin your 30-day BoldSign Free trial today and unlock its full potential. We value your feedback, so please share your thoughts below. If you have any questions or need more information about our services, don’t hesitate to Schedule a demo or reach out to our support team through our Support Portal.

Related blogs

Note: This blog was originally published at boldsign.com

How to Dynamically Position Form Fields in eSignature Requests Using API

Dhinesh Sekar — Mon, 22 Dec 2025 10:13:16 +0000

When preparing documents for electronic signatures, knowing the exact coordinates (X and Y values) for placing form fields can be challenging. Traditional methods often require manual calculations, which are time-consuming and prone to errors. A more systematic and efficient approach involves using text tags within the document. In this blog post, we’ll explore using BoldSign text tags via the API to dynamically position form fields in eSignature requests.

Using Text Tags with BoldSign

Document Preparation: While generating the document, you insert specific text tags where you want form fields to appear. The details of this syntax will be explained in the next paragraph.
Tag Recognition and Replacement: Once the document is uploaded into BoldSign, the system scans the document for these text tags. It then automatically replaces each tag with the corresponding form field.

This ensures that the form fields are precisely placed where the tags were located in the document, thus maintaining the intended layout and design.

Syntax of BoldSign text tags

BoldSign text tags follow a specific syntax, consisting of components separated by a pipe “|” symbol and encapsulated within double curly braces {{ }}. Let’s break down the components:

Field type: Specifies the type of form field, such as text, signature, or initials.
Signer index: Represents the index of signers to whom the form fields are assigned.
Required: Indicates whether the form field is mandatory.
Field label: Serves as a placeholder for text fields.
Field ID: A unique identifier for the form field.

Example text tag

Let’s consider an example to illustrate the usage of BoldSign text tags.

{{text|1|\*|Enter name|field\_1}}

In this example:

The field type is text.
The signer index is 1.
Required is indicated by the asterisk.
The field label is “Enter Name.”
The field ID is “field_1.”

Enabling text tags via the API

When sending a document to a signer via the BoldSign API, developers can enable text tags by setting the UseTextTags property to true. This allows the API to recognize and interpret text tags within the document, facilitating dynamic form field positioning.

    curl -X 'POST' \
      'https://api.boldsign.com/v1/document/send' \
      -H 'accept: application/json' \
      -H 'X-API-KEY: {your API key}' \
      -H 'Content-Type: multipart/form-data' \
      -F 'Title="Sample Document"' \
      -F 'UseTextTags=true' \
      -F 'Signers={
      "name": "hanky",
      "emailAddress": hankyWhites@boldsign.dev,
      "signerType": "Signer",
      "signerRole": "Signer",
      "locale": "EN"
    }' \
      -F 'Files=@{your file}' \

Supported fields

The following form fields are supported in text tag creation.

S. No	Form Fields	Tags
1	Text box	text
2	Signature	sign
3	Initials	init
4	Date signed	date
5	Editable date	editdate
6	Title	title
7	Company	company

If you want to add form fields other than these with tags, you can use definition tags.

Definition tags

When text tags contain numerous directives, they may become lengthy, complicating the specification of fields with small bounds on the document. To address this challenge, you can use definition tags. Definition tags provide a structured approach to managing complex text tags, allowing developers to encapsulate field configurations for improved readability and efficiency. The fields that are not supported by texts tags are supported in the definition tags.

Properties of definition tags

Definition tags consist of several properties, each serving a specific purpose in defining the attributes of a form field. Let’s examine the components and their descriptions:

DefinitionId: An identifier used to match the text tag definition provided in the document.
Type: Specifies the form field type, such as text, signature, or date.
SignerIndex: Indicates the index of the signer to whom the field needs to be assigned.
IsRequired: A Boolean value indicating whether the field is required or optional.
FieldId: A unique identifier assigned to the form field.
Size: Specifies the size of the text tag.
Font: Defines the font to be used for the form field.
Validation: Specifies validation rules for the content of the form field.
Placeholder: Text displayed as placeholders in the text fields.
DateFormat: Specifies the date format for date and time fields.
RadioGroupName: Group name for radio button fields.
PageNumber: Indicates the page number where the form field should be placed.

Usage syntax for definitions

To incorporate definitions into text tags, usage begins with “@” followed by the definition ID from TextTagDefinitions provided in the send request. Here’s a sample syntax using the definition ID “tag1.”

{{@tag1}}

Following is an annotated version of the sample send document API request with the UseTextTags property enabled and TextTagDefinitions.


    curl -X POST 'https://api.boldsign.com/v1/document/send' \
          -H 'X-API-KEY: {your-api-key}' \
          -F 'Title=Sent from API Curl' \
          -F 'Message=This is document message sent from API Curl' \
          -F 'Signers[0][Name]=Henry' \
          -F 'Signers[0][EmailAddress]=henry@boldsign.dev' \
          -F 'Signers[0][SignerType]=Signer' \
          -F 'UseTextTags=true' \
          -F 'TextTagDefinitions[0][DefinitionId]=tag1' \
          -F 'TextTagDefinitions[0][Type]=TextBox' \
          -F 'TextTagDefinitions[0][SignerIndex]=1' \
          -F 'TextTagDefinitions[0][IsRequired]=true' \
          -F 'TextTagDefinitions[0][FieldLabel]=Email field' \
          -F 'TextTagDefinitions[0][FieldId]=axq12367' \
          -F 'TextTagDefinitions[0][Size][Width]=500' \
          -F 'TextTagDefinitions[0][Size][Height]=50' \
          -F 'TextTagDefinitions[0][Placeholder]=Enter your email here' \
          -F 'TextTagDefinitions[0][PageNumber]=1' \
          -F 'TextTagDefinitions[0][Font][Name]=Helvetica' \
          -F 'TextTagDefinitions[0][Font][Size]=20' \
          -F 'TextTagDefinitions[0][Font][Style]=Italic' \
          -F 'TextTagDefinitions[0][Validation][Type]=Email' \
          -F 'Files=@{your file};type=application/pdf'

Conclusion

BoldSign text tags offer a dynamic and efficient approach to embedding form fields into documents, enhancing the overall signing experience for users. By leveraging the BoldSign API and integrating text tags into your workflow, you can customize document layouts, streamline signing processes, and meet the specific needs of your organization or application. For further guidance and examples, refer to our demo sample and explore the text tag documentation. Start mastering dynamic form field positioning with the BoldSign API today!

To experience BoldSign’s benefits, begin your 30-day BoldSign free trial now. Please feel free to comment below; we truly value your opinions. If you have any questions or would like more information about our services, please schedule a demo or get in touch with our support team through our support portal.

Related blogs

Note: This blog was originally published at boldsign.com

Securing BoldSign API Webhooks with IP Whitelisting

Dhinesh Sekar — Wed, 17 Dec 2025 07:34:03 +0000

You’ve wired BoldSign webhooks into your backend. Documents get signed, and your API quietly updates records, moves deals, creates users, or even releases funds.

But there’s a problem: your webhook endpoint is public. Anyone who discovers that URL can try to hit it. A spoofed callback could update account states, trigger automations, or fire off payouts without ever going through BoldSign.

A simple, effective fix is to lock down your BoldSign API webhook endpoint so that only BoldSign’s IP addresses can reach it. That’s what IP whitelisting gives you: your firewall or server only accepts traffic from known BoldSign IPs and drops everything else at the edge.

This article is for developers integrating with the BoldSign API. We’ll cover:

What IP whitelisting is, in practical, network terms
The exact BoldSign IPs you should allow, by region
A step-by-step setup flow you can follow on any stack
A Node.js example you can adapt to your codebase
Best practices and limitations so this doesn’t come back to bite you later

What Is IP Whitelisting for BoldSign Webhooks?

IP whitelisting is a simple rule:

Only accept traffic from these IP addresses. Drop everything else.

In the context of BoldSign API webhooks:

Your firewall, reverse proxy, or application server is configured to accept incoming requests only from BoldSign-owned IPs.
Any request from a non-whitelisted IP is rejected before your application logic runs.

Because this happens at the network level, you get:

A strong outer layer of protection around your webhook endpoint
Protection even if someone leaks a URL, token, or credential
Less noise from bots, scanners, and random internet traffic hitting your webhook route

Think of IP whitelisting as a network-level gatekeeper sitting in front of your BoldSign webhook handler.

Why Securing Webhooks Matters for API Integrations

When you’re using the BoldSign API, webhooks often trigger important backend flows:

Creating or updating user accounts
Moving contracts through states
Updating CRM or billing systems
Triggering payouts or financial actions
Kicking off internal automation workflows

If your webhook endpoint is not secured, you risk:

Spoofed callbacks pretending to be BoldSign
Brute-force hits on your webhook URL
Abuse of internal automation (fake contract completions, rogue account creation, etc.)

IP whitelisting helps by:

Blocking unsolicited traffic at the edge
Giving security and DevOps teams clear, deterministic rules to enforce
Working particularly well with services like BoldSign, which expose fixed IP addresses by region

You still want HTTPS, HMAC, and validation. But IP whitelisting is a low-friction, high-impact first step.

How BoldSign Supports Secure API Webhooks

BoldSign makes network-level hardening straightforward by:

Providing fixed IP addresses per region (US, Europe, Canada, Australia)
Sending all webhook requests from those IPs
Keeping those IPs stable so you can safely encode them in firewall rules, WAF rules, or infra-as-code

For API-first teams, this means you can:

Lock down your /webhooks/boldsign route to known IPs
Keep the rest of your API behind your existing auth stack
Document and automate the rules in Terraform, CloudFormation, ARM templates, etc.

BoldSign Webhook IP Addresses by Region

Whitelist the IP address that matches the region where your BoldSign tenant is hosted.

Region	IP Address to Whitelist
US	35.243.182.124
Europe	34.141.138.53
Canada	34.130.12.142
Australia	34.40.190.114

Note: Use the region where your BoldSign account is hosted, not necessarily where your own servers run. Check the BoldSign documentation for the official IP list.

Step-by-Step: How to Set Up IP Whitelisting for BoldSign API Webhooks

What You’ll Need

A BoldSign account with webhooks configured or ready to configure
A backend/API endpoint to receive webhooks, for example: /webhooks/boldsign
Access to your firewall, WAF, load balancer, API gateway, or reverse proxy
Knowledge of your BoldSign region (US, Europe, Canada, or Australia)

Steps

Identify Your BoldSign Region
- Find out where your BoldSign tenant is hosted (US, Europe, Canada, or Australia).
- From the IP table above, note the IP address that corresponds to that region.
Configure Firewall or Gateway Rules
- In your firewall, security group, WAF, or API gateway, add rules so that:
  - Requests to your BoldSign webhook endpoint are allowed only from the region-specific BoldSign IP.
  - Requests from any other IP to that endpoint are blocked or dropped.
- This could be done in:
  - Cloud security groups (AWS, Azure, GCP)
  - NGINX/Apache allow/deny rules
  - Cloudflare or similar providers
  - Managed API Gateways with IP-based access control
Enforce HTTPS for the Webhook URL
- Ensure your BoldSign webhook URL uses HTTPS only.
- Terminate TLS at your load balancer or reverse proxy.
- Redirect HTTP to HTTPS if you still expose port 80.
- This keeps signer and document data encrypted in transit.
Enable Logging and Monitoring
- Enable and centralize logs for:
  - Access logs: which IPs hit the endpoint and when
  - Error logs: any blocked or failed attempts
  - Application logs: what your webhook handler did with each event
- Route logs to your usual stack (CloudWatch, Datadog, ELK, etc.) so you can easily debug and audit.
Test the Webhook Flow End-to-End
- Trigger a webhook from BoldSign (for example, complete a signing request).
- Confirm that:
  - Your backend successfully receives and processes the event.
  - The source IP in your logs matches the whitelisted BoldSign IP.
  - A request from a non-whitelisted IP to the same endpoint is rejected with the expected status (for example, 403).

Example: IP Whitelisting Check in Node.js

Your primary IP filtering should happen at the edge (firewall, gateway, or WAF). Still, adding a simple IP check in your application can act as a useful second layer.

Here’s a minimal Express example you can adapt:


    const allowedIps = new Set(["35.243.182.124", "34.141.138.53"]);
    app.post("/webhook", (req, res) => {
      const ip = req.headers["x-forwarded-for"]?.split(",")[0] || req.ip;
      // Normalize IPv6-mapped IPv4 (e.g., ::ffff:35.243.182.124)
      const normalizedIp = ip.replace("::ffff:", "");
      if (!allowedIps.has(normalizedIp)) {
        return res.status(403).send("Forbidden");
      }
      // Valid request; proceed
      // Process payload here
      res.sendStatus(200);
    });

Note: In many environments, the canonical place to enforce IP checks is on the load balancer or gateway, where headers such as x-forwarded-for are controlled. Do not blindly trust user-controlled headers at the edge of the internet.

Other Security Layers to Combine with IP Whitelisting

IP whitelisting is a strong outer fence, but you still want additional checks.

Recommended layers:

HMAC Signatures
- Use a shared secret and HMAC to sign the payload.
- Recompute and compare on your side. If they don’t match, reject the request.
HTTPS Everywhere
- Use HTTPS for all webhook communication to encrypt data and prevent man-in-the-middle attacks.
Authentication Tokens
- Require a secret token in a header or query parameter that only BoldSign and your backend know.
- Reject requests missing or using the wrong token.
Strict Input Validation
- Validate event types, required fields, and payload structure.
- Do not apply changes based purely on “shape matches”; verify IDs and states.
Logging and Monitoring
- Track what events you receive and how frequently.
- Set alerts for unusual patterns, spikes, or error rates.

Simple model to keep in mind:

IP whitelist: who can talk to you
HMAC and tokens: who they claim to be
Validation: what they are allowed to do

Limitations of IP Whitelisting (and How to Mitigate Them)

IP whitelisting is very useful, but it has trade-offs you should be aware of.

Key limitations:

No Payload Integrity by Itself
- IP whitelisting confirms the source IP, not the content.
- Mitigation: enable HMAC signatures or another signing mechanism to detect tampered payloads.
Operational Overhead Across Environments
- Dev, staging, and production all need correct rules.
- Mitigation: keep whitelists in environment-specific config instead of sprinkling IPs across multiple places.
False Sense of Security
- It is easy to stop after whitelisting and forget HTTPS, auth, or validation.
- Mitigation: treat IP whitelisting as one control in a larger, layered security design.
No Protection Against Internal Threats
- IP whitelisting mainly filters external traffic.
- Mitigation: enforce proper access control, least privilege, and monitoring inside your network.

Logs to Monitor for BoldSign Webhooks

For a production-ready integration, you should monitor:

Access Logs
- Confirm that incoming webhook requests come from the BoldSign IPs you expect.
Error Logs
- Catch blocked or failed attempts, which might indicate misconfigurations or probing.
Application Logs
- Track how each BoldSign event is processed inside your code.
Security Logs
- Alert on repeated unauthorized attempts, unusual frequency, or abnormal patterns.

When something breaks or behaves oddly in your webhook flow, logs usually give you the fastest root cause.

Here are some concrete scenarios where IP whitelisting adds real value

In all these cases, a compromised or noisy webhook endpoint can cause operational and security headaches. IP whitelisting keeps the signal clean.

HR Onboarding
- A new hire signs their offer letter in BoldSign.
- The webhook hits your backend API and automatically creates accounts, assigns roles, and provisions tools.
- IP whitelisting ensures that only genuine BoldSign events can trigger this provisioning.
Loan Disbursement
- A customer signs a loan agreement.
- Your systems release funds only after receiving a webhook from a trusted BoldSign IP that confirms the signed document.
Healthcare Consent
- A patient signs a consent form.
- The webhook updates the EHR securely and consistently, helping you stay compliant with healthcare regulations.
Government Licensing
- A citizen signs a permit or license application.
- The licensing system advances the application only after a verified BoldSign callback.
SaaS and Legal Tech Automation
- CRM stages move when contracts are signed.
- Subscription states update when agreements are completed.
- Legal platforms change contract state or trigger reminders based on reliable BoldSign events.

Best Practices for Securing BoldSign API Webhooks

You can treat this as a simple checklist:

Whitelist the BoldSign IP addresses for your region
Enforce HTTPS for all webhook URLs.
Use HMAC verification to protect payload integrity.
Use authentication tokens where appropriate.
Validate payloads and event types before applying changes.
Centralize logs and set alerts for anomalies.
Store IP whitelists and secrets in configuration or environment variables, not hard-coded.
Test webhook changes in a staging environment before production.
Rotate secrets (HMAC keys, tokens) periodically.

Conclusion: A Simple Win for BoldSign API Security

If you rely on the BoldSign API and webhooks to drive critical backend flows, IP whitelisting is one of the simplest high-impact security upgrades you can add:

Only trusted BoldSign IPs can hit your webhook endpoint.
Random internet traffic and spoof attempts are dropped at the edge.
Your automation stays fast, predictable, and much harder to abuse.

To get started safely:

Use a BoldSign trial and wire it to a dev or staging endpoint.
Configure IP whitelisting and HMAC there first.
Once you are confident, roll the same pattern into production.

If you need help designing this around your specific stack, you can always schedule a demo or reach out to the BoldSign team through the support portal.

Related blogs

Note: This blog was originally published at boldsign.com

Keep Signing Processes Active by Extending Document Expiry with BoldSign API

Dhinesh Sekar — Mon, 08 Dec 2025 08:46:02 +0000

If you are running your eSignature flows through APIs, you have probably hit this annoying edge case: everything in your automation works perfectly until a signer takes a bit longer than expected. The document quietly expires even though the deal is still very much alive.

This is exactly where extending document expiry via API becomes a lifesaver. Instead of treating expiry as a fixed setting, your services can adjust it on the fly based on what is actually happening in your systems—an opportunity still in pipeline, an approval waiting on a manager, or a contract stuck in legal review.

In this blog, we will walk through how a simple BoldSign API call to extend expiry can keep your signing processes running smoothly, without brittle hacks, noisy retries, or frustrated stakeholders.

Why extend a document expiry?

Prevent unintended expiry: Give signers more time if they are unavailable or miss the deadline.
Support ongoing negotiations: Keep documents active while discussions continue.
Avoid resending documents: Update the expiry without recreating templates or configuring fields again.
Ensure compliance: Regulated workflows often require extended review time.

Expiry types in BoldSign

BoldSign supports three expiry configurations:

Days: yyyy-MM-dd (e.g., 2025-10-15)
Hours: Integer (e.g., 12)
Specific date and time: ISO format (e.g., 2025-10-15T10:58:04Z)

How to extend the expiry with the BoldSign API

To extend expiry:

The document must be unsigned.
New expiry must be greater than or later than the current expiry.
Expiry cannot exceed 180 days from document creation.

You will first retrieve the current expiry configuration and then update it with a new value through the API.

Refer to the documentation to install the SDKs for your application’s technology stack. After installation, generate your API key in BoldSign. Use the API key generation guide for detailed steps.

Step 1: Get document properties

Before extending a document’s expiry date, you must first check its current expiryDateType and expiryValue. Retrieve the document properties by using the BoldSign API.
Use the following endpoint: GET /v1/document/properties
👉 You can refer to the official documentation here: Get Document Properties API
This API call returns all relevant details about the document, including any forms added—such as signature or text fields—as well as the expiry configuration (expiryDateType and expiryValue).

Step 2: Extend the expiry date

After you find out the expiryDateType, you can use the code snippets below to update the document expiry date by using the API.


    curl -X PATCH "https://api.boldsign.com/v1/document/extendExpiry?documentId={documentId}"
         -H 'X-API-KEY: {your API key}'
         -H "Content-Type: application/json"
         -d "{\"newExpiryValue\": \"2025-12-15\", \"warnPrior\": true}"

Important properties and rules for updating expiry dates

To ensure a successful update, follow these rules:

documentId : The ID of the document to update.
newExpiryValue : Format depends on the original expiry type:
- Days → yyyy-MM-dd
- Hours → Integer value
- Specific Date & Time → ISO format
warnPrior :
- true: Sends reminder 1 day before expiry
- false: Disables reminder
- null: Keeps existing configuration
New expiry must be greater than or later than the current expiry.
Expiry must not exceed 180 days from document creation.

A successful update returns 200 OK with the new expiry details.

Key benefits of extending document expiry

Greater flexibility: Adjust expiry dates to match changing project timelines or client availability without starting over.
Improved completion rates: Giving recipients more time increases the chances of getting documents signed and returned.
Better user experience: Signers appreciate having extra time, especially when delays are unavoidable.
Enhanced workflow efficiency: Keeps your document pipeline moving smoothly without interruptions due to expired links.

Conclusion

Delays are inevitable—but restarting your signing workflow doesn’t have to be. With BoldSign expiry extension API, you can adapt to everyday challenges and keep your documents moving forward.

Ready to try it?

View the API Reference in the BoldSign API documentation and sign up for a free sandbox account to get started.

Related blogs

Note: This blog was originally published at boldsign.com

Introducing BoldSign’s Free Organize PDF Tool

Dhinesh Sekar — Tue, 18 Nov 2025 09:19:36 +0000

We’re excited to introduce Organize PDF Pages, the newest addition to our free online PDF toolkit — making it easier than ever to rearrange, rotate, or remove pages effortlessly and securely.

Organize-pdf-pages-tool

Whether you’re preparing a report, cleaning up a scanned document, or just tidying up a presentation, organizing PDF pages shouldn’t be a chore. With BoldSign, it’s now refreshingly simple.

Why does this tool stand out

No sign-up, no installation: Just open the tool in your browser and start organizing.
Private and secure: Your files stay on your device. No uploads, no risks.
No watermarks or limits: Organize as many pages as you want, whenever you need.
Works on any device: Phone, tablet, or desktop—it’s optimized for all.
Completely free: No hidden fees, no subscriptions.

Things you can do with this tool

Rearrange PDF pages
- Perfect for fixing misaligned documents or creating a logical flow.
- Drag and drop pages to reorder them in any sequence you want.
Rotate PDF pages
- Rotate individual pages in your PDF with ease.
- Ideal for correcting scanned pages that appear sideways.
Delete PDF pages
- Remove unwanted or blank pages from your PDF.
- Helps clean up documents before sharing or printing.
Combine actions
- Rearrange, rotate, and delete pages in one go—no need for multiple tools.

How does it work?

Using the tool is as easy as 1-2-3:

Upload your PDF: Drag and drop your file or select it from your device.
Organize your pages: Rearrange, rotate, or delete pages with a simple drag-and-drop interface.
Download your result: Save your newly organized PDF instantly.

Part of the BoldSign free PDF tools collection

This tool joins our growing suite of browser-based PDF utilities:

Each tool is designed to be fast, secure, and user-friendly—no downloads, no sign-ups, no hassle.

Experience effortless organization!

Ready to tidy up your PDFs? Head over to the organize PDF pages tool and enjoy the easiest way to rearrange, rotate, or remove pages—free, fast, and frustration-free.

Want to streamline your document workflows even further? Try a free BoldSign trial and explore our full-featured e-signature platform.

Related blogs

Note: This blog was originally published at boldsign.com

Build client Trust with Every Document—Beyond Just Signatures

Dhinesh Sekar — Fri, 07 Nov 2025 10:26:18 +0000

Trust isn’t built at the moment of signing—it begins long before. Every document you send, from proposals to contracts, is a reflection of your professionalism, transparency, and commitment to the client. With BoldSign eSignature software, you can turn routine paperwork into meaningful trust-building experiences. Here’s how to make every document count.

How Every Document Interaction Builds Client Trust

Every document you share with a client, from the first proposal to the final contract, shapes how they perceive your brand. These interactions are not just about completing a transaction. They communicate your standards, attention to detail, and commitment to a smooth and professional experience.

BoldSign helps you deliver documents that are clear, well-structured, and easy to navigate. Each touchpoint becomes an opportunity to build trust, strengthen collaboration, and demonstrate your expertise well before a signature is added.

The following are seven practical ways your documents can inspire trust from the very first interaction.

1. Communicate Clearly to Eliminate Uncertainty

Clients are more likely to trust your business when documents are clear and easy to understand. With BoldSign’s templates, you can use simple language, add helpful notes, and highlight key sections to guide your clients through the content. This clarity reduces confusion, ensures consistent communication, and helps clients feel confident in your services.

2. Brand Documents for Lasting Credibility

Polished, branded documents signal professionalism. Sloppy formatting or errors can undermine confidence, while sleek designs convey attention to detail. Our branding tools let you incorporate your logo, colors, and email domain into every signature request email and document, from quotes to contracts.

3. Enhance Trust with Real-Time Visibility

Clients hate being left in the dark. The real-time tracking and audit trails in BoldSign provide visibility into every step of the document process, showing when a document was sent, viewed, or signed. For example, a client awaiting a contract can track its progress, eliminating uncertainty. This transparency, combined with the secure audit logs, reassures clients of your accountability and commitment.

4. Streamline Collaboration for a Client-Focused Experience

When documents involve multiple stakeholders, the way you manage collaboration reflects your commitment to serving client needs. BoldSign supports smooth teamwork through features like multiparty signing, automated reminders, shared templates, and real-time agreement tracking.

Clients and their teams can review, edit, and sign documents together using collaborative field editing and team-based visibility. With custom permissions and workflow transparency, you ensure that every participant stays informed and aligned.

5. Personalize Documents for a Deeper Connection

Personalizing documents shows clients you care and understand their needs. With BoldSign, you can easily add details like names, project goals, or timelines to make each document feel tailored and relevant.

Even when sending documents in bulk, BoldSign’s CSV-based Bulk Send feature ensures every client receives a customized version without extra manual work—helping build trust through thoughtful, efficient communication.

6. Sustain Trust with Post-Signature Engagement

Trust-building extends beyond the signature. Follow-up documents like progress reports or invoices keep clients informed and engaged.

BoldSign integrates with productivity and automation tools such as Power Automate, Zapier, and Google Drive, allowing you to automate updates and provide easy access to signed documents. For example, you can automatically generate and send a project milestone report once a document is signed, keeping clients informed and reinforcing your commitment to transparency and ongoing support.

7. Prioritize Security for Client Confidence

Clients need assurance that their sensitive information is handled with care. BoldSign meets top global standards like SOC 2, GDPR, HIPAA, and PCI DSS. Every signature is legally enforceable under the ESIGN Act, eIDAS, and global laws. With AES-256 encryption, your data stays protected from start to finish. By using BoldSign, you demonstrate a strong commitment to data protection—building trust through secure and responsible document handling.

Intuitive Document Experiences

Documents should feel less like tasks and more like seamless interactions. BoldSign helps you create smooth, intuitive signing experiences that reflect your professionalism and respect for your clients’ time with:

Mobile-friendly signing: Clients can review and sign documents from any device using the BoldSign iOS and Android apps.
Custom signer guidance: Add clear instructions and field labels to guide clients through complex forms, reducing confusion and improving completion rates.
Accessibility and ease-of-use: A clean interface and adaptive layout make documents easy to navigate for all users, including those with limited tech experience.

Accelerate Growth with Effortless Document Automation

As your client base grows, delivering consistent, trust-building documents should remain an efficient process. Automation capabilities in BoldSign help you maintain quality while freeing your team to focus on client relationships:

Trigger-Based Document Workflows Automatically send documents when specific actions occur in your connected apps—like a deal closing or a new client onboarding. Using Power Automate or Zapier, you can set up workflows that ensure timely communication and reduce manual effort.
Scalable Template Libraries Create reusable, multilingual templates to support global clients and maintain consistency across markets. These templates can be used in bulk sends or embedded in automated flows for faster execution.
Automated Reminders and Expiry Settings Keep your document processes moving with automated reminders for pending signatures and customizable expiry dates. This reduces delays, improves turnaround time, and ensures clients stay engaged without manual follow-ups.

BoldSign: Your Partner in Building Trust

BoldSign does more than simplify e-signatures—it helps you show up for clients consistently. Templates ensure brand consistency, smart fields enable fast personalization, and collaborative tools eliminate delays, creating a smoother client experience. These features save time while making interactions more transparent and engaging.

Conclusion

The documents you send are a chance to showcase your commitment to transparency, professionalism, and client success. With BoldSign, you can transform every document interaction into a trust-building moment, from personalized proposals to secure, trackable contracts. Start using BoldSign to elevate your client relationships.

Related blogs

Note: This blog was originally published at boldsign.com

Find the Perfect QES Software for Your Business in 2025

Dhinesh Sekar — Wed, 29 Oct 2025 12:34:59 +0000

The need for secure and compliant signing methods has never been more critical. Remote work, global collaboration, and the increasing digitization of industries are pushing businesses to seek solutions that eliminate paperwork while retaining strong legal protections. Governments and industries are adopting tougher requirements for electronic agreements to prevent fraud, adding to the growing reliance on qualified electronic signatures (QES). At the same time, companies and individuals want tools that are easy to use without sacrificing reliability.

Balancing convenience with security is non-negotiable. That’s why the demand for QES tools is surging. These platforms aren’t just about compliance; they’re about enabling frictionless transactions that meet the highest standard of trust. In this post, we’ll walk through the top QES software providers in 2025, what they offer, and how solutions like BoldSign stand out in a fast-evolving market.

What are qualified electronic signatures?

QES sets the benchmark for security and trust in digital signing, giving your documents the same legal standing as ink on paper. Fully compliant with eIDAS regulations across the EU, QES leverages certified trusted service providers (TSPs) like Evrotrust to deliver rigorous identity verification. Advanced cryptographic measures ensure every signature is genuine and every document remains tamper-proof after signing. With QES, you get unparalleled assurance that your electronic agreements are both highly secure and legally binding, making digital workflows simple, fast, and reliable.

Choosing the right QES solution in 2025

Choosing the right QES solution in 2025 means focusing on more than just ticking boxes. You need a provider that balances security, compliance, and usability while fitting your organization’s pace and scale. Here’s what really matters:

Compliance and certifications: Look for providers that align with the latest regulations, like eIDAS for the EU and other global requirements, ensuring legal validity for your documents. Compliance with GDPR or similar data privacy frameworks adds another layer of assurance.
Security features: Top solutions offer robust encryption and multifactor authentication, protecting your signatures and documents from unauthorized access.
Ease of use: A QES platform should feel intuitive for new users with a design that helps you focus on getting documents signed without navigating a cluttered interface.
Integration capabilities: Whether you use CRMs, cloud storage, or project management tools, seamless compatibility reduces friction and boosts efficiency.
Pricing and scalability: A solution should be cost-effective for small teams but flexible enough to grow with your business. The best tools adapt as your needs evolve, so you’re never locked into an inflexible system.

Top 5 QES software providers in 2025

The QES market in 2025 continues to evolve, with leading providers offering advanced solutions to meet the growing demand for secure and compliant digital signatures. From enterprise-level platforms to user-friendly options for smaller teams, each tool brings unique strengths to the table

In this section, we’ll compare five standout providers across factors like compliance, usability, pricing, and integrations. While all have their merits, BoldSign distinguishes itself with a balance of affordability, scalability, and robust features that cater to a wide range of business needs.

BoldSign

BoldSign is one of the most efficient and secure providers in the QES space. Known for its streamlined approach, BoldSign has emerged as a preferred alternative to more established players in the market, thanks to its focus on simplicity, compliance, and affordability. As businesses increasingly rely on QES for their digital operations, BoldSign stands out as a rising star with a user-friendly experience.

Features

BoldSign offers high-quality features that include:

Intuitive document workflows that simplify sending, signing, and managing e-signatures across teams and clients.
Enterprise-grade security, including SOC 2® Type 2 compliance and end-to-end encryption, to protect sensitive data.
Advanced automation capabilities and API integration to streamline operations at scale.
Transparent pricing with no hidden fees, which is ideal for businesses on a budget.
Legal compliance with HIPAA, GDPR, and global e-signature regulations such as the E-Sign Act and eIDAS.

Strengths

BoldSign takes compliance seriously, aligning with key global standards like eIDAS and GDPR. This ensures that every signature made using the platform holds legal weight under international regulations. Its interface is designed for maximum efficiency, allowing users to send, sign, and manage documents in just a few clicks. Pricing is tailored to fit small businesses and growing companies, offering robust features that scale with your needs without breaking the bank. Security is a core focus, and BoldSign employs advanced encryption protocols and stringent privacy protections that safeguard sensitive documents and data.

Key differences

What truly sets BoldSign apart is our team’s focus on making electronic signatures simple, secure, and accessible. With an intuitive interface and clear, straightforward workflows, it’s easy for teams of any size to get documents signed quickly and confidently. Our commitment to security and compliance gives businesses peace of mind, while our customer support consistently wins praise for being accessible, knowledgeable, and responsive. This balance of simplicity, reliability, and top-notch service makes BoldSign a strong choice for companies looking for a powerful, secure, and user-friendly QES solution without the unnecessary complexity often found in other platforms.

Pricing: Free plan available. Paid plans start at $5/user/month, with QES available for $3 per signature attempt on Business plans and above (starting at $15/user/month).

Docusign

Docusign is arguably the most established name in e-signatures, and its reputation continues to hold strong in 2025. With decades of experience in the space, Docusign offers a comprehensive platform that goes beyond QES, catering to enterprise-grade workflows and sophisticated automation needs.

Features

Docusign offers features like:

Custom branding, templates, archiving, and retention.
Multiple sending options that let you specify sending order and number of signers.
Remote or in-person mobile signing, mobile apps, SMS and WhatsApp delivery.
Multiple identity verification options.
Reporting, audit trails, and compliance with eIDAS, the E-Sign Act, and HIPAA.

Strengths

Docusign’s offerings are packed with advanced capabilities, including bulk-signature workflows and integrations with hundreds of popular software tools. Its compliance portfolio spans international laws, ensuring that documents signed through Docusign are legally binding no matter where you’re operating. The platform also provides robust automation features, allowing businesses to streamline complex processes like contract approvals and document tracking.

Limitations

While Docusign is a powerful solution, it’s worth noting that its pricing often reflects its stature in the market and can be a barrier for smaller companies. Many useful features are tied to higher-tier plans, making it less accessible for businesses looking for simpler, cost-effective solutions.

Pricing: Free trial available. Paid plans start at $10/user/month with QES available in Enhanced plans, which requires a sales call.

PandaDoc

PandaDoc has carved out a niche for itself as more than just a QES provider. Its platform is designed to handle everything from proposals and quotes to e-signatures, making it ideal for sales-driven teams needing an all-in-one solution that supports document workflows and collaboration.

Features

PandaDoc offers features like:

Document management with unlimited storage, tags, categorization, and customizable templates.
The ability to specify signing order.
CRM integrations.
Real-time tracking with reporting available on Business plans and included with Enterprise plans.
Payment collection integration.

Strengths

The platform’s versatility is one of its biggest draws. Users can build visually rich proposals and agreements directly within PandaDoc’s editor, simplifying document creation and editing. Collaboration tools make it easy for multiple parties to comment and revise documents before they’re signed. PandaDoc integrates well with CRMs like Salesforce and HubSpot, enabling teams to tie their document workflows to broader sales and customer management processes.

Limitations

While PandaDoc offers excellent tools for certain workflows, its emphasis on document creation can overshadow its capabilities as a QES platform. For businesses solely focused on e-signatures, it may lack some of the depth required for more specialized use cases.

Pricing: Free trial available. Paid plans start at $19/user/month with QES available for $5 per unique signature in Business plans and above, which start at $49/user/month billed annually.

Dropbox Sign

Dropbox Sign continues to appeal to companies seeking lightweight electronic signature tools that integrate directly with Dropbox’s well-known ecosystem. Its simplicity and focus on small to medium-sized businesses make it a straightforward choice for organizations looking to tackle basic signature needs without sacrificing security or compliance.

Features

Dropbox Sign offers features like:

Seamless integration with Dropbox.
User-friendly interface with minimal learning curve.
Compliant with eIDAS and E-Sign Act standards.
Template creation.
Mobile-friendly signing options, accessible via browsers and apps.

Strengths

Dropbox Sign’s integration with Dropbox and other productivity tools is seamless, allowing users to send and sign documents directly from their existing workflows. It offers a clean, intuitive interface that’s easy to navigate, making it ideal for smaller teams or individuals unfamiliar with e-signature tools. Despite its simplicity, Dropbox Sign doesn’t compromise on compliance, adhering to key regulations to ensure legally binding transactions.

Limitations

While it works well for basic signing needs, Dropbox Sign lacks the depth of features suited for complex or large-scale workflows. Enterprises or businesses looking for advanced automation or robust reporting tools may find it limiting compared to other options in this list.

Pricing: Free trial available. Paid plans start at $15/user/month, with QES available on the Premium plan, which requires a sales call.

SignNow

SignNow rounds out the list as a highly efficient yet budget-friendly solution that appeals to businesses looking for cost-conscious electronic signature tools. It offers a straightforward platform that combines ease of use with solid feature variety.

Features

SignNow offers features like:

Drag-and-drop editor.
Role-based signing workflows.
Bulk sending options.
Support for eIDAS, E-Sign Act, and HIPAA.
Integration with productivity tools.
Audit trail functionality.

Strengths

One of SignNow’s biggest advantages is its affordability. The platform is well-suited for small businesses, offering core QES features like document templates and secure mobile signing at an accessible price point. Its mobile app functionality ensures users can send and sign documents remotely without compromising security or compliance. Developers, in particular, benefit from flexible API access, making SignNow highly customizable for unique business needs.

Limitations

Although SignNow is feature-rich for its price, it doesn’t have the widespread name recognition or long-standing reputation of other players like DocuSign. Larger businesses looking for greater institutional trust or extensive integrations may find more confidence in platforms with deeper market roots.

Pricing: Free trial available. Paid plans start at $8/user/month. QES is available for $1.50/signature request with a Site License Package for businesses sending more than 1,000 signature requests per year.

Each of these providers comes with its own strengths and trade-offs, but BoldSign offers advanced security, intuitive design, and affordability without sacrificing features, making it a standout choice. Whether you’re a small business or scaling fast, BoldSign delivers a reliable, user-friendly experience that keeps compliance and trust front and center.

Comparative analysis of the top five QES software providers in 2025

Feature	BoldSign	DocuSign	PandaDoc	Dropbox Sign	SignNow
Security & compliance	SOC 2® Type 2, E-Sign Act, GDPR, & HIPAA compliance	eIDAS, HIPAA, E-Sign Act/year	Matches basic standards	eIDAS, E-Sign Act compliance	eIDAS, GDPR
Ease of use	Streamlined and user-friendly	Comprehensive, may feel complex for beginners	User-friendly editor, tailored for proposals	Simple, lightweight	Focused on simplicity
Pricing	Affordable, scalable	High, enterprise-focused	Moderate, feature-bundled	Budget-friendly	Low-cost, scalable
Target audience	Small to mid-size, flexible for enterprise	Enterprises, advanced users	Sales teams and collaborations	SMBs and individual users	Startups, SMBs
Unique feature	Advanced integrations, stellar support	Automation and bulk workflows	Rich document collaboration tools	Tight Dropbox integration	Mobile signing flexibility

Key trends across providers

The e-signature market in 2025 is defined by a few shared strengths. Most providers have prioritized compliance with major international frameworks like eIDAS and GDPR, ensuring their solutions are suitable across borders. Security features such as encryption and multi-factor authentication are standard across the board, reflecting a strong focus on protecting sensitive data.

Another common thread is the integration of mobile functionality, catering to remote and on-the-go users. Finally, cloud-based security and storage are becoming the backbone of these platforms, enabling smoother workflows.

What sets BoldSign apart

While all providers have their strengths, BoldSign stands out for its ability to balance simplicity, affordability, and robust functionality. Unlike competitors with higher price points, BoldSign provides scalable solutions that don’t overcomplicate the experience for users.

Its deep integrations with business tools make it ideal for modern workflows, while its transparent pricing appeals to small and mid-sized teams without skimping on enterprise-ready features. Combine that with a reputation for responsive and knowledgeable customer support, and BoldSign offers an experience that’s both user-friendly and reliable. It’s a solution that feels tailored for today’s business needs.

Future trends in QES software

The future of QES is being shaped by rapid technological advancements. Blockchain is on its way toward playing a transformative role in ensuring tamper-proof document trails, enhancing transparency, and reducing the risk of fraud. Meanwhile, AI has already begun to revolutionize the user experience by simplifying workflows with automation, making processes like identity verification faster and more accurate.

Industries like legal, healthcare, and finance are set to lead the adoption curve. These sectors manage sensitive data but are also governed by strict compliance requirements. QES provides a secure, legally binding solution that meets these demands, reinforcing trust in digital transactions.

Accessibility will be another priority. As businesses operate across borders, QES solutions will need to accommodate diverse global compliance frameworks and remain intuitive for users of all technical skill levels. The result? A more secure, accessible, and universally compliant digital signing experience.

BoldSign: The best QES software choice in 2025

Selecting the right QES provider is an important decision for businesses navigating the digital landscape in 2025. Each of the providers discussed—BoldSign, DocuSign, PandaDoc, Dropbox Sign, and SignNow—offers unique advantages, from advanced compliance and security to tailored pricing and usability.

Ultimately, your choice will depend on your organization’s workflows, technical needs, and budget. Take the time to assess what matters most for your team.

Related blogs

Note: This blog was originally published at boldsign.com

Webinar: Embed eSignature Workflows in Your .NET App

Dhinesh Sekar — Wed, 22 Oct 2025 08:20:17 +0000

Redirecting users to third-party sites for sending or signing documents often leads to frustration—extra logins, broken mobile experiences, and uncertainty about security. These interruptions can cause users to abandon the process, especially in high-value workflows like HR onboarding or banking loan approvals.

Join our upcoming webinar to discover how embedded eSignature workflows can eliminate these pain points by keeping the entire experience inside your app. You’ll learn how to deliver faster, more secure, and consistent signing experiences that build trust and improve completion rates.

Led by Syncfusion® Software Developer Harini Chellappa, this session is designed for .NET developers who want to reduce user drop-offs, simplify integration, and build scalable, production-ready signing flows with minimal effort—while significantly enhancing the overall user experience.

Webinar details

Date: October 29, 2025
Time: 10:00 AM ET
Duration: 45 minutes + live Q&A
Registration: Sign up here to learn how embedded workflows enhance the user experience by making e-signing faster, more secure, and seamless.

What you’ll learn

This practical session covers:

Why redirecting users for sending and signing creates friction — with real-world examples from HR and banking
How embedded sending works: Send documents directly from your platform without leaving the app
How embedded signing works: Keep users in your app for a seamless and secure signing experience
How to customize the embedded signing page: using client-side triggers and events for greater control and interactivity
Live demo: Watch embedded sending, signing, and page customization in action using the BoldSign .NET SDK

Why attend?

This webinar is perfect for product managers, developers, and IT teams looking to:

Improve user trust and reduce drop-offs
Deliver a secure, branded signing experience
Automate sending workflows for speed and accuracy
Build scalable, API-driven eSignature solutions

Register today

Don’t miss this opportunity to learn how embedded sending and signing can transform your workflows. Reserve your spot now and start building signing experiences that are fast, secure, and user-friendly.

Have questions? Contact us at support@boldsign.com.

Forem: Dhinesh Sekar

Create and Manage Users Easily with BoldSign API

What you can automate with the BoldSign Users API

What you’ll need before you start

BoldSign Users API endpoints used in this guide

Core users endpoints (v1)

How to auto-provision users during app onboarding

How to create and manage BoldSign users

Step 1: Authenticate your requests

Step 2: Get the Team ID you want to assign users to

Step 3: Invite users with team, role, and metadata

Step 4: List users to verify provisioning

Which query parameters control pagination and search?

Step 5: **Get a single user’s details**

Step 6: Update a user’s role

Step 7: Resend or cancel invitations

How to update user metadata

How to move a user to another team

Important Notes

Testing checklist for a reliable onboarding flow

Best practices for production-grade provisioning

Key takeaways

Related blogs

Introducing Push Notifications: Real-Time Alerts on BoldSign Mobile App

Push Notifications: Purpose and Flow

Push Notifications Defaults

Types of Push Notifications Settings

Allowing Push Notifications from BoldSign

Enabling or Disabling Push Notifications

Updating Push Notification Settings

Your notification settings

Your recipient’s notification settings

Navigating From Push Notifications

Customizing Notification Alerts

Conclusion

Related blogs

Embed eSignature Template Creation in Your App with API

Why Embed Template Creation?

Integration Steps

Step 1: API Request for Embedded Template Creation

Step 2: Customize Template Creation Options

Step 3: Implementing Customizations

Conclusion

Related blogs

How to Use Regex for Data Validation in the BoldSign API

Regex validation

Integrating regex validation in the BoldSign API

Code snippets for adding regex validation

Conclusion

Related blogs

How to Apply Expiration Date for eSignature Requests Through API

Code snippets

Conclusion

Related blogs

How to Dynamically Position Form Fields in eSignature Requests Using API

Using Text Tags with BoldSign

Syntax of BoldSign text tags

Example text tag

Enabling text tags via the API

Supported fields

Definition tags

Properties of definition tags

Usage syntax for definitions

Conclusion

Related blogs

Securing BoldSign API Webhooks with IP Whitelisting

What Is IP Whitelisting for BoldSign Webhooks?

Why Securing Webhooks Matters for API Integrations

How BoldSign Supports Secure API Webhooks

BoldSign Webhook IP Addresses by Region

Step-by-Step: How to Set Up IP Whitelisting for BoldSign API Webhooks

What You’ll Need

Steps

Example: IP Whitelisting Check in Node.js

Other Security Layers to Combine with IP Whitelisting

Limitations of IP Whitelisting (and How to Mitigate Them)

Logs to Monitor for BoldSign Webhooks

Here are some concrete scenarios where IP whitelisting adds real value

Best Practices for Securing BoldSign API Webhooks

Conclusion: A Simple Win for BoldSign API Security

Step 5: Get a single user’s details****