Standards Based Signatures

DocuSign enables document signers to use electronic or digital signatures.

DocuSign has tightly integrated standard digital signatures into the DocuSign Signature platform. This enables a single envelope to include:

  • electronic signatures,
  • AES digital signatures using certificates from DocuSign or from your organization,
  • QES digital signatures from government certified Trust Service Providers (TSPs).

The eSignature REST API can be used to create envelopes that include these signature requests for signing PDFs. All source documents are automatically rendered to the PDF format.

Use the DocuSign Signature Appliance to digitally sign documents and files in their native formats, and for other specialized use cases.

Using Digital Signatures

First, determine the signature providers your signers will use from the Signature provider options list below. This list is updated as more TSPs are integrated with the DocuSign platform.

If you wish to use a TSP not on the list, the Signature Appliance can be used.

Second, include the recipientSignatureProviders parameter in a recipient object. See the “Requesting SBS Signatures” section below for details.

Testing Digital Signatures

Standards Based Signatures (SBS) are not included with default demo/developer sandbox accounts. To test with Standards Based Signatures, ask your DocuSign technical contact, or DocuSign Customer Service, to add the SBS signature feature to your account. To test with a third-party TSP, you will also need a test account from them. Discuss your needs with your DocuSign Account Manager.

Note: By design, digital signatures created on the demo/developer sandbox system will verify with warnings that the signer’s identity cannot be trusted. Digital signatures created on DocuSign production systems will not have this issue. More information

Signature provider options

Electronic Signatures

Electronic signatures do not use digital certificates. These are the default type of signatures from DocuSign.

  • API signatureProviderName: UniversalSignaturePen_ImageOnly
  • Required options: none.

Express Signature

DocuSign-generated generic, “on-the-fly” digital signatures that include a certificate.

  • API signatureProviderName: UniversalSignaturePen_Default
  • Required options: none.

EU Advanced Signature

DocuSign-generated, eIDAS AES compliant signatures. More information.

  • API signatureProviderName: UniversalSignaturePen_OpenTrust_Hash_TSP
  • Required options: SMS or oneTimePassword.

ICP-Brasil

ICP-Brasil is the official Brazilian public key infrastructure. It provides digital certificates for virtual identification of Brazilian citizens. More information.

  • API signatureProviderName: UniversalSignaturePen_ICP_SmartCard_TSP
  • Required options: none.

IDnow

EU Qualified electronic signatures from IDnow. IDnow is a leading European online video-identification service based in Germany. More information.

  • API signatureProviderName: UniversalSignaturePen_IDNow_TSP
  • Required options: none.

itAgile

Qualified electronic signatures using itAgile EU Qualified Certificates More information.

  • API signatureProviderName: UniversalSignaturePen_ItAgile_TSP
  • Required options: none.

US PIV Card

The US Federal government specifies PIV smart card requirements for Federal employees and contractors. This provider enables PIV card holders to digitally sign documents. More information.

  • API production signatureProviderName: UniversalSignaturePen_PIV_SmartCard_TSP
  • API test signatureProviderName: UniversalSignaturePen_PIV_Test_TSP
  • Required options: none.

Signature Appliance on-site providers

DocuSign can configure a Signature Appliance at your site. The appliance is integrated with the DocuSign cloud platform. The appliance can act as a TSP, enabling signers to use certificates generated from your organization’s root certificate. It can also use certificates from third-party TSPs.

  • API signatureProviderName: will be assigned by DocuSign.
  • Required options: varies.

Listing an account’s signature providers

The eSignature REST API AccountSignatureProviders: list method responds with a list of the providers enabled for your account. Using this method is optional; you can hardcode signature provider names.

Requesting SBS Signatures via eSignature REST API

To request that a recipient sign with a Standards Based Signature, include the recipientSignatureProviders parameter in the Envelopes: create call’s recipients::signer object.

The parameter takes an array of recipientSignatureProvider objects. Including multiple items in the array will enable the signer to choose which signature provider they’ll use.

If you provide only one item in the array, the signer will be required to use that provider to sign the documents.

Each recipientSignatureProvider object includes two parameters:

  • signatureProviderName The name of the provider from the list above.
  • recipientSignatureProviderOptions An object (see below) for setting provider-specific options.

The recipientSignatureProviderOptions object includes four parameters. Some or all of the options may be required by a provider:

  • cpfNumber The Brazilian taxpayer registry id number. Valid check digits must be included. Only numbers are allowed, no spaces, dashes, etc.
  • oneTimePassword A pre-shared secret that the signer must enter to complete the signing process.
  • signerRole The role or capacity of the signing recipient. Examples: Manager, Approver, etc.
  • sms The mobile phone number used to send the recipient an access code for the signing ceremony. Format: a string starting with +, then the country code followed by the full mobile phone number without any spaces or special characters. Omit leading zeroes before a city code. Examples: +14155551234, +97235551234, +33505551234.

Example JSON envelope request

The following example shows two EU AES recipients. One uses SMS authentication, the other uses a one time password for authentication.

{
    "signers": [{
        "routingOrder": 1,
        "name": "Sue Collins",
        "email": "sue@example.com",
        "deliveryMethod": "email",
        "recipientId": "1",
        "recipientSignatureProviders": [{
            "signatureProviderName": "UniversalSignaturePen_OpenTrust_Hash_TSP",
            "signatureProviderOptions": {
                "oneTimePassword": "12345678"
            }
        }]
    },
    {
        "routingOrder": 2,
        "name": "Yan",
        "email": "jim@me.com",
        "deliveryMethod": "email",
        "recipientId": "2",
        "recipientSignatureProviders": [{
            "signatureProviderName": "UniversalSignaturePen_OpenTrust_Hash_TSP",
            "signatureProviderOptions": {
                "sms": "+13303103330"
            }
        }]
    }]
}

Requesting SBS Signatures via eSignature SOAP API

To request that a recipient sign with a Standards Based Signature, include the RecipientSignatureProviders element in a CreateAndSendEnvelope or CreateEnvelope calls’ Recipient element:

<Recipient>
    ...
    <RecipientSignatureProviders>
        <RecipientSignatureProvider>
            <SignatureProviderName>signatureProviderName</SignatureProviderName>
            <SignatureProviderOptions>
                <OneTimePassword>oneTimePassword</OneTimePassword>
                <Sms>sms</Sms>
            </SignatureProviderOptions>
        </RecipientSignatureProvider>
    </RecipientSignatureProviders>
    ...
</Recipient>

The signatureProviderName, oneTimePassword, and sms parameters have the same meanings as for the REST API. The SignatureProviderOptions element is optional.

Example SOAP XML Fragment

To require a signer recipient to use an EU Advanced signature with SMS authentication, include the following XML in your SOAP request:

<Recipient>
    ...
    <RecipientSignatureProviders>
        <RecipientSignatureProvider>
            <SignatureProviderName>UniversalSignaturePen_OpenTrust_Hash_TSP</SignatureProviderName>
            <SignatureProviderOptions>
                <Sms>+3322342233</Sms>
            </SignatureProviderOptions>
        </RecipientSignatureProvider>
    </RecipientSignatureProviders>
    ...
</Recipient>