Authentication

API Sign uses API keys for authentication. All API requests must include a valid API key in the request headers.

API Key Management

Getting Your API Key

1. Log in to your API Sign dashboard
2. Navigate to Account → API Keys
3. Click Create API Key
4. Copy and securely store your API key

API Key Types

Production Keys

• Used for live contracts and real signatures
• Full access to all API endpoints

Test Keys

• Used for development and testing
• Limited to test mode operations
• No charges for API usage
• Contracts created are not legally binding

Authentication Method

Include your API key in the x-api-key header:

x-api-key: your_api_key_here

Example Requests

cURL Example

curl -X GET https://apisign.io/api/contract/find \
  -H "x-api-key: your_api_key_here" \
  -H "Content-Type: application/json"

JavaScript Example

const response = await fetch('https://apisign.io/api/contract/find', {
  method: 'GET',
  headers: {
    'x-api-key': 'your_api_key_here',
    'Content-Type': 'application/json'
  }
});

const contracts = await response.json();

Python Example

import requests

headers = {
    'x-api-key': 'your_api_key_here',
    'Content-Type': 'application/json'
}

response = requests.get('https://apisign.io/api/contract/find', headers=headers)
contracts = response.json()

Error Responses

Authentication Errors

401 Unauthorized

{
  "error": "unauthorized",
  "message": "Invalid API key"
}

403 Forbidden

{
  "error": "forbidden",
  "message": "API key does not have permission for this resource"
}

Security Best Practices

API Key Security

• Never commit API keys to version control
• Use environment variables to store keys
• Rotate keys regularly (every 90 days recommended)
• Use different keys for different environments
• Revoke compromised keys immediately

Network Security

• Always use HTTPS for API requests
• Implement proper SSL certificate validation
• Use IP allowlisting when possible
• Monitor API usage for suspicious activity