Features

Webhooks

Published, signed, declined: envelope lifecycle events arrive as a POST to the endpoint you register, the moment they happen.

No more polling the API: your system gets the notice, fetches what it needs and moves on.

An event for every move

Each important step of the envelope becomes a POST to the registered endpoint, and each webhook picks which events it wants to receive.

Envelope lifecycle

envelope.created

Created

envelope.publish_scheduled

Publication scheduled

envelope.published

Published

envelope.published_by_schedule

Published by schedule

envelope.unpublished

Unpublished

envelope.updated

Updated

envelope.signed

Signed

envelope.cancelled

Cancelled

envelope.expired

Expired

Signer actions

envelope.viewed_by_signer

Viewed

envelope.approved_by_signer

Approved

envelope.rejected_by_signer

Declined

envelope.cancelled_due_to_mfa_error_by_signer

Cancelled by signer MFA error

Multiple webhooks

Each system listens only to what matters

Register as many webhooks as you need — one for the ERP, another for the CRM, another for BI — each one choosing the events it listens to.

The ERP only gets signed envelopes; the CRM follows publishing and signatures. No filtering of irrelevant events on your side.

Payload

IDs in the body, data in the API

The POST body is lean: event type, environment and the account and envelope identifiers. On signer events, the signer_id comes along.

Names, email addresses and document content stay out of the payload. With the ID, your system queries the API and fetches only what it needs.

POST to your endpoint — envelope.signed
{
  "event_type": "envelope.signed",
  "account_id": "3f9d2b71-84c6-4a0e-b52d-6c1e8f4a9b30",
  "env": "production",
  "envelope_id": "b4c2f8d1-3e5a-4b6c-9d7e-1f2a3b4c5d6e"
}

Delivery

Automatic retries and tracking for every delivery

Delivery is managed by Signater: every attempt gets its status recorded, and you can see what arrived and what failed.

Endpoint down or responding with errors? The delivery goes into automatic retry, with nothing to trigger on your side.

During development, the CLI forwards the events straight to your machine: you debug the handler locally, without publishing a URL.

Authentication at the destination, the way your stack expects

Every call to your endpoint identifies itself with the method you configure when registering the webhook.

API key

A fixed secret travels with every call, in the header or in the query string, under the name you define.

Basic authentication

Username and password in the HTTP Basic standard. The direct path when the destination is an internal or legacy system.

Bearer token

A static token in the Authorization header, just like the APIs your team already builds.

AWS signature

Want to receive straight on API Gateway? Calls go out signed with your AWS access key and secret.

Custom signature

Each payload arrives signed with a secret of yours, in the header you name. Check the signature and discard whatever does not match.

OAuth2

Signater obtains a token from your authorization server before delivering, in the client credentials and authorization code flows.

Frequently asked questions

Which events can I subscribe to?

Ten events cover the main moves: envelope creation, publication scheduling, publication, update, signing, cancellation and expiration, plus viewing, approval and decline by signer. You can register more than one webhook and choose the events for each one.

Can I have more than one webhook?

Yes, as many as you need: each webhook chooses which event or events it listens to — one for the ERP, another for the CRM — with no filtering of irrelevant events on your side.

What happens if my endpoint is down?

The delivery goes into automatic retry: Signater repeats the attempt without you triggering anything. Meanwhile, the status of each delivery stays trackable, so you can see what failed and confirm when the event arrived.

How do I protect my endpoint?

Pick one of six authentication methods when registering the webhook: API key, basic authentication, Bearer token, AWS signature, custom signature and OAuth2. The payload helps too: it carries only identifiers, with no personal data and no document content.

How do I test during development?

Connect the CLI and receive the events straight on your machine, without publishing a URL. Combined with the API's sandbox mode, you fire test envelopes isolated from production; the env field in the payload tells which environment each event came from.

People in front of a laptop reviewing its screen

Talk to the team

Connect your system to the events

Our team reviews your integration: which events to subscribe to, how to authenticate the endpoint and what to validate with the CLI before going to production. Get your questions answered directly on WhatsApp.