GetSignedBeta
Request beta
Guide · Embedded Signing

Embedded signing

Let users sign documents without leaving your product. Embedded signing renders the GetSigned signing page inside an iframe in your application — no email redirect, no context switch, same sealed audit trail.

Redirect signing

1Your app → creates envelope
2GetSigned emails link to signer
3Signer opens email, clicks link
4Signer signs on GetSigned page
5Webhook fires → your app notified

Embedded signing

1Your app → creates envelope
2Your app requests an embedded token
3Your app renders iframe with token URL
4Signer signs inside your product
5Webhook fires → your app notified

Embedded vs. redirect signing

Redirect signingEmbedded signing
UXSigner leaves your app, opens a new tab or follows an email linkSigner signs without leaving your product — same tab, modal or iframe
BrandingGetSigned or your brand on a hosted pageYour product UI surrounds the signing step — seamless to the user
Implementation3 API calls: create envelope, send, handle webhookSame 3 calls plus: request an embedded token, render the iframe
Best forExternal signers (customers, counterparties) who have no account in your appAuthenticated users in your own product completing their own documents
Email deliveryGetSigned emails the signing link automaticallyNo email sent — your UI presents the signing step directly

Implementation

Two extra steps on top of the standard envelope flow: request an embedded token, render the iframe.

Node.js / Express — embedded token + iframe
// 1. Create envelope (standard flow — omit /send)
const envelope = await api.post('/v1/envelopes', { document, signers, fields });

// 2. Request an embedded signing token for a specific signer
const { signing_url } = await api.post(
  `/v1/envelopes/${envelope.id}/embedded-token`,
  {
    signer_id:    signers[0].id,
    redirect_url: 'https://yourapp.com/signing/complete', // post-sign redirect
  }
);

// 3. Render the iframe in your frontend
// signing_url is short-lived (15 min) and single-use
res.json({ signing_url });

// --- Frontend ---
// <iframe
//   src={signing_url}
//   style={{ width: '100%', height: '700px', border: 'none' }}
//   allow="camera"   // if you capture a drawn signature
// />

// 4. Handle envelope.completed webhook as normal — no change needed

Frequently asked questions

What is embedded signing?

Embedded signing is an e-signature experience where the signing UI appears inside your application — in an iframe, modal, or full-screen overlay — rather than redirecting the user to a separate hosted page. The signer never receives an email link; your application presents the signing step at the right moment in your workflow and iframes the signing page inline.

When should I use embedded signing vs. redirect-based signing?

Use embedded signing when the signer is already an authenticated user in your product and you want to keep them in your UI — for example, a user completing their own onboarding document or a staff member signing an internal form. Use redirect-based signing for external signers (customers, counterparties) who are not logged into your product — they receive an email link and complete signing on a hosted page.

How does embedded signing work technically?

After creating an envelope and instead of calling /send, you request an embedded signing token for a specific signer via POST /v1/envelopes/{id}/embedded-token. The API returns a short-lived, single-use URL. You render that URL in an iframe within your application. The signing UI is hosted by GetSigned but displayed inside your product. On completion, GetSigned fires the standard envelope.completed webhook to your endpoint.

Does embedded signing change the audit trail or legal validity?

No. Embedded signing produces an identical audit trail — view, consent, OTP verification, signature, and seal events are all logged. The only difference is how the signer navigates to the signing page. The sealed PDF and hash-chained audit log are identical to a redirect-based signing.

Is OTP identity verification still required in embedded signing?

By default, yes — OTP verification runs inside the embedded signing page, verifying the signer via email or SMS. If your application has already authenticated the signer with a strong identity assurance method, you can configure the envelope to skip OTP for that signer using the skip_otp flag on the embedded token request. Consult your legal counsel on whether skipping OTP affects the evidentiary weight of the signature for your jurisdiction and use case.

This page is for informational purposes only. Consult qualified legal counsel regarding the evidentiary requirements for your specific use case and jurisdiction.

Related: Integration guide · Webhook guide · Audit trail guide

Embed signing in your product today

Get free API keys →