API docs by Redocly

Skribble API v3 (3.0.3)

Download OpenAPI specification:

Skribble Engineering: info@skribble.com URL: https://skribble.com License: Apache 2.0 Terms of Service

⚠ Preview — Subject to Change Sign API v3 is a preview release. The API surface may change before general availability. Do not use it in production without accepting that breaking changes may occur.

The Skribble API v3 documentation describes the publicly available Skribble API version 3. The API allows businesses and teams of any size to integrate the e-signing solution of Skribble with internal systems, software, or SaaS solutions. It provides a simple interface to create and manage signature requests programmatically. Signature requests define who signs what and describe the document flow between participants. Actual signing occurs in the Skribble web application.

API v3 introduces multi-document signature requests, a draft-based workflow requiring explicit initiation, and dedicated endpoints for managing signers, documents, and observers individually.

Access

Endpoints for authentication, authorization, and user access management.

Authenticate and Obtain an Access Token

To use the Skribble API, you first need an API key and an API user. Both can be managed on the API key page in your business profile. Consult our guide for setup instructions.

Skribble offers two types of API keys:

Demo API keys

Demo API keys are for testing and development purposes. Signatures created with demo keys have no legal weight and are free of charge.

Demo keys can be identified by their name, which starts with api_demo.

Production API keys

Production API keys are used for live systems. Signatures created with production keys will be invoiced.

Production keys can be identified by their name, which starts with api_production or, in some cases, api_prod.

⚠ Note All costs incurred by signature requests created with your API keys will be charged to your business. We recommend starting with a demo API key during development and testing, and switching to a production key only once testing is complete.

For help setting up Skribble Business, contact us at info@skribble.com.

To obtain an access token, authenticate using the /access/login endpoint. You can pass your credentials as raw JSON or as x-www-form-urlencoded key-value pairs (see example requests).

Upon successful authentication, a JSON Web Token (JWT) is returned. This JWT must be included in nearly every API request.

The access token is passed in the Authorization HTTP header using the Bearer scheme. Example: Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI...

Token life cycle

API key

API keys have a long but finite lifetime. The validity period depends on the volume of API calls and is agreed upon individually as part of the shared secret agreement.

Access token

Access tokens have a lifetime of approximately 20 minutes. Automatic token renewal is not currently supported.

Logout

There is no logout endpoint. Access tokens expire automatically after the defined lifetime.

Authorizations:
None
Request Body schema:
required
username
required
string

The username of the users credentials to login

api-key
required
string

The API key of the users credentials to login

Responses

Request samples

Content type
{
  • "username": "add_your_api_name_here",
  • "api-key": "please_enter_your_password_here"
}

Response samples

Content type
text/plain
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJJWlMxY0pXQXlXVFdZeDR6dXRGNzJlYWVILT...

Document

Endpoints for uploading and managing documents.

Upload a Document

Upload using a Base64 encoded file as content.

Authorizations:
bearer
Request Body schema: application/json
required

Request body to create a Document object

One of
content
required
string <byte>

Base64 encoded bytes of the document.

content_type
string

Content type of bytes sent in content. Currently, only application/pdf is supported.

title
required
string

Title of the document.

read_access
Array of strings

Give specific users or API keys read access to this document.

write_access
Array of strings

Give specific users or API keys write access to this document.

Responses

Request samples

Content type
application/json
Example
{
  • "content": "SGVsbG8gd29ybGQh",
  • "content_type": "application/pdf",
  • "title": "Example contract PDF",
  • "read_access": [
    ],
  • "write_access": [
    ]
}

Response samples

Content type
application/json
Example
{
  • "id": "00000000-1212-9546-6542-323232323232",
  • "title": "Example contract PDF",
  • "content_type": "application/pdf",
  • "size": 29010,
  • "page_count": 1,
  • "page_width": 600,
  • "page_height": 840,
  • "owner": "api_demo_example",
  • "read_access": [
    ],
  • "write_access": [
    ],
  • "created_at": "2099-12-12T12:12:12.000Z",
  • "updated_at": "2099-12-12T12:12:12.000Z"
}

List All Accessible Documents

Returns an array of all accessible Document objects.

Authorizations:
bearer

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

Get Document Metadata

Fetches the metadata for the Document identified by its ID.

Authorizations:
bearer
path Parameters
DOC_ID
required
string <uuid>
Example: f1e2d3c4-7b8a-4e6f-9d3b-123456789abc

Unique ID received when creating the Document Request object

Responses

Response samples

Content type
application/json
Example
{
  • "id": "00000000-1212-9546-6542-323232323232",
  • "title": "Example contract PDF",
  • "content_type": "application/pdf",
  • "size": 29010,
  • "page_count": 1,
  • "page_width": 600,
  • "page_height": 840,
  • "owner": "api_demo_example",
  • "read_access": [
    ],
  • "write_access": [
    ],
  • "created_at": "2099-12-12T12:12:12.000Z",
  • "updated_at": "2099-12-12T12:12:12.000Z"
}

Delete a Document

Deletes a Document by its ID. Deletion behaves similarly to deleting a SignatureRequest and does not necessarily remove the object from the system immediately.

If more than one participant is involved, the DELETE request only removes the current user from the Document.

The system permanently removes the Document once the last user deletes it via the Skribble web application.

Authorizations:
bearer
path Parameters
DOC_ID
required
string <uuid>
Example: f1e2d3c4-7b8a-4e6f-9d3b-123456789abc

Unique ID received when creating the Document Request object

Responses

Get Document Content

Downloads the content of the document identified by its ID. Returns either a PDF binary or a JSON object containing a Base64-encoded PDF.

Authorizations:
bearer
path Parameters
DOC_ID
required
string <uuid>
Example: f1e2d3c4-7b8a-4e6f-9d3b-123456789abc

Unique ID received when creating the Document Request object

Responses

Response samples

Content type
{
  • "content_type": "application/pdf",
  • "content_size": 29010,
  • "content": "U29tZUJhc2U2NEVuY29kZWRJbWFnZQ=="
}

Get Document Page Preview

Returns a preview image for a specific page of the uploaded PDF document. Page numbering starts at 0 for the first page.

Use the optional scale parameter to control the preview size: scale=100 returns a full-size preview, while scale=20 returns a thumbnail.

Authorizations:
bearer
path Parameters
DOC_ID
required
string <uuid>
Example: f1e2d3c4-7b8a-4e6f-9d3b-123456789abc

Unique ID received when creating the Document Request object

PAGE_ID
required
integer

Page ID of the document

query Parameters
scale
number >= 0
Default: 100
Example: scale=20

The scaling factor for the image.

Responses

Signature

Endpoints for creating and managing signature requests.

Create a Signature Request

Creates a new SignatureRequest, which is the primary object of the Skribble API. A SignatureRequest defines who signs what and under which conditions. It specifies the documents to be signed, the list of required signers, the desired signature quality and legislation, and optional settings such as signing sequences, callback URLs, and access control.

Compared to API v2, this version supports attaching multiple documents to a single SignatureRequest. Additionally, the request no longer triggers invitations immediately. Instead, the SignatureRequest is created with a status_overall of DRAFT.

If you specify an owner using the creator field, that user will find the request in the Drafts section of their account, where they can review and complete the setup.

Once ready, call /initiate to start the SignatureRequest and send out invitations.

Authorizations:
bearer
Request Body schema: application/json
required

Request body to create a SignatureRequest object

title
required
string

Title of the signature request.

message
string

Message sent to the other participants along with this signature request.

legislation
string (SignatureLegislation)
Enum: "ZERTES" "EIDAS"

Legislation under which the signatures are created. Required when quality is QES or AES_MINIMAL.

Legislation Description
ZERTES QES according to Swiss law. This is the default.
EIDAS QES according to EU law.
quality
string (SignatureQuality)
Enum: "SES" "AES" "AES_MINIMAL" "QES" "DEMO" "PART11"

Minimal quality of the signatures for this signature request.

Quality Description
QES Every signer must use QES. This is the default quality. Requires a legislation parameter.
AES Signers will use AES if available, otherwise fall back to QES.
AES_MINIMAL Signers will use QES if available, otherwise AES. At least AES is guaranteed. Requires a legislation parameter.
SES Every signer uses SES.
DEMO Every signer uses a DEMO signature with no legal binding. API demo users (api_demo_example_*) get this quality by default.
PART11 Signers use a signature compliant with 21 CFR Part 11 regulations.
required
Array of objects (Signature Document) <= 50 items

List of documents to be signed (Maximum 50).

No signers (null) or (Array of Signers (User Signer (object) or Group Signer (object)))
callback_success_url
string <uri>

Callback URL called via POST when all signers have signed (overall success).

The URL supports the following placeholders, replaced with current SignatureRequest data before each call:

  • SKRIBBLE_SIGNATURE_REQUEST_ID — the SignatureRequest ID
  • SKRIBBLE_DOCUMENT_ID — the final signed document ID

Retry: If the endpoint is unreachable, Skribble retries every 10 minutes for up to 2 hours. The endpoint can return a Retry-After header (seconds) to control the retry interval.

callback_error_url
string <uri>

Callback URL called via POST when a signer declines or the SignatureRequest is withdrawn.

The URL supports the following placeholders, replaced with current SignatureRequest data before each call:

  • SKRIBBLE_SIGNATURE_REQUEST_ID — the SignatureRequest ID
  • SKRIBBLE_DOCUMENT_ID — the most recent document ID

Retry: If the endpoint is unreachable, Skribble retries every 10 minutes for up to 2 hours. The endpoint can return a Retry-After header (seconds) to control the retry interval.

callback_update_url
string <uri>

Callback URL called via POST on any change to the SignatureRequest (e.g. one signer has signed).

The URL supports the following placeholders, replaced with current SignatureRequest data before each call:

  • SKRIBBLE_SIGNATURE_REQUEST_ID — the SignatureRequest ID
  • SKRIBBLE_DOCUMENT_ID — the most recent document ID
  • SKRIBBLE_SIGNATURE_ID — the Signature ID (SID) of the signature just made

Retry: If the endpoint is unreachable, Skribble retries every 10 minutes for up to 2 hours. The endpoint can return a Retry-After header (seconds) to control the retry interval.

callback_start_sign_url
string <uri>

Callback URL called via POST when a signer starts the signature process (only for xQES).

The URL supports the following placeholders, replaced with current SignatureRequest data before each call:

  • SKRIBBLE_SIGNATURE_REQUEST_ID — the SignatureRequest ID
  • SKRIBBLE_DOCUMENT_ID — the most recent document ID

Retry: If the endpoint is unreachable, Skribble retries every 10 minutes for up to 2 hours. The endpoint can return a Retry-After header (seconds) to control the retry interval.

callback_ident_error_url
string <uri>

Callback URL called via POST when the identification of a signer ends in an error.

The URL supports the following placeholders, replaced with current SignatureRequest data before each call:

  • SKRIBBLE_SIGNATURE_REQUEST_ID — the SignatureRequest ID
  • SKRIBBLE_DOCUMENT_ID — the most recent document ID

Retry: If the endpoint is unreachable, Skribble retries every 10 minutes for up to 2 hours. The endpoint can return a Retry-After header (seconds) to control the retry interval.

custom
string

Custom field for storing application-specific data related to this signature request.

No attachment when signed (null) or Array of Attachment when signed (strings)
No owner (null) or Specific owner (string)
No other writer (null) or Array of Additional writer (strings)

Responses

Request samples

Content type
application/json
Example
{
  • "title": "Example contract",
  • "message": "Please sign this document!",
  • "quality": "DEMO",
  • "documents": [
    ],
  • "signatures": [
    ]
}

Response samples

Content type
application/json
Example
{
  • "id": "4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "title": "Sample document",
  • "message": "Please sign this document.",
  • "documents": [
    ],
  • "legislation": "ZERTES",
  • "quality": "QES",
  • "signing_url": "https://my.skribble.com/view/4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "status_overall": "OPEN",
  • "business_id": "biz-5a2aea44ddea4f0531ebcdcbcedf873c",
  • "signatures": [
    ],
  • "origin": "API",
  • "observers": [ ],
  • "attachments": [ ],
  • "owner": "api_demo_example",
  • "read_access": [
    ],
  • "write_access": [
    ],
  • "created_at": "2025-10-15T07:47:01.223Z",
  • "updated_at": "2025-10-15T07:47:01.223Z"
}

Update a Signature Request

Updates an existing SignatureRequest. We recommend creating the SignatureRequest with all necessary information upfront and using this endpoint only when changes are required.

The following fields can be updated: title, message, legislation, quality, signatures, callback_success_url, callback_error_url, callback_update_url, custom, attach_on_success, read_access, and write_access.

Observers are managed separately via the dedicated /observers endpoints.

Updating signers

To add or remove signers, provide the complete desired state of the signatures array:

  • To add a signer, include the new entry alongside all existing signers.
  • To remove a signer, omit their entry from the array.

Alternatively, use the dedicated /signatures endpoints to add or remove individual signers without having to send the full list.

Important: When updating via this endpoint, any signer not present in the signatures array will be removed. Changes to signers can only be made as long as none of the signers have already completed their signature.

Authorizations:
bearer
Request Body schema: application/json
required

Request body to update a SignatureRequest object

id
required
string <uuid>

Unique ID of the signature request.

title
string

Title of the signature request.

message
string

Message sent to the other participants along with this signature request.

legislation
string (SignatureLegislation)
Enum: "ZERTES" "EIDAS"

Legislation under which the signatures are created. Required when quality is QES or AES_MINIMAL.

Legislation Description
ZERTES QES according to Swiss law. This is the default.
EIDAS QES according to EU law.
quality
string (SignatureQuality)
Enum: "SES" "AES" "AES_MINIMAL" "QES" "DEMO" "PART11"

Minimal quality of the signatures for this signature request.

Quality Description
QES Every signer must use QES. This is the default quality. Requires a legislation parameter.
AES Signers will use AES if available, otherwise fall back to QES.
AES_MINIMAL Signers will use QES if available, otherwise AES. At least AES is guaranteed. Requires a legislation parameter.
SES Every signer uses SES.
DEMO Every signer uses a DEMO signature with no legal binding. API demo users (api_demo_example_*) get this quality by default.
PART11 Signers use a signature compliant with 21 CFR Part 11 regulations.
No signers (null) or (Array of Signers (User Signer (object) or Group Signer (object)))
callback_success_url
string <uri>

Callback-URL which is called on overall success.

callback_error_url
string <uri>

Callback-URL which is called in case of an error.

callback_update_url
string <uri>

Callback-URL which is called in case of an update.

callback_start_sign_url
string <uri>

Callback-URL which is called when a signer starts the signature process (only for xQES).

callback_ident_error_url
string <uri>

Callback-URL which is called when the identification of a signer ends in an error.

No update (null) or Array of Attachment when signed (strings)
No update (null) or Array of Specific write access (strings)

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "id": "4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "title": "Example contract",
  • "message": "Please sign this document!",
  • "documents": [
    ],
  • "legislation": "ZERTES",
  • "quality": "QES",
  • "signing_url": "https://my.skribble.com/view/4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "status_overall": "OPEN",
  • "business_id": "biz-42b4c2fb9ee947778ba70bc0698c78f7",
  • "signatures": [
    ],
  • "origin": "API",
  • "observers": [ ],
  • "expiration_date": "2025-11-21",
  • "attachments": [ ],
  • "attach_on_success": [
    ],
  • "custom": "MyCustomvalue1,MyVal2",
  • "owner": "api_demo_example",
  • "read_access": [
    ],
  • "write_access": [
    ],
  • "created_at": "2025-10-08T17:37:03.569Z",
  • "updated_at": "2025-10-08T17:37:03.569Z",
  • "initiated_at": "2025-10-08T17:37:03.569Z",
  • "callback_success_url": "https://mybiz.com/call/success",
  • "callback_error_url": "https://mybiz.com/call/error",
  • "callback_update_url": "https://mybiz.com/call/update",
  • "callback_start_sign_url": "https://mybiz.com/call/start-sign",
  • "callback_ident_error_url": "https://mybiz.com/call/ident-error"
}

Invite signers and start signing process

Starts the signing process for a SignatureRequest in DRAFT status.

This action sends out invitation emails and transitions status_overall from DRAFT to OPEN. Once initiated, the SignatureRequest is no longer visible in the Drafts section and will appear in the appropriate section (e.g. Pending) for each participant.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Responses

Get a Signature Request

Fetches a SignatureRequest by its ID.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Responses

Response samples

Content type
application/json
Example
{
  • "id": "4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "title": "Sample document",
  • "message": "Please sign this document.",
  • "documents": [
    ],
  • "legislation": "ZERTES",
  • "quality": "QES",
  • "signing_url": "https://my.skribble.com/view/4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "status_overall": "OPEN",
  • "business_id": "biz-5a2aea44ddea4f0531ebcdcbcedf873c",
  • "signatures": [
    ],
  • "origin": "API",
  • "observers": [ ],
  • "attachments": [ ],
  • "owner": "api_demo_example",
  • "read_access": [
    ],
  • "write_access": [
    ],
  • "created_at": "2025-10-15T07:47:01.223Z",
  • "updated_at": "2025-10-15T07:47:01.223Z"
}

Delete a Signature Request

Deletes a SignatureRequest by its ID.

Important: A SignatureRequest can only be deleted via the API if:

  1. the SignatureRequest has status_overall=OPEN, and

  2. the API user has sufficient rights on the SignatureRequest, e.g. when it was created by the API user.

Deleting a SignatureRequest does not necessarily remove it from the system immediately.

WITHDRAWN

When the API user is the owner of the SignatureRequest and it is still in status_overall=OPEN, the SignatureRequest will be WITHDRAWN.

This means the SignatureRequest will transition to status_overall=WITHDRAWN and all pending signatures will be marked with status_code=WITHDRAWN. Sign and read rights for all signers will be revoked, so invited signers can no longer read or sign the SignatureRequest.

REMOVE AS PARTICIPANT

When the API user is a participant but not the owner of the SignatureRequest, the DELETE request will only remove the API user as a participant.

In this case, the system will remove the SignatureRequest and its related documents once the last remaining user deletes it via the Skribble web application.

DELETING

When the API user is the last user with access rights to the SignatureRequest (e.g. after a WITHDRAW), the SignatureRequest and its related documents will be permanently removed from the system.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Responses

Withdraw a Signature Request

Withdraws a SignatureRequest, for example when signing becomes unnecessary or an error occurred during the invitation process. As the inviter, you can explicitly withdraw the SignatureRequest. This removes all signers and observers as participants and notifies them with a specified message.

Similar to deletion, the withdraw action can only be executed if:

  • The SignatureRequest has status_overall=OPEN

  • The API user has sufficient rights on the SignatureRequest, such as when it was created by the API user.

Note We recommend using the delete endpoint, which automatically determines the appropriate action. For example, if the API user does not have withdrawal rights, they may instead be removed as a participant, or the document may be deleted directly.

Use the withdraw endpoint specifically when you need to withdraw the SignatureRequest while keeping it in Skribble.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Request Body schema: application/json
optional

Request body to withdraw a SignatureRequest object

message
string [ 0 .. 2048 ] characters

Withdraw message.

Responses

Request samples

Content type
application/json
{
  • "message": "The reason for withdrawing the signature."
}

Response samples

Content type
application/json
{
  • "id": "4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "title": "Sample document",
  • "message": "Please sign this document.",
  • "document_id": "1ff0cf91-6b54-f3bd-bffb-8fcd5e799764",
  • "legislation": "ZERTES",
  • "quality": "QES",
  • "signing_url": "https://my.skribble.com/view/4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "status_overall": "WITHDRAWN",
  • "business": "biz-5a2aea44ddea4f0531ebcdcbcedf873c",
  • "signatures": [
    ],
  • "cc_email_addresses": [ ],
  • "attachments": [ ],
  • "owner": "api_demo_example",
  • "read_access": [
    ],
  • "write_access": [
    ],
  • "created_at": "2025-10-15T07:47:01.223Z",
  • "updated_at": "2025-10-15T07:47:01.223Z"
}

Get Signature Request Report

Provides the signature report for a specific signature request.

By default, the report is returned as a human-readable, digitally signed PDF document. Optionally, the report format can be changed using the type query parameter (e.g. JSON or HTML).

The report contains all relevant information about the signature process, including signatories, timestamps, and verification details. It serves as legally valid proof of the completed signing process and can be stored or shared for auditing, compliance, or record-keeping purposes.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

query Parameters
type
string
Default: "PDF"
Enum: "PDF" "JSON" "HTML"

Format of the Report.

Responses

Response samples

Content type
No sample

Add an additional document

Adds an additional document to the SignatureRequest while it is still in DRAFT status.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Request Body schema: application/json
required

Request body to add a Document

content
string <byte>

Base64 encoded bytes of the document. Maximum document size is 112.5 MB unencoded (150 MB Base64-encoded).

Responses

Request samples

Content type
application/json
{
  • "content": "U29tZUJhc2U2NEVuY29kZWRJbWFnZQ=="
}

Remove a document

Deletes the document identified by DOC_ID from the SignatureRequest with the ID SR_ID.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

DOC_ID
required
string <uuid>
Example: f1e2d3c4-7b8a-4e6f-9d3b-123456789abc

Unique ID received when creating the Document Request object

Responses

Signature Signer

Endpoints for managing signers on a signature request.

Add an individual signer

Adds an individual signer to the SignatureRequest with the ID SR_ID. Use account_email to invite a signer with an existing Skribble account, or signer_identity_data to invite a No-Account-Signer (NAS).

Good to know We recommend combining signer_identity_data and account_email when you are unsure whether the user has a Skribble account. If a matching account exists, the user will find the SignatureRequest in the To sign section of their account on my.skribble.com.

If you invite them using only signer_identity_data, the document will not appear in their Skribble account even if one exists — they will need to access it via the link in their invitation email.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Request Body schema: application/json
required

Request body to add a Signer

One of
sequence
number <int32>
Default: -1

Optional signer sequence.

notify
boolean
Default: true

Whether to send a notification to this signer.

Array of objects (Signer Document to Sign)

Visual signatures to place on the document.

account_email
string <email>

Optional signer account email address.

object (SignerIdentityData)

Optional (no-account) signer identity information.

Responses

Request samples

Content type
application/json
Example
{
  • "account_email": "single-signer@skribble.com",
  • "signer_identity_data": {
    },
  • "document_signatures": [
    ]
}

Response samples

Content type
application/json
{
  • "id": "4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "title": "Example contract",
  • "message": "Please sign this document!",
  • "documents": [
    ],
  • "legislation": "ZERTES",
  • "quality": "QES",
  • "signing_url": "https://my.skribble.com/view/4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "status_overall": "OPEN",
  • "business_id": "biz-42b4c2fb9ee947778ba70bc0698c78f7",
  • "signatures": [
    ],
  • "origin": "API",
  • "observers": [ ],
  • "expiration_date": "2025-11-21",
  • "attachments": [ ],
  • "attach_on_success": [
    ],
  • "custom": "MyCustomvalue1,MyVal2",
  • "owner": "api_demo_example",
  • "read_access": [
    ],
  • "write_access": [
    ],
  • "created_at": "2025-10-08T17:37:03.569Z",
  • "updated_at": "2025-10-08T17:37:03.569Z",
  • "initiated_at": "2025-10-08T17:37:03.569Z",
  • "callback_success_url": "https://mybiz.com/call/success",
  • "callback_error_url": "https://mybiz.com/call/error",
  • "callback_update_url": "https://mybiz.com/call/update",
  • "callback_start_sign_url": "https://mybiz.com/call/start-sign",
  • "callback_ident_error_url": "https://mybiz.com/call/ident-error"
}

Remove an individual signer

Removes an individual signer from the SignatureRequest. Provide the SignatureRequest ID SR_ID and the Signature ID SID of the signer to remove.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

SID
required
string <uuid>
Example: 97db18c8-7ca1-35a2-9726-0b32771e4ac6

Unique ID of the signer

Responses

Signature Observer

Endpoints for managing observers on a signature request.

Add an observer to a signature request

Adds an observer to the specified signature request.

Observers receive email notifications about signing progress and can view documents, but cannot sign them.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Request Body schema: application/json
required

Request body to create a SignatureObserver object

One of
One of
email
required
string <email>

Email address of the user.

type
required
string
Enum: "USER" "GROUP"

Type of observer target.

Value: "USER"

Responses

Request samples

Content type
application/json
Example
{
  • "type": "USER",
  • "user_id": "123"
}

Response samples

Content type
application/json
Example
{
  • "id": "ob_123",
  • "type": "USER",
  • "invited_at": "2026-02-02T12:34:56Z",
  • "invited_by": "admin@example.com",
  • "user_info": {
    }
}

List observers of a signature request

Returns all observers added to the SignatureRequest with the ID SR_ID.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

Get an observer of a signature request

Returns the observer identified by OBSERVER_ID from the SignatureRequest with the ID SR_ID.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

OBSERVER_ID
required
string
Example: ob_123

Unique ID returned when the Signature Observer is created.

Responses

Response samples

Content type
application/json
Example
{
  • "id": "ob_123",
  • "type": "USER",
  • "invited_at": "2026-02-02T12:34:56Z",
  • "invited_by": "admin@example.com",
  • "user_info": {
    }
}

Remove an observer from a signature request

Deletes the observer identified by OBSERVER_ID from the SignatureRequest with the ID SR_ID.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

OBSERVER_ID
required
string
Example: ob_123

Unique ID returned when the Signature Observer is created.

Responses

Signature Attachment

Endpoints for managing attachments on a signature request.

Add an attachment to a signature request

Use this endpoint to provide supplementary documents (for example, Terms & Conditions or appendices) to participants of a SignatureRequest.

Attachments are delivered to participants together with the SignatureRequest.

Content type limits: The Skribble API accepts PDF files, image files, Microsoft Office files, and plain text files.

Allowed content types:

  • application/pdf
  • application/x-tika-msoffice
  • application/x-tika-ooxml
  • application/msword
  • application/vnd.openxmlformats-officedocument.wordprocessingml.document
  • application/vnd.ms-word.document.macroEnabled.12
  • application/vnd.ms-excel
  • application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
  • application/vnd.ms-excel.sheet.macroenabled.12
  • application/vnd.ms-powerpoint
  • application/vnd.openxmlformats-officedocument.presentationml.presentation
  • application/vnd.ms-powerpoint.presentation.macroEnabled.12
  • image/gif
  • image/jpeg
  • image/png
  • text/plain

Content size limits: The maximum size of a single attachment is approximately 40 MB. The maximum request size is 60 MB.

Amount limits: There is currently no limit on the number of attachments per SignatureRequest. Abuse of this service may result in enforced limits.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Request Body schema: application/json
required

Request body to create a SignatureAttachment object

filename
required
string

File name of the attachment.

content_type
required
string

Content type of the attachment. Supported types: application/pdf, application/x-tika-msoffice, application/x-tika-ooxml, application/msword, application/vnd.openxmlformats-officedocument.wordprocessingml.document, application/vnd.ms-word.document.macroEnabled.12, application/vnd.ms-excel, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet, application/vnd.ms-excel.sheet.macroenabled.12, application/vnd.ms-powerpoint, application/vnd.openxmlformats-officedocument.presentationml.presentation, application/vnd.ms-powerpoint.presentation.macroEnabled.12, image/gif, image/jpeg, image/png, text/plain

content
required
string <byte>

Base64 encoded bytes of the attachment.

Responses

Request samples

Content type
application/json
{
  • "filename": "Attachment-1.pdf",
  • "content_type": "application/pdf",
  • "content": "SGVsbG8gd29ybGQh"
}

Response samples

Content type
application/json
{
  • "id": "4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "title": "Sample document",
  • "message": "Please sign this document.",
  • "document_id": "1ff0cf91-6b54-f3bd-bffb-8fcd5e799764",
  • "attachments": [
    ]
}

Get Signature Attachment content

Downloads the content of the attachment identified by ATTACHMENT_ID for the SignatureRequest with the ID SR_ID.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

ATTACHMENT_ID
required
string <uuid>
Example: 8ed33046-3798-8c54-0b13-0820d0d6e121

Unique ID returned when the Signature Attachment is created.

Responses

Remove an attachment from a signature request

Deletes the attachment identified by ATTACHMENT_ID from the SignatureRequest with the ID SR_ID.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

ATTACHMENT_ID
required
string <uuid>
Example: 8ed33046-3798-8c54-0b13-0820d0d6e121

Unique ID returned when the Signature Attachment is created.

Responses

Signature Tracking

Endpoints for tracking signature request status and callbacks.

List and find Signature Requests

Returns all SignatureRequest objects that the current user has sufficient access rights to.

Filter

You can optionally filter results using one or more of the optional parameters.

Filters search for an exact match of the corresponding field value. This means the filter is case-sensitive and will not match partial values. For example, account_email=john.doe@skribble.com will only match a SignatureRequest where the account_email field is exactly john.doe@skribble.com and will not match another.john.doe@skribble.com.

Exception: The search parameter searches for document titles that contain the search term.

Pagination

The result set can be controlled using the optional pagination parameters page_number and page_size, which helps prevent excessively large result sets.

Authorizations:
bearer
query Parameters
account_email
string <email>
Example: account_email=john.doe@skribble.com

Filter on the field signatures[].account_email

search
string
Example: search=text to find

Filter on the field title to search for documents containing the serach term.

signature_status
string (Signature Status Code)
Enum: "DRAFT" "OPEN" "WAITING" "DECLINED" "WITHDRAWN" "SIGNED" "ERROR"
Example: signature_status=SIGNED

Filter on the field signatures[].status_code with one of the valid Signature states

status_overall
string (Signature Status Overall)
Enum: "DRAFT" "OPEN" "DECLINED" "WITHDRAWN" "SIGNED" "ERROR"
Example: status_overall=OPEN

Filter on the field status_overall with one of the valid Signature states

page_number
number >= 1
Example: page_number=1

Page number for pagination. By default pagination is disabled.

page_size
number >= 0
Default: 50
Example: page_size=25

Page size for pagination.

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

List Signature Requests by bulk

Retrieves multiple SignatureRequest objects in a single call.

Provide a JSON array of SignatureRequest IDs in the request body to specify which records to fetch. The response includes only the SignatureRequests that were successfully found. IDs that do not match any existing record are silently ignored.

Authorizations:
bearer
Request Body schema: application/json
required

Array of SignatureRequest IDs to retrieve.

Array
string <uuid>

Responses

Request samples

Content type
application/json
[
  • "abababab-a777-e8e8-e8e8-121212121212",
  • "bbddbbdd-7788-7ee7-a22a-bfbfbfbfbfbf",
  • "cccccccc-1111-2222-3333-444444444444",
  • "dddddddd-dead-beef-cafe-999999999999",
  • "eeeeeeee-aaaa-bbbb-cccc-dddddddddddd",
  • "ffffaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
  • "abababab-1234-5678-9abc-defdefdefdef",
  • "12341234-aaaa-bbbb-cccc-123412341234",
  • "99999999-8888-7777-6666-555555555555",
  • "abcdabcd-abcd-abcd-abcd-abcdabcdabcd"
]

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

Get a Signature Request

Fetches a SignatureRequest by its ID.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Responses

Response samples

Content type
application/json
Example
{
  • "id": "4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "title": "Sample document",
  • "message": "Please sign this document.",
  • "documents": [
    ],
  • "legislation": "ZERTES",
  • "quality": "QES",
  • "signing_url": "https://my.skribble.com/view/4f43614a-de50-bfe1-2df3-4c881fc7840e",
  • "status_overall": "OPEN",
  • "business_id": "biz-5a2aea44ddea4f0531ebcdcbcedf873c",
  • "signatures": [
    ],
  • "origin": "API",
  • "observers": [ ],
  • "attachments": [ ],
  • "owner": "api_demo_example",
  • "read_access": [
    ],
  • "write_access": [
    ],
  • "created_at": "2025-10-15T07:47:01.223Z",
  • "updated_at": "2025-10-15T07:47:01.223Z"
}

Remind Open Signers of a Signature Request

In addition to the automatic signature reminders, manual reminders can also be initiated via the Skribble web application and also via the API.

This allows for greater flexibility in managing signature requests, ensuring that important documents are signed promptly. By using both automatic and manual reminders, you can tailor your approach to suit the specific needs of your users or customers.

Limits

There is an hourly limit on the number of signature reminders that can be sent. This limit ensures that reminders are used responsibly and prevents excessive notifications. Generally, this restriction should not affect you if you use this feature appropriately. By adhering to this limit, you can effectively manage your signature requests without overwhelming your users or customers with frequent reminders.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Responses

Get callback details for a signature request

Returns detailed information about the callbacks associated with a SignatureRequest. Use this endpoint to confirm whether a callback has been executed or to identify errors that occurred during the callback process.

Result

If no callbacks have been triggered yet, the response will be an empty array. Otherwise, it contains an array of callback objects that have already been executed.

Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Seal

Endpoints for applying electronic seals to documents.

Seal a Document with a Legal Entity Signature

Uploads a document and affixes an electronic seal in a single call.

Optionally, a visual signature can also be placed on the document.

The response contains the document_id of the newly created sealed document, which can be used to retrieve it.

Authorizations:
bearer
Request Body schema: application/json
required

Content base64-encoded in a JSON object

content
required
string <byte>

Base64 encoded bytes of the document.

account_name
string

Account name of the seal contract that should be used. If your company own more than one seal and the field account_name is not given or empty, then the first given seal for the API user will be used for sealing.

title
string

Title of the document.

No visual signature (null) or (Visual Signature (Single Position (object) or Multiple Positions (object) or Form Field (object)))

Responses

Request samples

Content type
application/json
Example
{
  • "account_name": "ais_demo_seal",
  • "content": "U29tZUJhc2U2NEVuY29kZWRJbWFnZQ=="
}

Response samples

Content type
application/json
{
  • "document_id": "98ca4eda-11f7-da4a-72da-9db677f38280"
}

SendTo

Endpoints for the Send-To signing flow.

Create a Send-To Request

Starts the signing process by uploading the PDF document content and assigning it a title.

Limited lifetime

Send-To objects and their related Documents and SignatureRequests are only guaranteed for a limited lifetime.

  • A Send-To request that is not claimed by a user — i.e. where a user does not add the document to their list of documents to sign — is deleted automatically after one day.

  • All Send-To objects and their related Documents and SignatureRequest objects, regardless of status, are deleted automatically after 90 days.

Authorizations:
None
Request Body schema:
required

Content can be sent directly as a file or base64-encoded in a JSON object

title
required
string

Title of the document.

content
required
string <binary>

PDF file to upload.

Responses

Request samples

Content type
No sample

Response samples

Content type
application/json
{}

Track a Send-To Request

To call the track endpoint, you must include the value of the access_code field—received when creating the Send-To object—in the request header X-Accesscode.

Authorizations:
None
path Parameters
SEND_TO_ID
required
string <uuid>
Example: d98ae06a-3ae4-5cc5-c0a3-62b05901b84f

Unique ID received when creating the Send-To object

header Parameters
X-Accesscode
required
string <uuid>
Example: 3fa85f64-5717-4562-b3fc-2c963f66afa6

Access code received when creating the Send-To object

Responses

Response samples

Content type
application/json
Example
{
  • "status": "UNCLAIMED",
  • "creator": null,
  • "signers": null
}

Download Send-To Document

To call the download endpoint, you must include the value of the access_code field—received when creating the Send-To object—in the request header X-Accesscode.

The response contains the originally provided PDF document in its current state, which may be signed, declined, withdrawn, or still open for signing. The current status can be retrieved using the track endpoint.

Authorizations:
None
path Parameters
SEND_TO_ID
required
string <uuid>
Example: d98ae06a-3ae4-5cc5-c0a3-62b05901b84f

Unique ID received when creating the Send-To object

header Parameters
X-Accesscode
required
string <uuid>
Example: 3fa85f64-5717-4562-b3fc-2c963f66afa6

Access code received when creating the Send-To object

Responses

Response samples

Content type
No sample

Delete a Send-To Request

To call the delete endpoint, you must include the value of the access_code field—received when creating the Send-To object—in the request header X-Accesscode.

This call deletes the involved Send-To, Document, and SignatureRequest objects regardless of the current Send-To state.

Authorizations:
None
path Parameters
SEND_TO_ID
required
string <uuid>
Example: d98ae06a-3ae4-5cc5-c0a3-62b05901b84f

Unique ID received when creating the Send-To object

header Parameters
X-Accesscode
required
string <uuid>
Example: 3fa85f64-5717-4562-b3fc-2c963f66afa6

Access code received when creating the Send-To object

Responses

User

Endpoints for user information and signature quality queries.

Get Signature Quality Details for a User

Returns the effective signature quality that will be applied when the given username signs a document.

The resulting quality is determined by the combination of the requested quality and legislation, where any matches any legislation.

For example, if you create a SignatureRequest with quality=AES_MINIMAL and legislation=ZERTES, this endpoint will indicate the final quality the user will sign with — typically QES, as AES_MINIMAL upgrades to QES when the user's settings allow it.

Authorizations:
bearer
query Parameters
username
string <email>
Example: username=john.doe@skribble.com

Username to find

Responses

Response samples

Content type
application/json
{
  • "qes": {
    },
  • "aes_minimal": {
    },
  • "aes": {
    },
  • "ses": {
    }
}

Identification

Endpoints for retrieving, checking status, and downloading identification evidence collected during Express QES signing. Requires Express QES identification evidence to be enabled for the business and a completed identification process.

Get Identification Evidence Status

Returns the current status of the identification evidence for the given SignatureRequest and evidence_id.

Requirements:

  • The business must have Express QES identification evidence enabled.
  • The identification process must have been initiated (evidence_id is required, available in signer_identity_data.evidence_id of the SignatureRequest response).
Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

EVIDENCE_ID
required
string
Example: 700580648

Unique ID of the identification evidence record, available in the signer_identity_data.evidence_id field of the SignatureRequest response once identification is complete.

Responses

Response samples

Content type
application/json
{
  • "id": 1,
  • "transactionCode": "700580648",
  • "accountId": 111,
  • "workflowId": 11,
  • "status": "COMPLETED",
  • "pendingReview": null,
  • "createdAt": "2025-08-25T12:26:24.227Z",
  • "expiresAt": "2025-08-26T12:26:24.226Z",
  • "startedAt": "2025-08-25T12:26:27.134Z",
  • "completedAt": "2025-08-25T12:27:58.382Z",
  • "reviewedAt": null
}

Get Identification Evidence JSON

Retrieves the full identification evidence record as JSON for the given SignatureRequest and evidence_id.

Requirements:

  • The business must have Express QES identification evidence enabled.
  • The identification process must be completed (evidence_id is required).
Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

EVIDENCE_ID
required
string
Example: 700580648

Unique ID of the identification evidence record, available in the signer_identity_data.evidence_id field of the SignatureRequest response once identification is complete.

Responses

Response samples

Content type
application/json
{
  • "identFormat": "1.0.0",
  • "transactionCode": "700580648",
  • "initialTransactionCode": "700580648",
  • "status": "COMPLETED",
  • "flaggedAsFraud": false,
  • "forcedManualReview": false,
  • "pidDeleted": false,
  • "createdAt": "2025-08-25T12:26:24.227Z",
  • "updatedAt": "2025-08-25T12:27:58.382Z",
  • "transactionLog": [
    ]
}

Get Identification Evidence Files

Downloads all files related to the identification evidence as a ZIP archive.

Requirements:

  • The business must have Express QES identification evidence enabled.
  • The identification process must be completed (evidence_id is required).
Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

EVIDENCE_ID
required
string
Example: 700580648

Unique ID of the identification evidence record, available in the signer_identity_data.evidence_id field of the SignatureRequest response once identification is complete.

Responses

Get Identification Evidence JWT

Retrieves the signed JWT for the identification evidence. Useful for cryptographic verification or downstream integration purposes.

Requirements:

  • The business must have Express QES identification evidence enabled.
  • The identification process must be completed (evidence_id is required).
Authorizations:
bearer
path Parameters
SR_ID
required
string <uuid>
Example: cccccccc-4a6a-a958-a42e-6ea4172a378b

Unique ID received when creating the Signature Request object

EVIDENCE_ID
required
string
Example: 700580648

Unique ID of the identification evidence record, available in the signer_identity_data.evidence_id field of the SignatureRequest response once identification is complete.

Responses

Response samples

Content type
text/plain
eyJhbGci3R[...]UtMDUifQ.eyJpZGVudEZ[...]MC4wI.NVJJA6z[...]hE5sE85Nko751w

Report

Endpoints for signature activity reporting.

Get signature activities by business

Returns detailed signature activities for your business and its members within a specified date range.

Use these parameters to filter for a specific time range.

Parameter Description Mandatory
start_date The start date of the range to fetch the signature activities. Format: yyyy-MM-dd. yes
end_date The end date of the range to fetch the signature activities. Format: yyyy-MM-dd. yes

Pagination

The result set can be controlled using the optional pagination parameters page and size

Parameter Description Mandatory
page The page number to fetch the signature activities. Must be a positive integer. Default: 1 no
size The size of the page to fetch the signature activities. Must be a positive integer. Default: 25 Maximum: 100 no
sort The sort order of the signature activities. Can be asc or desc. Default is desc. no

Response

The response contains the following information.

General

Field Description
activities Array of activities. See the following subchapter Activities.
total_items Total items to fetch when paginating through all the pages.
total_pages Total pages to fetch when paginating through all the pages.
current_page Current page number.
size Size of the page.

Activities

Field Description
id The ID of the signature activity.
action The action type of a signature activity. Can be signed or sealed.
timestamp The timestamp of the signature activity.
signature_request_id The signature request ID.
cost_center The cost center of the signature paying party. This information might not necessarily be present.
initiator The initiator user of the signature activity. See the following subchapter User.
signer The signer user of the signature activity. See the following subchapter User.

User

Field Description
email The email of the user.
first_name The first name of the user.
last_name The last name of the user.
type The membership status of the user in relation to the business. Can be api, external, member or unknown.
mobile The mobile number of the user.
Authorizations:
bearer
query Parameters
start_date
required
string <date>
Example: start_date=2024-01-01

Start Date to find

end_date
required
string <date>
Example: end_date=2024-01-31

End Date to find

page
number
Default: 1
Example: page=1

Page for pagination.

size
number <= 100
Default: 25
Example: size=50

Page size for pagination.

sort
string
Default: "desc"
Enum: "asc" "desc"
Example: sort=desc

Sort order

Responses

Response samples

Content type
application/json
{
  • "total_pages": 8,
  • "total_items": 377,
  • "current_page": 1,
  • "size": 50,
  • "activities": [
    ]
}

Monitoring

Endpoints for monitoring system health.

System Health

Returns the current health status of the Skribble API. Use this endpoint to monitor system availability and responsiveness.

status:UP indicates that the system is operational.

Authorizations:
None

Responses

Response samples

Content type
application/json
{
  • "status": "UP",
  • "groups": [
    ]
}