DocuSign API: Generating an embedded signing URL with specific expiration

Navigating DocuSign’s API for Secure Embedded Signing

In the evolving landscape of digital agreements, businesses increasingly rely on electronic signature platforms to streamline workflows while ensuring security and compliance. DocuSign, a leader in this space, offers robust API capabilities that allow developers to integrate signing processes directly into applications. One key feature is generating embedded signing URLs, which enable users to sign documents without leaving the host application. This article explores how to implement this using DocuSign’s API, with a focus on setting specific expiration times for enhanced control. From a business perspective, such integrations can reduce friction in customer onboarding and contract execution, potentially boosting conversion rates by up to 30% according to industry benchmarks.

The Role of Embedded Signing in Modern Business Processes

Embedded signing allows documents to be presented within an iframe or web view, creating a seamless user experience. Unlike remote signing, where recipients access links via email, embedded signing is ideal for in-app scenarios like sales portals or HR systems. DocuSign’s API supports this through its eSignature REST API, enabling programmatic control over the signing ceremony. Businesses value this for its ability to maintain brand consistency and gather real-time completion events.

Setting an expiration on these URLs adds a layer of security, preventing unauthorized access after a defined period. This is particularly useful in high-stakes industries like finance or legal, where time-sensitive documents must be protected against replay attacks or indefinite exposure.

Comparing eSignature platforms with DocuSign or Adobe Sign?

eSignGlobal delivers a more flexible and cost-effective eSignature solution with global compliance, transparent pricing, and faster onboarding.

👉 Start Free Trial

Implementing DocuSign API for Embedded Signing URLs

To generate an embedded signing URL with a specific expiration, developers must authenticate via OAuth 2.0 and interact with DocuSign’s Envelopes API. This process involves creating an envelope, preparing it for signing, and then retrieving a transient URL for embedding. From a commercial standpoint, mastering this can lower operational costs by automating manual follow-ups and integrating with CRM tools like Salesforce.

Step 1: Authentication and Envelope Creation

Begin by obtaining an access token using DocuSign’s JWT or Authorization Code Grant flow. This token grants API access for up to 8 hours, after which it must be refreshed.

Use the /accounts/{accountId}/envelopes endpoint to create an envelope. Here’s a sample request in JSON format via POST:

{
  "emailSubject": "Please sign this document",
  "documents": [
    {
      "documentBase64": "base64-encoded-document-content",
      "name": "Agreement.pdf",
      "fileExtension": "pdf",
      "documentId": "1"
    }
  ],
  "recipients": {
    "signers": [
      {
        "email": "signer@example.com",
        "name": "John Doe",
        "recipientId": "1",
        "routingOrder": "1"
      }
    ]
  },
  "status": "sent"
}

This creates a basic envelope with a single signer. The status: "sent" initiates the workflow immediately.

Step 2: Adding Signing Fields and Embedded Recipient

For embedded signing, designate the recipient as embedded by including clientUserId and authentication details. Update the recipient:

"signers": [
  {
    "email": "signer@example.com",
    "name": "John Doe",
    "recipientId": "1",
    "routingOrder": "1",
    "clientUserId": "unique-client-id-123",
    "userId": "signer-user-id",
    "authenticationMethod": "none",  // Or "email" for added security
    "embedUrlEvents": {
      "url": "https://your-app.com/return-url"
    }
  }
]

The clientUserId ties the session to your application, ensuring the signer is authenticated within your environment.

Next, define signing fields using the /envelopes/{envelopeId}/recipients/{recipientId}/tabs endpoint. For a simple signature field:

{
  "signHereTabs": [
    {
      "documentId": "1",
      "pageNumber": "1",
      "xPosition": "100",
      "yPosition": "200",
      "width": "200",
      "height": "50",
      "recipientId": "1"
    }
  ]
}

This places a signature tab on the document.

Step 3: Generating the Embedded Signing URL with Expiration

The core step is calling the /accounts/{accountId}/envelopes/{envelopeId}/views/recipient endpoint to get the signing URL. Specify the returnUrl for post-signing redirection and set expiration via query parameters or envelope settings.

Sample GET request:

GET /accounts/{accountId}/envelopes/{envelopeId}/views/recipient?email=signer@example.com&userName=John%20Doe&returnUrl=https://your-app.com/complete

The response includes a url field with the embedded signing link, valid for a default of 5 minutes. To customize expiration, use the envelope’s expireAfter property during creation (in days) or leverage the API’s expireEnabled and expireAfterDays in advanced configurations. For granular control, integrate with DocuSign’s Event Notifications to monitor and revoke access post-expiration.

In code (Python example using requests library):

import requests

headers = {
    'Authorization': f'Bearer {access_token}',
    'Content-Type': 'application/json'
}

# Create envelope (as above)
envelope_response = requests.post(f'{base_url}/envelopes', json=envelope_data, headers=headers)
envelope_id = envelope_response.json()['envelopeId']

# Get embedded URL
url_params = {
    'email': 'signer@example.com',
    'userName': 'John Doe',
    'returnUrl': 'https://your-app.com/complete'
}
url_response = requests.get(f'{base_url}/envelopes/{envelope_id}/views/recipient', params=url_params, headers=headers)
signing_url = url_response.json()['url']

This URL can now be embedded in an iframe: <iframe src="{signing_url}" width="100%" height="600px"></iframe>. The expiration ensures the link deactivates after the set time, typically enforced server-side to prevent tampering.

Best Practices and Business Considerations

From a business observation, implementing expiration reduces liability in regulated sectors. Monitor API usage via DocuSign’s dashboard to avoid quota limits—Starter plans cap at 40 envelopes/month, while Advanced offers more for $5,760/year. Test in sandbox mode to ensure compliance with ESIGN/UETA in the US or eIDAS in the EU. Common pitfalls include mismatched clientUserId, leading to authentication failures, or overlooking returnUrl for user flow continuity.

Businesses report that embedded signing with expirations can cut signing time by 50%, enhancing customer satisfaction. However, API costs scale with volume, making it essential to evaluate against alternatives for cost-efficiency.

Comparing Leading eSignature Platforms

When selecting an eSignature solution, factors like API flexibility, pricing, and regional compliance play pivotal roles. Below is a neutral comparison of DocuSign, Adobe Sign, eSignGlobal, and HelloSign (now Dropbox Sign), based on public data as of 2025. This table highlights key differentiators for informed decision-making.

This comparison underscores how DocuSign excels in enterprise integrations but at a premium, while others offer value in specific niches.

DocuSign stands out for its mature API ecosystem, powering embedded signing in thousands of applications worldwide. Its Developer plans range from $600/year for basics to custom enterprise options, emphasizing scalability for high-volume businesses.

Adobe Sign integrates deeply with creative and document workflows, offering embedded signing through its API with expiration options tied to envelope lifecycles. Pricing starts higher but bundles with Acrobat for PDF-heavy users.

eSignGlobal provides compliant eSignature across 100 mainstream global countries, with a strong edge in the Asia-Pacific (APAC) region. APAC’s electronic signature landscape features fragmentation, high standards, and strict regulations, contrasting with the more framework-based ESIGN/eIDAS in the West. APAC demands “ecosystem-integrated” approaches, including deep hardware/API integrations with government digital identities (G2B), far exceeding email or self-declaration methods common in the US/EU. eSignGlobal competes head-on with DocuSign and Adobe Sign through affordable pricing—its Essential plan at $16.6/month allows sending up to 100 documents, unlimited user seats, and access code verification for signatures. It seamlessly integrates with Hong Kong’s iAM Smart and Singapore’s Singpass, ensuring regional compliance at a fraction of competitors’ costs.

Looking for a smarter alternative to DocuSign?

eSignGlobal delivers a more flexible and cost-effective eSignature solution with global compliance, transparent pricing, and faster onboarding.

👉 Start Free Trial

HelloSign, rebranded as Dropbox Sign, prioritizes simplicity in its API for embedded URLs, with expiration handled via document settings. It’s cost-effective for small teams but lacks the depth of DocuSign’s automation.

Conclusion: Choosing the Right Fit for Your Business

In summary, DocuSign’s API for generating embedded signing URLs with specific expirations offers powerful control for secure, integrated workflows. Businesses should weigh API maturity against total ownership costs and regional needs. For those prioritizing APAC compliance, eSignGlobal emerges as a neutral, regional-optimized alternative to DocuSign.