Signly logo Signly Docs
Menu
ES Quickstart Partner API Webhooks Guides Releases Data Export Go to app

Partner integration quickstart

Recommended

Configure an M2M credential from the Signly app, validate partner headers, and publish your first document with active webhooks.

This documentation is for M2M integrations. The `/v1/auth/login` and `/v1/auth/token/refresh` endpoints belong to the Signly App frontend and must not be used by third-party integrations.

Minimum path to go live

01

Enable Apps & Keys in the app

A tenant administrator creates the partner credential from Administration > Apps & Keys. The UI currently enables `KEY` or `HMAC`.

02

Store tenant and secret

Your integration always sends `X-Tenant-Signly` and `X-Auth-Signly`. Do not use browser cookies or app sessions.

03

Publish or reuse a template

Create a template, upload the PDF through a signed URL, and version changes whenever fields or structure are updated.

04

Create the document

Send participants, policies, signing order, and deadline. The backend returns the document and its initial state.

05

Listen to events

Configure webhooks to react to start, OTP, biometric, signature, and completion events without relying on polling.

First partner request

With an active credential you can validate connectivity by listing tenant documents.

First partner request 
curl -X GET "https://api.signly.apologs.com/v1/documents?limit=10" \
  -H "X-Tenant-Signly: tenant_58bff266" \
  -H "X-Auth-Signly: sk_live_partner_abc123"

Correct collection to document

The public reference must start from `SIGNLY_PARTNER`. The `SIGNLY` collection belongs to the web frontend BFF and must not be used as the basis for an M2M integration.

Correct collection to document 
SIGNLY_PARTNER
├─ /v1/documents
├─ /v1/templates
└─ /v1/events/{processId}

SIGNLY
└─ BFF del front web de Signly App
   ├─ /v1/oauth/login
   ├─ /v1/auth/token/refresh
   └─ endpoints de sesion y UI interna

Checklist before production

  • Define who creates and rotates the partner credential inside your tenant.
  • Protect `X-Auth-Signly` as a server secret. Do not expose it in browsers or mobile apps.
  • Use webhooks as the primary synchronization channel and keep `GET /v1/documents/{documentId}` for targeted lookups.
  • If you work with enterprise or recurring customers, coordinate onboarding support with the Signly team before go-live.

Guided support

Technical implementation support is coordinated for active accounts with onboarding or enterprise customers. If your team needs architecture or production-readiness guidance, escalate the case through the official channel.