Authentication Introduction
The BoldSign API requires authentication for all endpoints. Both an OAuth2 bearer token and an API Key are accepted by the API endpoints.
You must have a BoldSign subscription before you can authenticate to the API. All the plan includes access to the sandbox API, including a free plan.
All API requests must be made using HTTPS. Any requests made through plain HTTP will result in failure. Similarly, API requests that do not include authentication will also fail.
Scopes
In the BoldSign API, certain endpoints require one or more scopes or permissions to be accessed.
| BoldSign.Documents.All | Used to grant full control over the document resources. |
| BoldSign.Documents.Write | Used to provide only the write document permission, such as remind, change access, and more. |
| BoldSign.Documents.Delete | Used to grant only the delete document permission, such as delete document. |
| BoldSign.Documents.Create | Used to grant only the create document permission, such as send, embedded request. |
| BoldSign.Templates.All | Used to grant full control to the template resources. |
| BoldSign.Templates.Read | Used to grant only the read template permission, such as a list. |
| BoldSign.Templates.Write | Used to grant only the write template permission. |
| BoldSign.Templates.Delete | Used to grant only the delete template permission for deleting the template. |
| BoldSign.Templates.Create | Used to grant only the create template permission, such as create and embedded create. |
| BoldSign.Users.All | Used to provide complete control over the user resources. |
| BoldSign.Users.Read | Used to grant only the read user permission, such as list, get, etc. |
| BoldSign.Users.Write | Used to grant only the write user permission, such as update, resend, etc. |
| BoldSign.Teams.All | Used to provide complete control over the teams' resources. |
| BoldSign.Teams.Read | Used to grant only the read team permission, such as list, get, etc. |
| BoldSign.Teams.Write | Used to grant only the write team permission, such as update. |
| BoldSign.SenderIdentity.All | Used to grant full control to the sender identity resources. |
| BoldSign.SenderIdentity.Create | Used to grant only the sender identity create permission. |
| BoldSign.SenderIdentity.Read | Used to grant only the read sender identity permission, such as a list. |
| BoldSign.SenderIdentity.write | Used to grant only the write sender identity permission, such as update, resend, etc. |
| BoldSign.SenderIdentity.Delete | Used to grant only the delete sender identity permission to delete the sender identities. |
| offline_access | Used to request refresh token (Supported only in the authorization code flow). |
Sandbox vs Live
| It permits a maximum of 50 API requests per hour. | It offers a higher limit of 2000 API requests per hour. |
| The document created using the sandbox environment will be automatically deleted after 14 days. | The documents created using live environments are never deleted automatically. |
| The generated PDFs will have test watermarks that are not legally valid. | The generated PDFs will have no watermarks, and they are legally valid. |