Authentication Introduction

The BoldSign API requires authentication for all endpoints. Both an OAuth2 bearer token and an API Key are accepted by the API endpoints.

You must have a BoldSign subscription before you can authenticate to the API. All the plan includes access to the sandbox API, including free plan.

All API requests must be made using HTTPS. Requests made via plain HTTP will fail. API requests that do not include authentication will also fail.

Scopes

In the BoldSign API, certain endpoints require one or more scopes or permissions to be accessed.

ScopeDescription
BoldSign.Documents.AllUsed to grant full control to the document resources.
BoldSign.Documents.WriteUsed to grant only the write document permission, such as remind, change access, etc.
BoldSign.Documents.DeleteUsed to grant only the delete document permission, such as delete document.
BoldSign.Documents.CreateUsed to grant only the create document permission, such as send, embedded request.
BoldSign.Templates.AllUsed to grant full control to the template resources.
BoldSign.Templates.ReadUsed to grant only the read template permission, such as list.
BoldSign.Templates.WriteUsed to grant only the write template permission.
BoldSign.Templates.DeleteUsed to grant only the delete template permission to delete the template.
BoldSign.Templates.CreateUsed to grant only the create template permission, such as create and embedded create.
BoldSign.Users.AllUsed to grant full control to the user resources.
BoldSign.Users.ReadUsed to grant only the read user permission, such as list, get, etc.
BoldSign.Users.WriteUsed to grant only the write user permission, such as update, resend, etc.
BoldSign.Teams.AllUsed to grant full control to the teams resources.
BoldSign.Teams.ReadUsed to grant only the read team permission, such as list, get, etc.
BoldSign.Teams.WriteUsed to grant only the write team permission, such as update.
BoldSign.SenderIdentity.AllUsed to grant full control to the sender identity resources.
BoldSign.SenderIdentity.CreateUsed to grant only the sender identity create permission.
BoldSign.SenderIdentity.ReadUsed to grant only the read sender identity permission, such as list.
BoldSign.SenderIdentity.writeUsed to grant only the write sender identity permission, such as update, resend, etc.
BoldSign.SenderIdentity.DeleteUsed to grant only the delete sender identity permission to delete the sender identities.
offline_accessUsed to request refresh token (Supported only in the authorization code flow).

Sandbox vs Live

header1header2
The document created using the sandbox environment will be automatically deleted after 14 days.The documents created using live environments are never deleted automatically.
The generated PDFs will have test watermarks that are not legally valid.The generated PDFs will have no watermarks, and they are legally valid.