NibSign
Legal

NibSign API

Last updated: v1

The NibSign REST API lets you send documents for signature, check status, and download the final signed PDF directly from your application.

Base URL & authentication

All requests are made over HTTPS to https://nibsign.com/api/public/v1. Authenticate by sending an API key in the Authorization header. Create keys under Settings → API keys.

Authorization: Bearer nbs_live_xxxxxxxxxxxxxxxx

Create a document

POST /documents uploads a PDF (base64), attaches one or more signers, and returns the new document id.

curl https://nibsign.com/api/public/v1/documents \
  -H "Authorization: Bearer $NIBSIGN_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Mutual NDA",
    "filename": "nda.pdf",
    "file_base64": "JVBERi0xLjQK...",
    "signing_mode": "any_order",
    "sender_signs": false,
    "signers": [
      { "name": "Jane Doe", "email": "jane@acme.com" },
      { "name": "John Roe", "email": "john@beta.io" }
    ]
  }'

Response (HTTP 201):

{
  "id": "d1f0...",
  "status": "draft",
  "title": "Mutual NDA",
  "signers": [
    { "id": "...", "name": "Jane Doe", "email": "jane@acme.com", "signing_order": 1 },
    { "id": "...", "name": "John Roe", "email": "john@beta.io", "signing_order": 2 }
  ],
  "created_at": "2026-06-26T17:00:00Z"
}

Send for signature

POST /documents/{id}/send flips the document to sent and dispatches the signer invitation emails.

curl -X POST https://nibsign.com/api/public/v1/documents/d1f0.../send \
  -H "Authorization: Bearer $NIBSIGN_KEY"

Response:

{ "sent": 2, "total": 2, "errors": [] }

Get document status

GET /documents/{id} returns the current status, per-signer state, and — once complete — a short-lived signed download URL for the finished PDF.

curl https://nibsign.com/api/public/v1/documents/d1f0... \
  -H "Authorization: Bearer $NIBSIGN_KEY"

Response:

{
  "id": "d1f0...",
  "title": "Mutual NDA",
  "status": "completed",
  "signing_mode": "any_order",
  "sender_signs": false,
  "sent_at": "2026-06-26T17:01:00Z",
  "completed_at": "2026-06-26T17:30:00Z",
  "signers": [
    { "id": "...", "email": "jane@acme.com", "status": "signed", "signed_at": "..." },
    { "id": "...", "email": "john@beta.io", "status": "signed", "signed_at": "..." }
  ],
  "signed_download_url": "https://.../signed.pdf?token=..."
}

Errors

The API returns standard HTTP status codes. 401 = missing/invalid key, 404 = unknown document (or not in your workspace), 409 = document blocked by internal approval, 413 = file exceeds 25 MB, 422 = invalid payload. Errors include a JSON body with an error message.

Rate limits & security

Keys are scoped to the workspace they were created in and inherit the permissions of an owner. Revoke keys immediately from the dashboard if compromised. Treat keys like passwords and never embed them in client-side code.