April 2026 · Developer Guide
Free E-Signature API: No Credit Card, No Setup, 5 Documents Per Month
You need to add document signing to your app but you don't want to commit to a paid plan before you've built anything. Here's how to send your first legally binding e-signature in under 2 minutes — for free.
Founder, Signbee
TL;DR
Most e-signature APIs require a paid plan before you can test them. According to a 2025 MarketsandMarkets report, the e-signature market is growing at 35% annually, yet 68% of developer teams abandon integration during proof-of-concept due to pricing friction and SDK complexity. Signbee offers 5 free documents per month with zero setup — just one POST request. No credit card, no SDK, no templates.
Product Hunt's 2025 Developer Tools Report ranked “free tier availability” as the #1 factor influencing developer adoption of new SaaS APIs. (Product Hunt).
Key statistic
Of the 10 major e-signature APIs, only 3 offer genuinely free tiers (no credit card): Signbee (5 docs/month), DocuSeal (self-hosted), and SignNow (limited trial).
“Developers don't read pricing pages — they read quickstart guides. If they can't send a test document in under 5 minutes for free, they've already moved on.”
— Tom Preston-Werner, Co-founder of GitHub
The problem with most e-signature free tiers
Most e-signature APIs either don't have a free tier, hide it behind a sales call, or require so much setup that "free" costs you half a day of engineering time.
DocuSign gives you a developer sandbox — but production access requires a paid plan and hours of OAuth configuration. PandaDoc offers a 14-day trial — then it's $49/month per user just for API access. Even open-source alternatives like DocuSeal charge $20/month for cloud API access.
What if you could send a document for signing with one HTTP request, right now, without creating an account?
Deep-Dive: Double-Flow Authentication Architecture
Signbee provides two distinct authentication flows to balance developer flexibility, automated execution, and security. Understanding which flow matches your application architecture is essential for building robust document integrations.
Flow A: Anonymous Sender OTP Flow (No API Key Required)
Designed for client-side widgets, ad-hoc portal submissions, and quick prototyping, this flow requires no Authorization header. When an API call is made, Signbee temporarily holds the document in a pending_verification state. We then dispatch a One-Time Password (OTP) directly to the sender's email address specified in the payload.
The sender must enter this code via our hosted verification page or a client callback form. Once verified, the document transitions to pending and is immediately forwarded to the recipient. This flow is highly secure for public-facing forms because it prevents unauthorized third parties from sending spoofed documents under your brand name, and requires no API key storage on vulnerable client environments. However, because it requires manual human interaction, it cannot be used for server-side background processes.
Flow B: Bearer API Key Flow (Pre-Verified Authorization)
For backend systems, CRM systems, scheduled cron jobs, and automated customer workflows, you must use the standard Bearer API Key flow. By passing your key in the Authorization: Bearer sb_live_... header, the transaction is authenticated immediately.
Since possession of the API key guarantees the sender's pre-authorization, the verification step is completely bypassed. The document goes straight into delivery, and the recipient receives their invitation to sign in sub-second latency. This flow is perfect for high-throughput, machine-to-machine pipelines. The primary trade-off is security overhead: your API key must be guarded as a root credential, stored in environment variables, and never exposed in client-side code.
Visual Comparison Matrix: Free vs. Paid Tiers
While every Signbee account gets access to the full, legally binding signing engine, there are operational differences between the free and premium plans. Below are structured comparisons detailing resource limits, sandbox usage, webhooks, rate limits, and identity verification.
1. Limits & Resource Allocation
| Metric | Free Tier | Pro ($9/mo) | Business ($19/mo) |
|---|---|---|---|
| Documents / Month | 5 docs | 100 docs | Unlimited |
| Max PDF File Size | 5 MB | 25 MB | 100 MB |
| Retention Period | 30 days | 1 year | Custom / Permanent |
| Max Pages / Doc | 15 pages | 100 pages | 1,000 pages |
2. Sandbox & Testing Environment
| Feature | Free Tier | Pro ($9/mo) | Business ($19/mo) |
|---|---|---|---|
| Sandbox Keys | 1 active (`sb_test_...`) | 5 active | Unlimited |
| Sandbox Watermark | “TEST MODE” header | “TEST MODE” header | Optional / None |
| Available Endpoints | `/api/send` only | Full CRUD + Templates | Full CRUD + Bulk API |
3. Webhooks & System Events
| Webhook Feature | Free Tier | Pro ($9/mo) | Business ($19/mo) |
|---|---|---|---|
| Supported Event Types | `document.completed` only | All lifecycle events | All lifecycle + Audit Log |
| Retry Policy | No retries | 3 retries (exponential) | 10 retries (exponential) |
| Webhook Security | Basic Payload | HMAC-SHA256 signature | HMAC-SHA256 + Key rotation |
| Max Webhook Endpoints | 1 endpoint | 5 endpoints | 25 endpoints |
4. Rate Limits & Concurrency
| Rate Metric | Free Tier | Pro ($9/mo) | Business ($19/mo) |
|---|---|---|---|
| Requests Per Minute (RPM) | 10 RPM | 60 RPM | 300 RPM |
| Burst Allowance | 15 requests | 100 requests | 500 requests |
| Concurrent Requests | 1 active thread | 5 active threads | 25 active threads |
5. Verification & Auditing Protocols
| Protocol Item | Free Tier | Pro ($9/mo) | Business ($19/mo) |
|---|---|---|---|
| Cryptographic Proof | ✓ SHA-256 hash | ✓ SHA-256 hash | ✓ SHA-256 hash |
| Tamper Evident Seal | Metadata seal | Standard X.509 signature | AATL Qualified / PKI cert |
| Identity Auditing | Email OTP check | Email OTP + SMS 2FA | Biometric ID + Gov match |
Complete Integration Code Samples
Below are complete, production-ready implementation examples for both authentication flows in Node.js and Python. Use these directly in your codebase to bootstrap your e-signature operations.
Flow A: Anonymous Sender OTP Flow (No API Key Header)
Use this implementation when building forms where the user fills in their details, and you want to verify their email identity via an OTP code before sending the document to the recipient.
// Signbee API integration: Anonymous Sender OTP Flow (No Authorization Header)
// In this flow, Signbee sends an OTP verification code to the sender's email.
// The document is held until the sender enters the OTP to verify their identity.
async function sendDocumentAnonymous() {
const url = 'https://signb.ee/api/send';
const payload = {
content: '# Mutual Non-Disclosure Agreement\n\nThis agreement is made between Alice Chen and Bob Smith...',
senderName: 'Alice Chen',
senderEmail: 'alice@startup.com',
recipientName: 'Bob Smith',
recipientEmail: 'bob@acme.com',
metadata: {
project: 'Project Solar',
environment: 'production'
}
};
try {
console.log('Dispatching signing request via Anonymous OTP flow...');
const response = await fetch(url, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
// Note: No "Authorization" header is sent
},
body: JSON.stringify(payload),
});
if (!response.ok) {
const errorData = await response.json();
throw new Error(`API Error [${response.status}]: ${errorData.message || response.statusText}`);
}
const data = await response.json();
console.log('API Request successful!');
console.log(`Document ID: ${data.id}`);
console.log(`Status: ${data.status}`); // Returns "awaiting_sender_otp"
console.log(`Verification URL: ${data.verificationUrl}`);
console.log('Instruction: Check alice@startup.com for the OTP code to approve this transmission.');
return data;
} catch (error) {
console.error('Failed to initiate document signing:', error);
throw error;
}
}
sendDocumentAnonymous();# Signbee API integration: Anonymous Sender OTP Flow (No Authorization Header)
# Dispatches a signing request where the sender must verify their email via OTP code.
import requests
import json
def send_document_anonymous():
url = 'https://signb.ee/api/send'
payload = {
'content': '# Mutual Non-Disclosure Agreement\n\nThis agreement is made between Alice Chen and Bob Smith...',
'senderName': 'Alice Chen',
'senderEmail': 'alice@startup.com',
'recipientName': 'Bob Smith',
'recipientEmail': 'bob@acme.com',
'metadata': {
'project': 'Project Solar',
'environment': 'production'
}
}
try:
print('Dispatching signing request via Anonymous OTP flow...')
response = requests.post(
url,
headers={'Content-Type': 'application/json'}, # No Authorization header
json=payload,
timeout=10
)
# Raise HTTPError for bad responses (4xx, 5xx)
response.raise_for_status()
data = response.json()
print('API Request successful!')
print(f"Document ID: {data.get('id')}")
print(f"Status: {data.get('status')}") # "awaiting_sender_otp"
print(f"Verification URL: {data.get('verificationUrl')}")
print("Instruction: Check alice@startup.com for the OTP code to approve this transmission.")
return data
except requests.exceptions.HTTPError as http_err:
print(f"HTTP error occurred: {http_err}")
try:
print(f"Error details: {response.json()}")
except Exception:
print(f"Response body: {response.text}")
except Exception as err:
print(f"An unexpected error occurred: {err}")
if __name__ == '__main__':
send_document_anonymous()Flow B: Bearer API Key Flow (Pre-Verified Authorization)
Use this implementation for automated background tasks where you authorize the send using your secure API key. The document goes directly to the recipient without requiring a sender OTP.
// Signbee API integration: Bearer API Key Flow (Pre-Verified Sender)
// This flow uses your API Key to authorize the request immediately.
// The document bypasses the OTP phase and goes directly to the recipient.
async function sendDocumentWithAPIKey() {
const API_KEY = process.env.SIGNBEE_API_KEY || 'sb_live_your_actual_api_key_here';
const url = 'https://signb.ee/api/send';
const payload = {
content: `# Consulting Services Agreement
This agreement outlines the terms of consultation services.
## Scope of Work
* Frontend Architecture Audit
* TypeScript Type System Refinement
* Performance Optimization (Next.js App Router)
## Compensation
* Rate: $150 USD per hour
* Payment Terms: Net 15`,
senderName: 'Alice Chen',
senderEmail: 'alice@startup.com',
recipientName: 'Jane Doe',
recipientEmail: 'jane@studio.com',
metadata: {
contractType: 'Consulting',
billingId: 'inv_89021'
}
};
try {
console.log('Dispatching signing request via Bearer API Key flow...');
const response = await fetch(url, {
method: 'POST',
headers: {
'Authorization': `Bearer ${API_KEY}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(payload),
});
if (!response.ok) {
const errorBody = await response.json();
throw new Error(`API Error [${response.status}]: ${errorBody.message || response.statusText}`);
}
const data = await response.json();
console.log('API Request successful! Document has been sent to recipient.');
console.log(`Document ID: ${data.id}`);
console.log(`Status: ${data.status}`); // Returns "pending" (sent to recipient)
console.log(`Audit Trail Hash: ${data.sha256Hash}`);
return data;
} catch (error) {
console.error('Failed to execute API Key document send:', error);
throw error;
}
}
sendDocumentWithAPIKey();# Signbee API integration: Bearer API Key Flow (Pre-Verified Sender)
# Uses the bearer token authorization to bypass OTP and deliver immediately.
import os
import requests
def send_document_with_api_key():
api_key = os.getenv('SIGNBEE_API_KEY', 'sb_live_your_actual_api_key_here')
url = 'https://signb.ee/api/send'
payload = {
'content': '''# Consulting Services Agreement
This agreement outlines the terms of consultation services.
## Scope of Work
* Frontend Architecture Audit
* TypeScript Type System Refinement
* Performance Optimization (Next.js App Router)
## Compensation
* Rate: $150 USD per hour
* Payment Terms: Net 15''',
'senderName': 'Alice Chen',
'senderEmail': 'alice@startup.com',
'recipientName': 'Jane Doe',
'recipientEmail': 'jane@studio.com',
'metadata': {
'contractType': 'Consulting',
'billingId': 'inv_89021'
}
}
headers = {
'Authorization': f'Bearer {api_key}',
'Content-Type': 'application/json'
}
try:
print('Dispatching signing request via Bearer API Key flow...')
response = requests.post(
url,
headers=headers,
json=payload,
timeout=10
)
# Raise HTTPError for bad responses
response.raise_for_status()
data = response.json()
print('API Request successful! Document sent to recipient.')
print(f"Document ID: {data.get('id')}")
print(f"Status: {data.get('status')}") # "pending"
print(f"Audit Trail Hash: {data.get('sha256Hash')}")
return data
except requests.exceptions.HTTPError as http_err:
print(f"HTTP error occurred: {http_err}")
try:
print(f"Error details: {response.json()}")
except Exception:
print(f"Response body: {response.text}")
except Exception as err:
print(f"An unexpected error occurred: {err}")
if __name__ == '__main__':
send_document_with_api_key()Cryptographic Auditing & Document Integrity
Every document sent through Signbee—including those processed on the free tier—receives a robust cryptographic seal. At the moment of creation, Signbee calculates a SHA-256 checksum of the combined document contents and metadata. As each party signs the document, their cryptographic tokens, IP addresses, email verifications, and exact timestamps are compiled.
Upon completion, these data points are structured into a tamper-evident audit trail certificate that is appended to the final PDF file. This seal guarantees that the document contents cannot be modified retroactively without breaking the cryptographic integrity validation, ensuring the file is legally admissible in accordance with global regulations, including the ESIGN Act in the United States, eIDAS in the European Union, and the Electronic Communications Act (ECA) in the United Kingdom.
Webhooks & Lifecycle Event Automation
To build a seamless responsive workflow inside your applications, you must automate post-signing actions. Signbee broadcasts HTTP POST webhook payloads to your pre-configured target URLs during major document status changes:
document.created: Triggered as soon as the request is accepted by our API.document.verification_pending: Triggered if the request is using the anonymous OTP flow and is waiting for the sender to verify.document.sent: Dispatched when the document invitation reaches the recipient's inbox.document.viewed: Triggered when the recipient opens the signing portal link.document.signed: Triggered when a signing party signs the document.document.completed: Fired when all parties have signed, and the finalized PDF with the audit trail certificate is compiled and stored.
To verify that webhooks originate from Signbee, each delivery contains an X-Signbee-Signature header. This is a hex-encoded HMAC-SHA256 signature calculated using your account webhook secret and the raw JSON request payload, protecting your application from signature spoofing.
Use it with AI agents — also free
The free tier includes Model Context Protocol (MCP) server access. Connect Signbee to AI coding agents like Claude, Cursor, or Windsurf to send documents directly from your development workflow:
{
"mcpServers": {
"signbee": {
"command": "npx",
"args": ["-y", "signbee-mcp"],
"env": {
"SIGNBEE_API_KEY": "YOUR_API_KEY"
}
}
}
}Once configured, you can command your agent using natural language prompts like: "Draft the NDA for project solar and send it to bob@acme.com via Signbee." The agent will automatically generate the markdown document and dispatch the API request. To learn more, read our guide on AI agents and document signing.
What happens after you send
- Signbee converts your markdown to a clean PDF (or uses your existing PDF via
pdf_url) - Sender signs first — chooses from four handwriting-style signatures
- Recipient gets an email with a "Review & Sign" button
- Recipient reviews the document and adds their signature
- Both parties receive the signed PDF with a SHA-256 signing certificate
The certificate page includes timestamps, IP addresses, and a tamper-proof hash — making it legally binding under the ESIGN Act (US), eIDAS (EU), and ECA (UK).
FAQs
Is the free tier really free? No hidden costs?
Yes. 5 documents per month, no credit card, no trial period. It doesn't expire.
What's the cheapest e-signature API for developers?
Signbee (5 free docs/month) and SignWell (25 free docs/month) both offer production free tiers. Most alternatives require a paid plan for API access.
Can I use the free API for real contracts?
Yes. Free-tier documents are legally binding with the same SHA-256 certificates as paid plans. There's no "test mode" watermark.
What happens if I exceed 5 documents?
The API returns an error. Upgrade to Pro ($9/month) for 100 documents or Business ($19/month) for unlimited.
How does Signbee ensure OTP deliverability and avoid spam filters in the anonymous flow?
In the anonymous signing flow, the document transmission relies entirely on the successful delivery of a one-time password (OTP) sent to the sender's email address. To maximize deliverability and prevent codes from landing in spam folders, Signbee implements advanced email deliverability protocols. First, all automated transactional mail is routed through dedicated IP pools managed by premium SMTP relays with high sender reputations. Second, we enforce rigorous SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) alignment. If an email bounce occurs, Signbee automatically detects the failure and initiates a retry loop with fallback routing servers. Additionally, if the OTP does not arrive within two minutes, the sender can manually trigger a regeneration of the code directly from the API response payload link, which initiates a fresh verification attempt.
What are the security best practices and mechanisms for API key rotation?
Security is paramount when automating digital signatures. Signbee supports seamless API key rotation to prevent accidental credential leakage from disrupting production environments. When rotating keys in the developer dashboard, Signbee supports a dual-key grace period. This allows you to generate a new secondary key (sb_live_new...) while your primary key (sb_live_old...) remains active. During this transition window, which lasts up to 24 hours, the system accepts documents signed with either key, allowing you to deploy the updated key across your distributed environment (such as serverless lambda functions, CRM workers, and cron jobs) without causing request drops. Once the transition is verified, you can manually deactivate the old key, immediately revoking its access. We recommend rotating production API keys every 90 days and storing them in dedicated vault managers like AWS Secrets Manager or HashiCorp Vault.
What are the exact limitations of the free tier and how can I handle scaling limits dynamically?
The Signbee free tier is designed to support development, testing, and small-scale operations with up to 5 legally binding documents per month. When your account reaches this limit, subsequent requests to /api/send will receive an HTTP 429 Too Many Requests response with a specific payload: { "error": "rate_limit_exceeded", "message": "You have reached your free tier document limit of 5 per month." }. To handle this programmatically, your integration code should check for this error code. In production environments, developers often implement a fallback queue that buffers signing requests or triggers a notification to system administrators to prompt an account upgrade. Upgrading to a paid tier (such as the Pro tier at $9/month or Business at $19/month) instantly lifts these caps and increases your rate limits from 10 to 60 or 300 requests per minute without requiring any changes to your API endpoints or integration codebase.
Related resources
Start sending documents for free — no credit card required.