Glossary

Electronic Signature (E-Signature)

An electronic indication of a person's intent to agree to the content of a document. It can take many forms: a typed name, a drawn signature, a click-to-agree button, or a cryptographic digital signature.

Digital Signature

A specific type of electronic signature that uses public-key cryptography to verify the signer's identity and ensure the document has not been tampered with. More secure than a standard electronic signature.

Wet Signature

A traditional handwritten signature made with pen and ink on a physical document. Called 'wet' because the ink needs to dry. Still required for certain legal documents.

Signing Ceremony

The complete process a signer goes through to sign a document electronically: receiving the document, reviewing it, choosing a signature style, and applying their signature.

Signing Link

A unique, secure URL sent to the document recipient that opens the signing ceremony. The link is typically single-use, time-limited, and contains a token that identifies the specific document and signer.

Audit Trail

A chronological record of all actions taken on a document, including who signed, when they signed, from what IP address, and how their identity was verified.

Non-Repudiation

A security property that prevents a signer from denying they signed a document. Achieved through cryptographic evidence (digital signatures, audit trails, timestamps) that proves the signer's identity and intent at the time of signing.

Click-Wrap Agreement

An agreement formed when a user clicks an 'I agree' button or checkbox. Common in software installations, SaaS terms, and app downloads. A type of electronic signature.

ESIGN Act

The Electronic Signatures in Global and National Commerce Act (ESIGN, 2000) is a US federal law that grants electronic signatures and electronic records the same legal validity as paper signatures and documents.

eIDAS Regulation

The EU regulation on electronic identification and trust services (eIDAS, 2014) establishes a legal framework for electronic signatures, seals, timestamps, and delivery services across all EU member states.

Electronic Communications Act 2000 (ECA)

UK legislation that gives electronic signatures legal admissibility in court proceedings. Establishes that electronic signatures can be used as evidence.

UETA (Uniform Electronic Transactions Act)

A US state-level law that provides the legal framework for electronic signatures and records. Adopted by 49 states (all except New York, which has its own equivalent).

Qualified Electronic Signature (QES)

The highest tier of electronic signature under the EU eIDAS Regulation. A QES is created using a qualified signature creation device and based on a qualified certificate issued by a trusted service provider. It has the legal equivalent of a handwritten signature.

Advanced Electronic Signature (AES)

The middle tier of electronic signature under eIDAS. An AES is uniquely linked to the signatory, capable of identifying them, and linked to the data so any change is detectable.

HIPAA (Health Insurance Portability and Accountability Act)

US federal law that sets standards for protecting sensitive patient health information. Any e-signature platform handling Protected Health Information (PHI) — patient consent forms, BAAs, clinical trial agreements — must comply with HIPAA's security and privacy rules.

FERPA (Family Educational Rights and Privacy Act)

US federal law that protects the privacy of student education records. Any e-signature workflow involving enrollment forms, consent documents, or transcript releases at schools receiving federal funding must comply with FERPA's consent and disclosure requirements.

SHA-256

A cryptographic hash function that produces a fixed 256-bit (32-byte) output from any input. Used in e-signing to create tamper-proof document fingerprints that verify document integrity.

Digital Certificate (Signing Certificate)

A cryptographic document that verifies the integrity and authenticity of a signed document. In e-signing, it typically includes a hash of the document content, timestamps, signatory information, and verification methods.

Document Hash

A fixed-length cryptographic fingerprint of a document's contents. If any byte of the document changes, the hash changes completely. Used to detect tampering.

Public Key Infrastructure (PKI)

A framework for managing digital certificates and public-key encryption. PKI enables secure electronic communication and digital signature verification.

Trusted Timestamping

The process of securely recording the date and time when a document was signed, using a trusted third party. Proves that a document existed and was signed at a specific moment.

One-Time Password (OTP) Verification

A method of verifying a signer's identity by sending a temporary code to their email address. The signer must enter the code to proceed with signing.

Model Context Protocol (MCP)

An open standard developed by Anthropic that enables AI agents to connect to external tools and data sources through a standardised interface. MCP servers expose capabilities that AI models can discover and use.

Agent Skill

A packaged capability that AI coding agents can install and use. Unlike MCP servers which provide tools, Agent Skills provide knowledge and instructions that modify agent behaviour.

llms.txt

A proposed convention for websites to publish machine-readable content at /llms.txt. Provides structured information about a service specifically for large language models and AI agents.

Generative Engine Optimization (GEO)

The practice of optimizing content and technical infrastructure so that AI search engines (ChatGPT, Perplexity, Claude) recommend your product. The AI-era equivalent of SEO.

REST API

Representational State Transfer API. An architectural style for web services that uses standard HTTP methods (GET, POST, PUT, DELETE) to perform operations on resources.

API Key

A unique identifier used to authenticate requests to an API. In e-signature APIs, the API key identifies the sender and bypasses manual email verification.

OAuth 2.0

An authorisation framework that allows third-party applications to access an API on behalf of a user without exposing their credentials. Some e-signature providers (notably DocuSign) require OAuth 2.0 for API authentication instead of simple API keys.

Webhook

An HTTP callback that sends a POST request to your server when an event occurs. In e-signing, webhooks notify your application the instant a document is signed, viewed, or declined — replacing the need to poll for status.

Rate Limiting

A mechanism that restricts how many API requests a client can make within a given time window. E-signature APIs enforce rate limits to prevent abuse and ensure service stability. Exceeding the limit returns a 429 Too Many Requests response.

Markdown

A lightweight text formatting language that uses simple syntax (# for headings, ** for bold) to structure documents. Used by Signbee to create contracts without a visual editor.

PDF URL (Bring Your Own PDF)

A feature that allows you to send an existing PDF document for e-signature by providing its URL, instead of generating a PDF from markdown content.

Envelope

A container object used by some e-signature platforms (notably DocuSign) to hold one or more documents, recipients, and signing fields. The envelope is the billable unit — you pay per envelope, not per document.

Batch Signing

The process of sending multiple documents for e-signature in a single automated workflow. Instead of sending one document at a time manually, batch signing uses scripts or API loops to process 10, 100, or 1,000+ documents programmatically.

Document Expiry

A time limit after which a signing link becomes inactive and the document can no longer be signed. Expiry periods are configurable and typically range from 7 to 90 days. After expiry, the sender must resend the document to generate a new signing link.

White-Label Signing

An e-signature implementation where the signing experience is fully branded as your own product. The signer sees your logo, your domain, and your colours — never the underlying e-signature provider's branding.