How do I Embed E-Signatures in an iFrame?

Send a document via API and get the signing_url Embed the signing_url in an iframe in your app User signs within your application's UI Signed document delivered via email as usual No redirect — user stays in your app

Guide

How to Embed E-Signatures in an iFrame

The signing URL returned by the API can be embedded in your app for a seamless experience.

Steps

1
Send a document via API and get the signing_url
2
Embed the signing_url in an iframe in your app
3
User signs within your application's UI
4
Signed document delivered via email as usual
5
No redirect — user stays in your app

Try it with curl

curl

curl -X POST https://signb.ee/api/send \
  -H "Content-Type: application/json" \
  -d '{
    "content": "# Your Document\n\nContent here...",
    "senderName": "Your Name",
    "senderEmail": "you@email.com",
    "recipientName": "Recipient",
    "recipientEmail": "recipient@email.com"
  }'

Legal validity

Electronic signatures are legally binding under the ESIGN Act (US), eIDAS Regulation (EU), and Electronic Communications Act (UK). Every Signbee document includes a SHA-256 tamper-proof certificate.

More details

Embedding the signing experience in an iframe creates a seamless UX — the user never leaves your application. This is ideal for onboarding flows, checkout processes, and any workflow where a redirect would break the user experience.

Implementation: 1. Your backend calls POST /api/v1/send and receives the signing_url 2. Your frontend renders an iframe with src=signing_url 3. The user reviews and signs within the iframe 4. The iframe posts a message to the parent window when signing completes 5. Your app reacts to the completion event (e.g., advance to next step)

iframe attributes for optimal UX: - allow='camera' (for optional photo ID verification) - style='border:none; width:100%; height:600px' - sandbox='allow-same-origin allow-scripts allow-forms allow-popups'

Security considerations: - The signing_url is single-use and expires after the document is signed - The iframe is served over HTTPS with appropriate CORS headers - The parent window cannot access the iframe content (same-origin policy)

Alternative: WebView embedding For native mobile apps (iOS/Android), use the signing_url in a WebView instead of an iframe. The same URL works in both contexts.

Frequently asked questions

Can I embed the signing experience in my app?

Yes. Use the signing_url returned by the API as the src of an iframe (web) or WebView (mobile). The user signs without leaving your application.

Does the iframe approach affect the legal validity?

No. The signing experience is identical whether accessed directly or embedded. The same SHA-256 certificate, audit trail, and tamper-proof record are generated regardless of how the signing URL is rendered.

Related resources

Use Case

Embedded Signing

Alternative

eSignatures.io Alternative

Compare

eSignatures.io vs Signbee

Blog

White-Label E-Signature API

Blog

SaaS E-Signature Integration

Try Signbee — free, no credit card.

Read the docs Get started free