How do I Set Up E-Signature Webhooks?

Create an HTTPS endpoint on your server to receive POST requests Register your webhook URL with the e-signature provider Parse incoming JSON payloads for event type and document data Verify the HMAC signature header to confirm authenticity Return 200 within 5 seconds and process the event asynchronously

Guide

How to Set Up E-Signature Webhooks

Webhooks notify your application the instant a document is signed — no polling needed. Here's how to set up webhook listeners for e-signature events.

Steps

1
Create an HTTPS endpoint on your server to receive POST requests
2
Register your webhook URL with the e-signature provider
3
Parse incoming JSON payloads for event type and document data
4
Verify the HMAC signature header to confirm authenticity
5
Return 200 within 5 seconds and process the event asynchronously

Try it with curl

curl

curl -X POST https://signb.ee/api/send \
  -H "Content-Type: application/json" \
  -d '{
    "content": "# Your Document\n\nContent here...",
    "senderName": "Your Name",
    "senderEmail": "you@email.com",
    "recipientName": "Recipient",
    "recipientEmail": "recipient@email.com"
  }'

Legal validity

Electronic signatures are legally binding under the ESIGN Act (US), eIDAS Regulation (EU), and Electronic Communications Act (UK). Every Signbee document includes a SHA-256 tamper-proof certificate.

More details

Without webhooks, you're stuck polling — repeatedly asking 'is it signed yet?' every few minutes. This is wasteful, unreliable, and doesn't scale.

Webhooks flip the model: the e-signature provider pushes events to your server the moment something happens. Your application reacts in real-time.

Common webhook events: - document.sent — document was sent to the recipient - document.viewed — recipient opened the signing link - document.signed — recipient completed signing - document.declined — recipient refused to sign - document.expired — signing deadline passed without completion

Webhook security checklist: 1. HTTPS only — never accept webhooks over HTTP 2. Verify HMAC signature — confirm the webhook is genuinely from the provider 3. Respond with 200 within 5 seconds — process async to avoid timeouts 4. Make handlers idempotent — webhooks may be retried 5. Log all received events for debugging

What to do when a document is signed: - Update your CRM (mark deal as 'signed') - Trigger onboarding workflows (start employee setup) - Process payment (charge the card on file) - Notify internal team (Slack, email) - Archive the signed document (S3, Google Drive)

Provider comparison: - Signbee: Register URL, receive events with HMAC headers - DocuSign: 'Connect' system, requires dashboard configuration - HelloSign: Callback URLs configured per API app

Frequently asked questions

What is a webhook in e-signatures?

A webhook is an HTTP callback that sends a POST request to your server when an event occurs — like a document being signed. It replaces polling and delivers events in real-time (within 1-5 seconds).

Do I need webhooks for basic signing?

No. For simple use cases, the signed PDF is delivered by email to both parties automatically. Webhooks are for applications that need to trigger automated workflows when signing events occur.

How do I verify webhook authenticity?

Check the HMAC signature in the request headers. Compute the HMAC of the request body using your webhook secret and compare it to the provided signature. This prevents attackers from sending fake events.

Related resources

Glossary

Advanced Electronic Signature (AES)

Glossary

Digital Signature

Alternative

eSignatures.io Alternative

Blog

10 Best E-Signature APIs (2026)

Try Signbee — free, no credit card.

Read the docs Get started free