API — legesis — legesis

Feature 05 / 06 · API

legesis exposes the entire signing surface as a typed REST API, signed webhooks, and an embeddable signing iframe — the same primitives we build on.

Start free →See how it works

Terminal

$ lg envelopes.create

→ creating from template tpl_msa_v3…

→ resolving Salesforce bindings…

✓ sent env_01h9k4xq9 to 2 recipients

latency: 184ms · region: eu-west-1

How it works

Four moves, one tidy trail.

One endpoint to create.

Post a document and a list of recipients, get back an envelope ID and a signing URL. Works equally well for ad-hoc sends and automated workflows.

POST /v1/envelopes

curl https://app.legesis.com/api/v1/envelopes \
  -H "Authorization: Bearer $API_KEY" \
  -d '{
    "documents": [{ "url": "https://..." }],
    "recipients": [{
      "name": "Elena Rivas",
      "email": "elena@atwater.law",
      "role": "signer"
    }]
  }'

Typed webhooks, HMAC-signed.

Fifteen event types, each with a stable JSON schema. HMAC-SHA256 signatures; three-attempt exponential backoff; a replay endpoint for the bad days.

envelope.signed

{
  "id": "evt_01h9k…",
  "type": "envelope.signed",
  "created": 1712923443,
  "data": {
    "envelope_id": "env_01h9k…",
    "signer": "elena@atwater.law",
    "sealed_at": "2025-04-12T14:04:02Z"
  }
}

Drop the iframe in.

Embed the signing experience directly in your product. Inherits your host CSP, passes signing events via postMessage, handles focus and keyboard like a native surface.

Embed

<iframe
  src="https://sign.legesis.com/e/<signing_token>"
  allow="clipboard-write"
  className="h-[720px] w-full"
/>

Events bubble up via postMessage: legesis:sign-complete

SDKs in the languages you use.

TypeScript, Python, Ruby, Go, PHP. All auto-generated from OpenAPI, all idiomatic, all with retries and pagination baked in.

@legesis/node

import { Legesis } from "@legesis/node";

const lg = new Legesis(process.env.LEGESIS_KEY!);

const env = await lg.envelopes.create({
  documents: [{ url }],
  recipients: [{ name, email, role: "signer" }],
});

Proof

Numbers the team actually checks.

Webhook events

All typed and documented

Official SDKs

TS, Python, Ruby, Go, PHP

99.99%

API uptime

Measured over the trailing 90 days

~200ms

P95 latency

Across all regions

Compliance

A platform, not just endpoints.

Every API call is scoped to a workspace and an API key, audit-logged with the same rigour as signing events. Keys are roleable, rotatable, and IP-restrictable. Rate limits are published and generous.

For regulated deployments, we support mTLS authentication, private webhook delivery via AWS PrivateLink, and region-pinned processing (EU, US, APAC) on Enterprise.

How teams use it

Developer platforms

Drop signing into an HR tool, a CRM, a real estate platform. Iframe + webhooks, done in an afternoon.

Automated back-office

Trigger envelopes from closed-won deals. Listen for signed events; flip revenue-recognition flags.

Questions

Before you write it in.

REST with JSON bodies, following the Stripe-style resource-and-verb convention. No custom RPC, no GraphQL layer — intentionally boring so that it's predictable.

Start today

Five free envelopes, no credit card. You can upgrade, downgrade, or walk away — we designed it that way.

Start signing free →Talk to us

No card required · 5 free envelopes · Cancel anytime.

A signing engine you can drop into your own product.