Send a Document for Electronic Signing
Render a signing document and create a VaultESign session to collect legally binding electronic signatures from one or more signers via the centrally hosted signing portal.
This tutorial covers the end-to-end flow for collecting electronic signatures on a VaultPDF-generated document. Signers receive invitation emails and complete signing through the VaultESign portal, hosted on the VaultPDF platform.
Products used: VaultESign
What You'll Need
- A VaultPDF licence with the
vaultESignfeature gate enabled - A PDF template with
signature_blocknodes defined, one per signer role - Signer email addresses and role names that match the template's signature blocks
Signature blocks are layout elements
signature_block nodes in a template are layout placeholders that tell VaultPDF where to inject the seal image. They are not AcroForm fields. See the Field Manifest reference for details.
Step 1: Render the Document
Render the document using /api/render and retain the correlationId and pdfBlobPath from the response.
{
"templateId": "vendor-contract",
"correlationId": "ctr-2026-001",
"documentId": "CTR-2026-001",
"vendorName": "Contoso Supplies Ltd",
"contractDate": "2026-05-30"
}Step 2: Create a Signing Session
POST to /api/esign/session with the correlationId and one signer entry per slot. Each role must match a signature_block role defined in the PDF template.
POST /api/esign/session
Authorization: Bearer <Entra ID JWT>
Content-Type: application/json{
"correlationId": "ctr-2026-001",
"documentId": "CTR-2026-001",
"docType": "vendor-contract",
"signingMode": "sequential",
"expiresInHours": 72,
"signers": [
{
"slotIndex": 0,
"role": "vendor",
"email": "[email protected]",
"namePrefill": "Vendor Contact"
},
{
"slotIndex": 1,
"role": "manager",
"email": "[email protected]"
}
]
}With sequential mode, the vendor receives their invitation first. The manager is notified only after the vendor completes their slot.
Signing portal and email delivery
Invitation emails are sent via Azure Communication Services on the VaultPDF platform. There is no email infrastructure to configure in your environment. The signing portal is centrally hosted; no portal deployment is required.
The response returns a groupId and a portalUrl per signer:
{
"groupId": "grp-xxxx...",
"slots": [
{ "slotIndex": 0, "role": "vendor", "state": "pending" },
{ "slotIndex": 1, "role": "manager", "state": "pending" }
]
}Step 3: Monitor Signing Progress
Query the session state using the groupId:
GET /api/esign/session/{groupId}
Authorization: Bearer <Entra ID JWT>The session moves through pending, in_progress, and sealing to complete as each signer submits their slot.
Step 4: Retrieve the Signed Document
When the session reaches complete, the sealed PDF and evidence certificate are stored in Azure Blob Storage. The evidence certificate contains per-signer records (name, hashed email, IP address, and timestamp), consent statement versions, and the SHA-256 hash of the original rendered PDF.
What Happens Next
The completed signing event is recorded in the VaultLifecycle workspace under the document's correlationId. The Signing tab shows each signer's slot state, activation time, completion time, and consent records.
To automatically deliver the signed PDF to the signer or a third party after completion, use postSealActions with a VaultDelivery configuration when creating the session.
VaultESign Reference
Full reference for signing modes, slot states, OTP configuration, consent model, and the evidence certificate.
Send an Invoice via Secure Delivery
Render an invoice from the Receivables VaultPack and deliver it to a customer through a time-limited secure portal link using VaultDelivery.
Run a Governed Approval Workflow
Use VaultWorkflow to collect structured data from a participant, run schema-driven validation, route to an approver, and seal the final PDF on approval.