13 documented capabilities, four corners of the product.
Browse every DocSign feature with a dedicated page covering the design, the flow, and the security trade-offs. If you're building against the API, the developer docs hub stitches the same content into copy-paste integration snippets.
Keys & crypto
Authentication
Email-confirmed keys
Every new public key is tied to a one-time email link before it can sign anything.
Business verification (KYB)
Verify companies across 15+ jurisdictions with per-country field maps, free registry lookups, and sanctions screening.
Identity verification (KYC)
Optional ID document + selfie check that promotes signatures from cryptographic to legally meaningful.
Tamper-evident audit log
Every security-relevant event is recorded with user, action, IP, user-agent, and timestamp.
Two-factor authentication (TOTP)
RFC 6238 TOTP with QR enrolment, 8 single-use recovery codes, and email-link reset.
Random-positions PIN login
After password, DocSign asks for three random positions of your PIN โ the UK-bank pattern.
Documents & signing
Signing requests
Hand someone a one-time link; their browser signs and the signature lands in your app via webhook.
Public signature verification
Anyone with the signed payload + public key can verify a signature โ no login, no account.
Public + private document sharing
Toggle a document between unguessable QR-shareable URL and email-invite-only.
For developers
Cryptographic-proof login
Partner sites get an Ed25519 signature over their nonce โ stronger than 'they were logged in just now'.
Sign in with DocSign (OIDC)
Standard OAuth 2.0 + OpenID Connect 1.0 provider with PKCE, refresh-token rotation, and a signing:proof scope.
API keys + HMAC webhooks
Bearer-authed REST API for backends; every outbound webhook is HMAC-SHA-256-signed.