Embedded Requesting Walkthrough
Embedded Requesting allows you to have users create and send signature requests on your site in an iFrame using hellosign-embedded, Dropbox Sign's official client-side library. The documentation below describes requirements and setup steps for the embedded requesting flow.
Preliminary
Please complete the steps below before following along with the content.
- Create an API app (login required)
Note
skipDomainVerification to embed requests created using test_mode.- Save your API app's Client ID and API Key, which you'll need to use this feature.
Try Dropbox Sign Embedded
To get a feel for how our Dropbox Sign Embedded library works, you can use our Embedded Testing Tool to quickly test any of our Embedded flows without having to write a single line of JavaScript.
You can request a sample document, or use the customedit_url that you'll generate in the Server Side section below.Server Side
The very first step is to create a "draft" signature request from the backend using our API. You must decide what you want to happen after the signature request is sent by your user. By default, Dropbox Sign will send an email to the signers and ask them to come to hellosign.com to sign and complete the document(s):
- Payload
- PHP
- C#
- JavaScript
- TypeScript
- Java
- Ruby
- Python
- cURL
{- "client_id": "b6b8e7deaf8f0b95c029dca049356d4a2cf9710a",
- "requester_email_address": "jack@dropboxsign.com",
- "test_mode": true
}is_for_embedded_signing parameter. This will instruct Dropbox Sign to NOT email the signers and will allow you to decide when and how to display the embedded signing iFrame on your site.In the aforementioned scenario, you will need to retrieve the signature url after the request has been sent using /embedded/sign_url. See the embedded signing walkthrough to learn how to construct the embedded signing page from that point on.
Note
signers and cc_email_addresses parameters. See the /unclaimed_draft/create_embedded documentation for more info.claim_url from the JSON response. The claim_url is passed to the Client Side to use in Dropbox Sign Embedded's open() method.Client Side
We provide a client-side library that handles the authorization and display of the embedded request using an iFrame. You can use this feature by adding a few lines of JavaScript code.
If you are using a modern module bundler with npm, simply installhellosign-embedded.npm install hellosign-embeddedIf you are not using a modern module bunder like npm, our library can be downloaded manually, compiled from source, or imported from our CDN.
In your app, import thehellosign-embedded module, instantiate a new client, then invoke open() with your claimUrl and API client ID. Note that we're using skipDomainVerification when calling this method. You can learn more about that in the Domain Restriction section below.import HelloSign from 'hellosign-embedded';
const client = new HelloSign();
client.open(claimUrl, {
clientId: 'Your API client ID',
skipDomainVerification: true,
});Note
<head> to avoid unexpected behavior on small screens. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">open():| Name | Type | Description |
|---|---|---|
requestingEmail | string | The email of the account issuing the signature request. Note: This option is only necessary for 'Me and Others' type signature requests. Example: { |
locale | string | The locale code that will be used to determine which language the embedded request will be displayed in. For a list of Dropbox Sign's supported languages, visit our Languages page. If no locale is specified Dropbox Sign will attempt to determine the user's preferred language by their browser settings or fall back to English. Note: Czech ( CS_CZ) is only supported by Embedded Signing. Example: { |
redirectTo | string | Where the user will be redirected after sending the signature request. Example: { |
allowCancel | boolean | Whether the user should be able to close the iFrame without finishing the request. Default: true. Example: { |
debug | boolean | Allows debug output to print to the console. Default: false.For even more detailed debug output, run localStorage.debug = 'hellosign-embedded:*'; in your developer console and refresh the page. Example: { |
skipDomainVerification | boolean | Whether or not to skip the domain verification step. Default: false.Note: This will only be honored if the signature request was created with test_mode=1. Example: { |
timeout | number | How long (in milliseconds) to wait for the app to initialize before aborting. Default: 30000 (30 seconds). Example: { |
container | HTMLElement | By default a modal will be opened, but by specifying container you can choose a DOM element on the page in which the iFrame will be embedded. Example: { |
Additional Notes
App Approval
In order to ensure that integrations adhere to eSignature regulations and best practices, an app approval is needed prior to moving into production for all customers implementing embedded signing, embedded requesting, embedded templates, and OAuth workflows.
Note
You will still be able to use your app in test mode until it gets approved. Only live/production activity requires approval.
Please refer to the App Approval Section for more detailed information about getting your app approved.
Domain Restriction
When the iFrame is loaded, it will verify the domain of the parent window and ensure it matches the domain name of the API app specified by the client ID. If the domain does not match, the page won't be loaded.
You can disable domain restriction for easier development:
client.open(signUrl, {
// ...
skipDomainVerification: true
});localhost. See the documentation for open() method in the section above.HTTPS Required
The host page must be served over HTTPS. The iFrame is also loaded over HTTPS, and due to browser security restrictions it will not be able to communicate with the parent window if it is not HTTPS. This communication is required to enable features such as iFrame callbacks and closing the iFrame.
To make development easier, the page will still load if the parent window is served over HTTP, however an alert will be displayed to notify you of this requirement. Switch to HTTPS to prevent this alert from being displayed.
Redirection
If a redirect url is specified, the iFrame will redirect users to it after they send the document(s). Data from thesend event will be appended to the url query string.Text Tags
The embedded functionality can be used in conjunction with Dropbox Sign Text Tags.
Client Side Events
There are a number of events that the client may emit. To listen to these events, pass the event name and a callback function toon(). An string enumeration of available events can also be found under HelloSign.events.client.on('sign', (data) => {
console.log('The document has been signed!');
console.log('Signature ID: ' + data.signatureId);
});Here are a list of possible events:
| Event | Description | Data |
|---|---|---|
send | Emitted when the user sends the signature request. | { |
open | Emitted when the embedded window has opened. | { |
cancel | Emitted when the signature request was canceled by the user by either pressing the close button or selecting "close" from the dropdown list. | |
finish | Emitted when the user has finished the embedded signature request flow without cancelling. However, the user may have declined or reassigned the signature request. | |
message | Emitted when embedded has received a cross-origin window message from the app. | { |
close | Emitted when the window has closed. | |
error | Emitted when the app encounters an error. | { |