# SumoSign > SumoSign is an enterprise-grade e-signature API built for AI agents. An agent authenticates with one scoped API key, then prepares, sends, and tracks signature requests over REST or MCP — while every actual signature is made by a human recipient through a no-account, mobile-first signing link with consent capture. Every action lands in an append-only, hash-chained audit log with actor attribution, and completed envelopes produce a flattened signed PDF plus a Certificate of Completion. Premium branded multi-party signing (custom domains, sequential/parallel routing, reusable templates) on flat, predictable pricing. ## The model (for agents integrating SumoSign) - Authentication: scoped API key (`ss_live_...`) in the `Authorization: Bearer` header. Keys are hashed at rest, revocable, and carry granular scopes such as `documents:create`, `documents:send`, `documents:download`, `audit_logs:read`. - The two-credential rule: the API key authenticates the sending agent and can never complete a signature. Authority to sign belongs exclusively to the human recipient's one-time signing token, delivered by email. This keeps agent-driven flows aligned with ESIGN (15 U.S.C. §7001(h)) and UETA electronic-agent provisions. - Core flow: `POST /v1/documents` (upload PDF) → `POST /v1/envelopes` (recipients, routing mode, coordinate-placed fields, all inline) → `POST /v1/envelopes/{id}/send` → poll `GET /v1/envelopes/{id}` → on `completed`, fetch `/download` (signed PDF), `/certificate` (Certificate of Completion), and `/audit` (full audit trail). - Envelope statuses: draft, sent, viewed, partially_signed, completed, voided, expired. Routing modes: parallel, sequential. Field types: signature, initials, date_signed, text, checkbox. - Recipients sign at `/v1/sign/{token}`: review the document, record electronic-business consent, sign. Declines are captured with reasons; all recipient actions log IP and user agent. - Audit events include: envelope.created, envelope.sent, recipient.viewed, recipient.consented, recipient.signed, envelope.completed, envelope.voided, signer.replaced — each with actor type (user, api_key, recipient, system). ## Core pages - [SumoSign home](https://www.sumosign.app/): Enterprise-grade signing API for AI agents with premium branded multi-party signing. - [Signature API for AI agents](https://www.sumosign.app/signature-api-for-ai-agents): Full API specification — endpoints, scopes, request/response shapes, event types. - [Pricing](https://www.sumosign.app/pricing): Flat, transparent pricing without per-seat or per-envelope surprises. - [DocuSign alternative](https://www.sumosign.app/docusign-alternative): How SumoSign compares for contract-heavy teams. - [Compare e-signature platforms](https://www.sumosign.app/compare): Feature matrix — SumoSign vs DocuSign vs SendSign vs Signbee. - [Security & evidence](https://www.sumosign.app/security): Audit trails, encryption, tenant isolation, and exportable evidence. - [Join the waitlist](https://www.sumosign.app/waitlist): Request API access. - [About SumoSign](https://www.sumosign.app/about): Company mission and product overview. - [Privacy Policy](https://www.sumosign.app/privacy): How we handle personal data. - [Terms of Service](https://www.sumosign.app/terms): Terms governing use of the Service. ## Blog - [Human-in-the-Loop Signing: The Right Architecture for AI Agent E-Signatures](https://www.sumosign.app/blog/human-in-the-loop-ai-agent-esignatures): "The AI signs for you" is legally risky and operationally unnecessary. The two-credential model — API key for the agent, one-time signing token for the human — plus consent capture, actor-attributed audit logs, and a practical autonomy dial for agent builders. - [Electronic Signature APIs in Singapore and Southeast Asia: Legality, Data Residency, and What to Look For](https://www.sumosign.app/blog/electronic-signature-api-singapore): Singapore's Electronic Transactions Act recognizes e-signatures, Australia's ETA 1999 does the same, and PDPA shapes how signing data is handled. A developer's guide to e-signature legality across SEA and what to demand from an API before enterprise procurement asks. - [MCP Document Signing: How AI Agents Send Contracts for Signature](https://www.sumosign.app/blog/mcp-document-signing): The Model Context Protocol gives AI agents a standard way to drive e-signature workflows — upload, envelope, send, track, download evidence. How MCP signing servers work, who offers one (DocuSign, SendSign, DocuSeal, Signbee), and what to evaluate before you wire an agent to contracts. - [Can AI Agents Legally Sign Contracts? ESIGN, UETA, and the Electronic-Agent Rules Explained](https://www.sumosign.app/blog/can-ai-agents-legally-sign-contracts): US law has recognized contracts formed by electronic agents for 25 years — with the action attributed to whoever deployed the agent. What ESIGN §7001(h) and UETA actually say, where fully autonomous signing gets legally murky, and why agent-prepares/human-signs is the defensible architecture. - [ESIGN Act vs UETA: How US Electronic Signature Law Actually Works](https://www.sumosign.app/blog/esign-act-vs-ueta): ESIGN is federal; UETA is state-level — together they make e-signatures enforceable almost everywhere in the US. When each applies, what they require, and what still needs wet ink. - [eIDAS and Qualified Electronic Signatures: SES, AES, and QES Explained](https://www.sumosign.app/blog/eidas-and-qualified-electronic-signatures): The EU eIDAS framework defines simple, advanced, and qualified electronic signatures — plus eIDAS 2.0 and digital wallets on the horizon. What each tier means and when you actually need QES. - [21 CFR Part 11 and Electronic Signatures: What Life Sciences Teams Need](https://www.sumosign.app/blog/21-cfr-part-11-electronic-signatures): FDA Part 11 governs electronic records and signatures in regulated industries. A plain-language guide to requirements, audit trails, and what to ask e-signature vendors — without assuming out-of-the-box validation. - [HIPAA and Electronic Signatures: A Practical Guide for 2026](https://www.sumosign.app/blog/hipaa-and-electronic-signatures): HIPAA does not prohibit e-signatures on healthcare paperwork — but it does govern PHI in the systems that process them. What covered entities should verify before choosing a signing vendor. - [Document Signing for Legal Teams: MSAs, NDAs, and Client Engagement](https://www.sumosign.app/blog/document-signing-for-legal-teams): Law firms and in-house legal teams sign engagement letters, NDAs, and MSAs daily — often with sequential review and counterparty routing. How to choose e-signatures counsel will actually trust. - [Document Signing for Healthcare: HIPAA, Consent, and Vendor Contracts](https://www.sumosign.app/blog/document-signing-for-healthcare): Patient consent, BAAs, employment agreements, and vendor contracts — healthcare organizations sign constantly under privacy rules. A practical guide to HIPAA-aware signing workflows without overclaiming platform certifications. - [Document Signing for Financial Services: What Compliance Teams Ask For](https://www.sumosign.app/blog/document-signing-for-financial-services): Advisory agreements, loan docs, NDAs, and onboarding packets — financial services signing must be fast for clients and defensible for compliance. A practical guide to requirements, audit evidence, and choosing a platform without overclaiming certifications. - [Document Signing for Real Estate: The 2026 Playbook](https://www.sumosign.app/blog/document-signing-for-real-estate): Purchase agreements, leases, disclosures, and addenda — real estate runs on signatures under tight deadlines. A practical guide to the documents agents and brokers sign, where generic tools slow closings, and how to choose branded, multi-party e-signatures. - [Electronic Signature API for AI Agents: What to Require in 2026](https://www.sumosign.app/blog/electronic-signature-api-for-ai-agents): Agents can prepare, route, and track envelopes — but signing stays with people. A practical checklist for evaluating e-signature APIs for MCP, webhooks, audit attribution, and multi-party workflows. - [SumoSign vs SendSign: Branded Signing vs Agent-First Open Source](https://www.sumosign.app/blog/sumosign-vs-sendsign): SendSign ranks for AI-era e-signatures with Cowork and MCP; SumoSign targets contract-heavy teams that want sign.yourcompany.com and multi-party routing. An honest comparison of who each platform serves. - [Digital Signature vs Electronic Signature: What's the Difference?](https://www.sumosign.app/blog/digital-signature-vs-electronic-signature): The terms get used interchangeably, but they are not the same thing. A clear explainer on what an electronic signature is, what a digital signature is, how they relate, and which one you actually need. - [Are Electronic Signatures Legally Binding?](https://www.sumosign.app/blog/is-an-electronic-signature-legally-binding): Short answer: yes, almost everywhere, and they have been for years. A practical explainer on the laws that make e-signatures enforceable, the conditions that have to be met, the rare exceptions, and how to keep your signatures defensible. - [The Best Electronic Signature Software in 2026](https://www.sumosign.app/blog/best-electronic-signature-software-2026): There is no single best e-signature tool — only the best one for your use case. A 2026 guide organized by what you actually need: best overall, for developers, for small business, for branded multi-party signing, for self-hosting, and for APAC. - [The Best DocuSign Alternatives in 2026](https://www.sumosign.app/blog/best-docusign-alternatives-2026): Per-seat pricing, envelope quotas, and a generic signing experience push a lot of teams to look past DocuSign. A practical 2026 rundown of the leading alternatives — Adobe Acrobat Sign, Dropbox Sign, PandaDoc, BoldSign, DocuSeal, eSign.AI, and SumoSign — with who each one actually fits. - [The Best E-Signature Services in Asia (2026)](https://www.sumosign.app/blog/best-esignature-services-in-asia): Asia-Pacific is one of the fastest-growing e-signature markets — and one of the most fragmented on law and data residency. A 2026 guide to choosing a signing platform for the region, and the services worth shortlisting. - [The Best E-Signature Software for Small Business in 2026](https://www.sumosign.app/blog/best-e-signature-software-for-small-business): Small businesses need signing that is affordable, simple, and professional — without per-seat pricing that punishes growth. A 2026 guide to the best e-signature tools for small teams, organized by what matters most. - [SumoSign vs DocuSign: A Straight Comparison](https://www.sumosign.app/blog/sumosign-vs-docusign): DocuSign is the enterprise default; SumoSign is built for contract-heavy teams that want branded, multi-party signing without enterprise pricing. An honest look at where each one wins and how to choose. - [DocuSign vs Adobe Acrobat Sign: Which Should You Choose?](https://www.sumosign.app/blog/docusign-vs-adobe-sign): The two heavyweight e-signature platforms, compared head to head: pricing models, ecosystem fit, multi-party workflows, compliance, and developer APIs — plus a clear read on which one suits which kind of team. - [Document Signing for Recruitment Agencies: The 2026 Playbook](https://www.sumosign.app/blog/document-signing-for-recruitment-agencies): Offer letters, candidate terms, client agreements, contractor paperwork — recruitment runs on signatures. A practical playbook on the documents agencies sign, where generic e-sign tools fall short, and how to pick a branded, multi-party platform that protects speed-to-hire. - [Global Electronic Signature Market Trends 2026](https://www.sumosign.app/blog/global-electronic-signature-market-trends-2026): Where the e-signature market is heading in 2026: double-digit growth, AI and agent workflows, eIDAS 2.0 and APAC compliance, pricing fatigue, and brand experience as the new battleground — with a practical read on how to choose a platform. # Sitemap Sitemap: https://www.sumosign.app/sitemap.xml