Delete

Trigger full hard deletion after webhook receipt.

DELETE /v1/signing-requests/{id}

Triggers full hard deletion of all document data and personal information associated with a signing request. Send this after your platform has durably stored the sealed PDF and audit bundle from the webhook.

When to call DELETE

The expected lifecycle is:

Receive the webhook.
Verify the HMAC signature.
Store the sealed PDF and audit bundle durably.
Return 2xx to NoSign.
Call DELETE on the signing request.

NoSign will not delete on its own until either:

Your platform calls this endpoint explicitly (the primary path), or
The daily retention scheduler fires and finds a request that has been in completed state past its retention window (the safety net).

One delete code path

There is one single delete code path in NoSign — whether triggered by your platform’s explicit DELETE call or by the retention scheduler. Both paths result in the same complete hard deletion.

What gets deleted

The original PDF (stored in local private storage — no S3).
All signer personal data: names, email addresses, IP HMAC hashes, user agent strings.
All intermediate stamped document versions.
The sealed PDF.
All associated queue jobs and delivery state.

What is retained

A PII-scrubbed audit tombstone is retained after deletion. The tombstone records that a signing request with the given ID existed and was completed and deleted, with timestamps, but contains no personal data and no document content.

This tombstone exists so that you can prove a request was handled — without retaining anything about who signed what.

Response

204 No Content on success.

Status	Cause
`401`	Missing or invalid API key
`404`	Signing request not found (already deleted or invalid ID)
`409`	Signing request is still in progress — cannot delete before completion

← Webhooks — events & rotation Developer sandbox