The flow

The core signing ceremony from POST to hard delete.

The entire NoSign lifecycle is a linear pipeline. Your platform triggers it, signers complete it, your platform receives and stores the result, then explicitly deletes everything.

Pipeline overview

Your platform / API
   │  POST signing request
   │  (PDF + signers + coords)
   ▼
NoSign
   │  returns signing_url (#1)
   ▼
You deliver the link
   ▼
Signer  (NoSign-hosted)
   1. verify email (OTP/link)
   2. view the full PDF
   3. accept consent (verbatim)
   4. draw signature
   5. sign fields → submit
   ↳ multi-signer: next emailed
   ▼
NoSign seals the PDF
   (PAdES-B-T + RFC3161)
   ▼
   │  HMAC-signed webhook:
   │  sealed PDF + audit bundle
   ▼
Your platform stores → 2xx
   ▼
   │  DELETE signing request
   ▼
NoSign hard-deletes everything
   (PII-scrubbed tombstone kept)

Steps in detail

POST — create the signing request

Your platform POSTs a base64-encoded PDF, a callback_url, and an ordered list of signers. Each signer carries their name, email, and the resolved field coordinates (page, x, y, w, h, required) for every signature field they must complete. NoSign validates coordinates at ingestion and rejects invalid payloads with 422.

Signing ceremony (signer-facing, NoSign-hosted)

NoSign sends an email to signer #1 containing a one-time link. The signer:

Verifies their email via OTP or magic link — no document access before verification.
Views the full PDF (PDF.js viewer).
Reads and accepts verbatim consent checkboxes — the exact rendered wording is stored in the audit trail.
Draws their signature on a signature pad (mouse or finger, mobile-friendly).
Signs every required field and submits.

For sequential multi-signer documents, NoSign re-imports the running document with stamps applied and emails the next signer automatically. The process repeats until all signers have completed.

Seal

After the last signer, NoSign stamps every signature field into the PDF and applies a PAdES-B-T cryptographic seal: a TCPDF-native organizational signature plus an embedded RFC3161 timestamp from a self-hosted TSA sidecar. The seal proves the document has not been modified since sealing.

Webhook delivery

NoSign POSTs to your callback_url with:

The sealed PDF (base64).
The full ordered audit bundle: every recorded event with UTC timestamp, HMAC-hashed IP, user agent, actor, and document hash.
An X-NoSign-Signature HMAC-SHA256 header for verification.

Delivery uses exponential-backoff retries and a dead-letter path. Nothing is deleted until your backend returns 2xx.

Delete

Once your platform has durably stored the sealed PDF and audit bundle, it sends a DELETE to the signing request. NoSign triggers a full hard delete of all documents and personal data. A PII-scrubbed audit tombstone is retained. One single delete code path.

← Quickstart Trust boundaries