Embedded Signing: Put the Signature Flow Inside Your Own App

The redirect that costs you signers

The default e-signature flow sends an email with a link to a vendor's website. For a stand-alone agreement that's fine. But when signing is part of your own product — onboarding a new user, accepting a quote inside your sales tool, completing an application — bouncing the signer out to a different domain is a problem. It breaks your branding, drops the signer into an unfamiliar UI, and adds a place for them to get lost or distracted.

Embedded signing fixes this by putting the signing experience inside your app. The signer never leaves your product; they sign in a panel that looks and feels like the rest of your interface.

Two pieces: the API and the widget

Embedded signing combines two parts of the platform:

The REST API spawns the envelope. Your backend calls Hosting Sign to create the envelope from a template or an uploaded document, sets the recipients, and gets back a signing session for the signer in front of you.
The embedded signing widget renders the flow. You drop the signer experience into your own app via a JS SDK plus an iframe — the document, the fields, and the sign action appear right inside your page instead of on an external site.

The division of labor matters: create envelopes server-side, render the signing widget client-side. Your API key — which can create envelopes and spend credits — lives on your server and is never shipped to the browser. The widget in the browser only ever handles a single scoped signing session.

White-label it so it's unmistakably yours

For signing that lives inside your product, vendor branding in the iframe is a tell that breaks the illusion. Pass whitelabel: true and the embed hides all Hitt Sign branding — the signer sees your product, not ours. Combined with your own surrounding UI, the signature step becomes a native feature of your app rather than an obvious bolt-on.

Embedded signing is still fully defensible

A fair worry: if the signer never visits the "real" signing site, is the signature as solid? Yes — for the same reason in-person signing is. Validity comes from intent, consent, and the record, not from which domain rendered the page. Every embedded signature flows into the same hash-chained audit trail as any other: timestamps, IP and device, the document fingerprint, the full event sequence. The signed PDF is sealed identically. The iframe is just the window; the evidence behind the glass is unchanged.

For higher-stakes embedded flows, layer on email or SMS one-time-passcode verification before the document opens — it ties the signature to something the signer controls even when they're signing inside your app.

Scope your keys, one per integration

If you embed signing across more than one product or surface, don't share a single key. Hosting Sign supports scoped integration API keys — one per sibling product — so each integration has its own credential. The payoff is containment: if one key leaks, you rotate that one without taking down every other integration, and your security audit log shows exactly which key did what.

A clean sequence to build against

A reliable embedded flow looks like this, end to end:

Server-side, call the API to create the envelope from a template and the recipient's details.
Get back a scoped signing session for that one signer.
Render the widget in your page with the session, whitelabel: true, and your styling around it.
The signer reviews and signs without leaving your app.
Listen for the envelope.completed webhook on your server to advance your own workflow — provision the account, unlock the next step, file the PDF — the moment they finish.

Note that, as everywhere in the product, a credit is consumed when the envelope is sent, so create envelopes when the signer is actually ready to sign, not speculatively on page load.

The takeaway

Embedded signing is what separates "we integrated an e-signature vendor" from "signing is a native feature of our product." Create envelopes from your server, render the white-labeled widget in your app, verify the signer where the stakes warrant it, and react to completion over a webhook. The signer stays in your world the entire time — and the audit trail behind every signature is exactly as strong as if they'd signed anywhere else.

Embedded Signing: Put the Signature Flow Inside Your Own App

The redirect that costs you signers

Two pieces: the API and the widget

White-label it so it's unmistakably yours

Embedded signing is still fully defensible

Scope your keys, one per integration

A clean sequence to build against

The takeaway

See Hosting Sign in action

Related articles

The E-Signature API: A Developer's Guide to Signing in Code

Reminders and Expiration: Get Documents Signed Without Nagging

Field Tags: Auto-Place Signature Fields Straight From Your PDF

Related articles

Workflows
The E-Signature API: A Developer's Guide to Signing in Code
When signing has to happen inside your own software, you need an API — not a website. A developer-focused tour of creating envelopes, placing fields, and reacting to signing events programmatically.

Workflows
Reminders and Expiration: Get Documents Signed Without Nagging
Most signing delay is silence, not refusal. How automatic reminders and a hard expiration date get envelopes finished — without you chasing anyone by hand.

Workflows
Field Tags: Auto-Place Signature Fields Straight From Your PDF
Dragging signature boxes onto every document by hand is the slow part of e-signing. How text field tags like {{signature}} let your PDFs place their own fields automatically.