Quick overview
The API mirrors the product: every concept maps to a resource you can read, create, or subscribe to. Authentication is OAuth2 — no long-lived static tokens. The reference implementation is VG Realestate, which uses the same endpoints documented here.
Base URL
https://api.vg-sign.com/v1Authentication
OAuth2 authorization-code flow. Register an app, redirect users to /oauth/authorize, exchange the callback code for an access token, and call the API with Authorization: Bearer …. Tokens scoped per app and per user.
Core endpoints
POST /envelopes— create a new envelope from one or more PDFs.POST /envelopes/:id/recipients— add signers, configure roles and signing order.POST /envelopes/:id/fields— place signature, initial, date, and text fields by JSON or template.POST /envelopes/:id/send— fire signing emails / SMS to recipients.GET /envelopes/:id— read envelope state, signed PDF URLs, and audit trail.POST /webhooks— register endpoints for envelope lifecycle events.
Webhook events
Every state change emits a webhook with a signed payload. Events: envelope.sent, envelope.viewed, envelope.signed, envelope.completed, envelope.declined, envelope.voided.
Payloads are HMAC-SHA256 signed with your shared secret. Verify before processing — see the security conventions on the Security page.
SDKs
Official SDKs ship with type-safe clients for the core flows. Available:
- TypeScript / Node —
npm i @vg-sign/sdk - Python —
pip install vg-sign - Go —
go get github.com/vg-sign/go-sdk
SDK availability tracks GA. If you need early access, write to hello@vg-sign.com.
Rate limits
Free tier: 60 req/min, 1k webhooks/day. Pro tier: 600 req/min, 10k webhooks/month included. Enterprise tiers are uncapped — contact us.
Reference
Full reference docs (every endpoint, every field, every error code) are being assembled. In the meantime, ask support@vg-sign.com for the staging Postman collection or an OpenAPI spec.