--- title: "How to Build a Document E-Signature Platform Like DocuSign" author: "Nate Laquis" author_role: "Founder & CEO" date: "2028-10-16" category: "How to Build" tags: - e-signature platform development - DocuSign alternative build - digital signature app - electronic signature platform - document signing tool excerpt: "DocuSign owns about a quarter of the e-signature market, which means three quarters remain up for grabs. Here is how to build a document e-signature platform from scratch with legally compliant workflows, tamper-evident audit trails, and a developer-friendly API." reading_time: "15 min read" canonical_url: "https://kanopylabs.com/blog/how-to-build-a-document-esignature-platform" --- # How to Build a Document E-Signature Platform Like DocuSign ## Why Build a DocuSign Alternative in 2028 The global e-signature market crossed $7 billion in 2027, and projections put it north of $40 billion by 2032. DocuSign commands roughly 25% of that spend. HelloSign (now Dropbox Sign), PandaDoc, Adobe Acrobat Sign, and a sprawling ecosystem of vertical players split the rest. The opportunity is not about dethroning DocuSign. It is about carving out a profitable niche where DocuSign's one-size-fits-all pricing and generic workflows leave money on the table. Think about it from the buyer's perspective. A property management company that needs tenants to e-sign leases does not want to pay $40 per user per month for features built around enterprise sales contracts. A healthcare network routing consent forms through five departments cares about HIPAA compliance fields, not DocuSign's generic template library. A lending platform that processes 10,000 loan documents monthly would rather embed signing directly into their existing borrower portal than redirect users to a third-party domain. If your product already handles documents, contracts, or approvals, building the signature layer in-house eliminates per-envelope fees that compound fast at scale. At DocuSign's API pricing of roughly $1 to $3 per envelope, a company sending 50,000 documents monthly is paying $50,000 to $150,000 per year just for signature capture. That budget funds a custom platform that you own, control, and can differentiate with. The technical barrier to entry has also dropped considerably. Open-source PDF rendering libraries, mature cryptographic tooling in Node.js and Go, and cloud KMS services from AWS and GCP mean you no longer need a dedicated cryptography team to build a legally defensible signing experience. What you do need is a clear understanding of the legal frameworks, a well-architected audit trail, and a workflow engine flexible enough to handle real business processes. That is exactly what we will cover. ![Financial documents and contracts laid out on a desk ready for digital signature processing](https://images.unsplash.com/photo-1554224155-6726b3ff858f?w=800&q=80) ## Document Upload, Rendering, and the PDF Pipeline Every e-signature workflow starts with a document. Your platform needs to accept uploads in multiple formats, normalize them into a consistent renderable format, and display them pixel-perfectly in the browser so signers can review before they commit. PDF is the universal format for signed documents because it is self-contained, widely accepted by courts, and supports embedded digital signatures natively. Make PDF your canonical format and convert everything else on ingest. ### Handling Uploads and Conversion Accept PDF, DOCX, PNG, and JPEG uploads at minimum. For DOCX-to-PDF conversion, **LibreOffice in headless mode** remains the most reliable open-source option. Run it in a Docker container with a queue worker that picks up conversion jobs from Redis or SQS. Expect conversion times of 1 to 5 seconds per document depending on complexity. For image files (scanned contracts, faxed documents), convert them to PDF using **sharp** for image processing and **pdf-lib** for PDF assembly. If you want to make scanned documents searchable and parseable, run OCR with **Tesseract.js** on the server or integrate Google Cloud Vision for higher accuracy. Store original uploads in S3 alongside the converted PDF so you always have a provenance chain. Tag each document version with a SHA-256 hash computed at upload time. This hash becomes the anchor for your entire audit trail: any future comparison against this hash proves whether the document was modified. ### Browser-Side Rendering with PDF.js and PSPDFKit For displaying documents in the browser, you have two solid paths. **PDF.js** is Mozilla's open-source PDF renderer. It is free, battle-tested, and renders most standard PDFs accurately. The trade-off is that complex PDFs with embedded fonts, advanced form fields, or layered annotations can render incorrectly. You will need to invest engineering time handling edge cases, and text selection on rendered pages requires additional work with the text layer API. **PSPDFKit** (commercial) and **Apryse** (formerly PDFTron) offer drop-in React and Angular components with pixel-perfect rendering, built-in annotation support, and form filling out of the box. PSPDFKit licenses start around $3,000 per year for web-only use. Apryse pricing is comparable. If your platform handles high-stakes documents (real estate closings, legal agreements, financial contracts), the rendering accuracy of a commercial library pays for itself in avoided support tickets and compliance headaches. For most teams, the pragmatic approach is to start with PDF.js for the MVP, validate the product with real users, and upgrade to PSPDFKit or Apryse when you encounter rendering issues that cost you more in engineering time than the license fee. Whichever library you choose, render documents on a per-page basis with lazy loading so that a 50-page contract does not freeze the browser. Cache rendered page images in IndexedDB on the client for instant re-display when signers navigate back and forth. ### Overlay Architecture for Signature Fields Your signing UI renders the PDF as a background layer and positions interactive HTML elements (signature boxes, text inputs, date pickers, checkboxes) on top at the coordinates stored in your template definition. Use absolute positioning within a container that matches the PDF page dimensions, and calculate field positions as percentages of page width and height so they scale correctly across screen sizes. On mobile, the same overlay system works, but you will want to add a "guided signing" mode that zooms to each field in sequence rather than forcing the signer to pinch-zoom around a full-page view. ## Signature Capture: Draw, Type, Upload, and Beyond Your platform needs to support at least three signature capture methods. Different users prefer different approaches, and different legal contexts may require specific methods. Here is how to implement each one properly. ### Draw Signature on Canvas This is the method users associate most closely with "signing." Present an HTML5 Canvas element where the user draws their signature with a mouse, trackpad, stylus, or finger. The **signature_pad** library (open source, about 10KB gzipped) handles stroke capture, bezier curve smoothing, and export to PNG, SVG, or raw point data. Configure it with a minimum stroke width of 0.5 and maximum of 2.5 for a natural pen feel. On touch devices, disable page scrolling within the canvas area and increase the hit target to prevent accidental gestures from interrupting the signature. Capture the signature in both SVG (for clean rendering at any resolution when embedded in the final PDF) and PNG (for preview thumbnails and backward compatibility). Also store the raw stroke data, including timestamps for each point and pressure values if the device supports them. This stroke-level data serves as biometric evidence that the signature was actively drawn by a human rather than pasted from a static image. Some courts and EU regulatory bodies consider this data meaningful when evaluating signature authenticity. ### Type-to-Sign Let signers type their name and choose from four or five script-style fonts that render it as a stylized signature. This method is the fastest and works well for low-friction scenarios: internal approvals, terms acceptance, NDA acknowledgments. Use Google Fonts like **Great Vibes**, **Dancing Script**, **Allura**, or **Pacifico**. Render the typed name onto a hidden canvas at a fixed size, export as PNG, and embed it in the document the same way you would a drawn signature. Let the user preview all font options side by side and select their preferred style. ### Upload a Signature Image Executives and repeat signers often have a signature image they reuse. Accept PNG, JPEG, and SVG uploads. Automatically strip the background using a threshold-based transparency algorithm: convert to grayscale, identify pixels lighter than a configurable threshold (default 220 out of 255), and set them to transparent. For more reliable background removal on photos of signatures on paper, integrate **remove.bg's API** or use a lightweight ML model like U2-Net. Store both the original upload and the processed transparent version. ### Saved Signatures and Initials Once a user creates a signature through any method, save it to their profile so they can reuse it on future documents with a single click. Store saved signatures encrypted at rest and allow users to manage (view, delete, set default) their saved signatures from their account settings. Do the same for initials, which are separate from the full signature and used on individual pages of multi-page documents. Let users create initials using the same three methods: draw, type, or upload. Regardless of capture method, every signature event must record: the signer's IP address, user agent, UTC timestamp with millisecond precision, authentication method used (email link, SMS OTP, SSO), the SHA-256 hash of the document at the moment of signing, and the capture method (draw, type, upload). This metadata is what transforms a visual mark into a legally defensible electronic signature under the ESIGN Act and eIDAS. ## Signing Workflows: Sequential, Parallel, and CC Routing Simple "send and sign" covers maybe 30% of real-world use cases. The other 70% involve multiple signers, approval chains, conditional routing, and observers who need copies but do not sign. Your workflow engine is where your platform either earns enterprise revenue or gets dismissed as a toy. ### Sequential Signing Signer A completes their fields, then Signer B receives the document, then Signer C. Each participant only sees the document after the previous signer has finished. This is the standard for approval chains: an employee submits an expense report, their manager approves, then finance processes it. Or a sales rep drafts a contract, legal reviews and approves, then the client receives a clean version for signing. Implement sequential workflows as an ordered list of steps. When a step completes, your workflow engine advances to the next step, updates the document status, and fires a notification to the next signer via email or SMS. ### Parallel Signing Multiple signers receive the document at the same time and can sign in any order. All signers in a parallel group must complete before the workflow advances. This is common for co-borrower agreements, board resolutions, partnership contracts, and any multi-party agreement where signer order does not matter legally. Your data model should support mixing sequential and parallel steps in a single workflow. For example: Step 1 is parallel (Co-founder A and Co-founder B both sign), Step 2 is sequential (Legal counsel reviews), Step 3 is parallel (Investor A and Investor B both sign). ### CC Recipients and Observers CC recipients receive a copy of the document at a specified point in the workflow but do not have any signing obligations. Some workflows CC the sender's assistant when the document goes out. Others CC the compliance department when all signatures are collected. Support CC delivery at three trigger points: when the document is first sent, when a specific signer completes, or when all signatures are collected and the document is finalized. Observers are similar but can view the document and its real-time status without receiving a separate copy. They get access to the document viewer in your platform but do not appear in the signing order. ### Building the Workflow Engine Model workflows as a directed acyclic graph (DAG). Each node represents a signing step, an approval step, or a CC notification. Edges represent transitions, optionally gated by conditions. Store the workflow definition as a JSON schema alongside the document template. At runtime, a state machine evaluates which nodes are active, checks completion conditions, and determines which nodes to activate next. For most platforms, a straightforward implementation using a **status** column on each workflow step (pending, active, completed, skipped, declined) and a cron job or event-driven trigger that evaluates transitions is sufficient. If your routing logic includes complex conditional branching (route to VP if amount exceeds $50,000, skip legal review for renewals under $10,000), consider using **XState** in TypeScript for a more formal state machine that is easier to test and debug. ### Notifications and Reminders Every workflow transition triggers a notification. Use **SendGrid** or **Resend** for transactional email delivery. Both offer deliverability tracking, bounce handling, and template support. Send an initial notification when a signer's turn arrives, a reminder at 24 hours if they have not opened the document, a second reminder at 72 hours, and an escalation to the document sender at the configurable deadline. Track email opens and link clicks to distinguish "signer never saw the email" from "signer saw it and is ignoring it." For high-priority documents, offer SMS notifications via Twilio as a premium feature. Build all notifications through a centralized notification service so you can add channels (Slack, Microsoft Teams, in-app push) without rewiring each workflow step. If you are building a broader SaaS product and the signing workflow is one piece of a larger platform, our guide on [building a SaaS platform](/blog/how-to-build-a-saas-platform) covers the architectural patterns for multi-tenant systems that apply directly here. ## Legal Compliance: ESIGN Act, UETA, and eIDAS Your e-signature platform is only as valuable as the legal enforceability of the signatures it captures. Get the compliance layer wrong and every signature on your platform could be challenged and invalidated. Three legal frameworks govern the vast majority of e-signature use cases globally. ### The ESIGN Act (United States) The Electronic Signatures in Global and National Commerce Act, enacted in 2000, gives electronic signatures the same legal standing as handwritten signatures for interstate and international commerce. The requirements are straightforward but non-negotiable. First, the signer must consent to conducting the transaction electronically. Your platform needs an explicit consent step before the first signature, not buried in terms of service but presented as a clear, affirmative action. Second, the signer must be able to retain a copy of the signed document. Provide a downloadable PDF of the completed document immediately after signing, and keep it accessible in the signer's account for a reasonable retention period (most platforms offer 5 to 7 years). Third, the system must accurately reproduce the signed record. The document stored on your servers must be identical, byte for byte, to what the signer reviewed and signed. ### UETA (State-Level Compliance) The Uniform Electronic Transactions Act has been adopted by 49 US states, with New York using its own equivalent statute. UETA predates ESIGN and operates at the state level, requiring mutual consent to electronic transactions and the ability to retain electronic records. In practice, if you satisfy ESIGN's requirements, you almost certainly satisfy UETA as well. The critical nuance is that certain document types are excluded under both ESIGN and most UETA implementations: wills, codicils, testamentary trusts, adoption and divorce papers, court orders, and notices related to utility service cancellation or health/life insurance termination. If your platform serves a specific vertical, verify that your target document types are not in the exclusion list for each state where your users operate. ### eIDAS for the European Union The eIDAS regulation creates a three-tier framework for electronic signatures across all EU member states. **Simple Electronic Signatures (SES)** include any electronic data attached to or associated with other electronic data, like typing your name or clicking "I Agree." SES is accepted for most commercial transactions but carries the lowest evidentiary weight. **Advanced Electronic Signatures (AES)** must be uniquely linked to the signatory, capable of identifying them, created using signature creation data under their sole control, and linked to the signed data so that any subsequent change is detectable. AES is the target for most B2B platforms because it offers strong legal standing without requiring third-party certificate infrastructure. **Qualified Electronic Signatures (QES)** require a qualified digital certificate from an EU-accredited Trust Service Provider and a Qualified Signature Creation Device (QSCD), typically a hardware security module. QES is legally equivalent to a handwritten signature across all EU member states. For your platform, implement AES as the default tier. Capture sufficient identity verification data (email verification, SMS OTP, knowledge-based authentication) to demonstrate the signer's identity. Link signatures to documents via cryptographic hashes so tampering is detectable. Offer QES as a premium tier by integrating with Trust Service Providers like **Swisscom**, **InfoCert**, or **Namirial**, which provide remote qualified certificate signing via API. QES integration adds 2 to 4 weeks of development time and per-signature costs of EUR 0.50 to EUR 2.00 depending on volume, but it unlocks regulated industries (banking, insurance, government) in the EU market. ![Security compliance and legal documentation for electronic signature verification](https://images.unsplash.com/photo-1563986768609-322da13575f2?w=800&q=80) ## Audit Trails, Tamper-Evident Seals, and PKI Signing The audit trail is the backbone of legal defensibility. When a signature is challenged in court, the document itself is secondary. What matters is the metadata: who signed, when, from where, how they were identified, and proof that the document was not altered after signing. Build your audit trail as an immutable, tamper-evident log from day one. ### Designing the Audit Event Schema Every action on a document produces an audit event. At minimum, capture these event types: document_created, document_uploaded, document_sent, document_viewed, field_completed, signature_applied, document_completed, document_voided, document_downloaded, and access_revoked. Each event record should include: a unique event ID (UUID v4), the document ID, event type, actor (user ID, email, display name), UTC timestamp with millisecond precision, IP address, user agent string, geolocation (if the signer consented), the specific action payload (which field, which page, which signature method), and a SHA-256 hash linking this event to the previous one in the chain. ### Hash Chain for Tamper Evidence Implement a hash chain that makes retroactive modification of audit events detectable. For each new event, serialize the event data to a canonical JSON string, concatenate it with the SHA-256 hash of the previous event in the chain, and compute a new SHA-256 hash. Store this hash alongside the event. To verify integrity, replay the chain from the first event and confirm that each computed hash matches the stored hash. If any event was modified, inserted, or deleted, the chain breaks at that point. This is the same approach DocuSign uses in their Certificate of Completion, and it satisfies the tamper-evidence requirements for ESIGN, UETA, and eIDAS AES. Store audit events in an append-only database table. Revoke UPDATE and DELETE permissions from your application's database role on this table. Write events through a dedicated microservice or module that enforces the hash chain computation, so no other part of your application can bypass the integrity mechanism. ### PKI and Certificate-Based Digital Signatures Beyond the visual signature (the drawn or typed image embedded in the document), apply a cryptographic digital signature to the finalized PDF using the PDF's built-in signature support. Use **pdf-lib** or **node-signpdf** to embed a PKCS#7 signature into the PDF's signature dictionary. This cryptographic signature uses your platform's private key (stored in AWS KMS or HashiCorp Vault, never on disk) to sign a hash of the document contents. Anyone who opens the PDF in Adobe Acrobat or another PDF reader can verify that the document has not been modified since signing. For higher assurance, integrate with an RFC 3161 Timestamping Authority (TSA) like **DigiCert** or **GlobalSign**. A TSA provides a cryptographically signed timestamp proving that the document hash existed at a specific moment. This prevents disputes about when a signature occurred, even if your platform's servers are compromised. TSA integration costs fractions of a cent per timestamp and takes a day or two to implement. For EU customers requiring QES, the qualified Trust Service Provider handles the certificate-based signing on behalf of the signer using their verified identity, and the resulting signature is embedded in the PDF alongside your platform's seal. ### Certificate of Completion Generate a Certificate of Completion PDF that accompanies every finalized document. This certificate summarizes the entire audit trail in a human-readable format: the document title, unique document ID, creation date, each signer's name, email, IP address, signing timestamp, authentication method, and the document's final SHA-256 hash. Append this certificate as the last page of the signed PDF or deliver it as a separate companion document. This is what enterprise customers hand to auditors and legal teams when a signature is questioned, so make it thorough and clearly formatted. For teams exploring how AI can streamline document creation before signatures are even needed, our guide on [building an AI document generation platform](/blog/how-to-build-an-ai-document-generation-platform) covers intelligent drafting, clause libraries, and template automation. ## Template Builder with Drag-and-Drop Fields The template builder is the feature that separates a signing tool from a signing platform. Without it, users manually place fields on every document. With it, they create reusable templates once and send hundreds of documents with pre-positioned fields, assigned signer roles, and validation rules already configured. ### Visual Editor Architecture Build the template editor as a React component that renders the PDF pages as a scrollable background and overlays a drag-and-drop field layer on top. Use **React DnD** or **dnd-kit** for the drag-and-drop interactions. When a user drags a field type (signature, initials, date, text, checkbox, dropdown) from a sidebar palette onto a PDF page, create a field record with these properties: page number, x and y position (as percentages of page dimensions for resolution independence), width and height, field type, assigned signer role (Signer 1, Signer 2, Approver), required flag, validation rules (text format, character limits, date ranges), placeholder text, and font settings (family, size, color). Let users resize fields by dragging corner handles and reposition them with standard drag behavior. Show a properties panel when a field is selected where users can configure all the field attributes. Support multi-select (Shift+click or marquee selection) so users can align, distribute, or bulk-assign fields efficiently. Add keyboard shortcuts for common actions: Delete to remove, Ctrl+D to duplicate, arrow keys for pixel-precise positioning, Tab to cycle through fields in signing order. ### Field Types and Validation Support these field types at minimum: **Signature** (full signature capture), **Initials** (abbreviated signature), **Date Signed** (auto-populated with the signing date), **Text** (free-form input with optional regex validation), **Checkbox** (single or grouped for multi-select), **Dropdown** (select from predefined options), **Radio Buttons** (exclusive selection from a group), and **Attachment** (file upload, useful for ID verification or supporting documents). Each field type needs its own validation logic. Text fields validate against regex patterns, min/max length, and required rules. Date fields validate against allowed ranges. Checkboxes in a required group validate that at least one is checked. ### Signer Role Assignment Templates use roles rather than specific people. A lease template might have roles for "Landlord," "Tenant," and "Guarantor." When a user sends a document from this template, they assign real people to each role. All fields assigned to "Tenant" become active when the tenant opens the document, and fields for other roles are visible but locked. Color-code roles in the template editor (green for Signer 1, blue for Signer 2, orange for Approver) so the layout is visually clear. When the document is sent, map each role to an email address and optionally a name, phone number, and authentication requirement. ### Conditional Field Logic Let template creators define show/hide rules for fields based on other field values. If a dropdown labeled "Entity Type" is set to "Corporation," show the "EIN" and "Authorized Officer" text fields. If a checkbox labeled "Requires Notarization" is checked, insert a notary signature field. Store these rules as JSON conditions on each field: **{"show_if": {"field_id": "entity_type", "operator": "equals", "value": "Corporation"}}**. Evaluate conditions client-side for instant reactivity and re-evaluate server-side before finalizing the document to prevent manipulation. This feature alone can replace complex multi-document workflows with a single smart template. ## API Design, Mobile Experience, and Tech Stack A significant share of e-signature revenue comes through API access, not the platform UI. HelloSign built its entire business around a developer-first API. BoldSign and SignWell compete specifically on API simplicity and documentation quality. If you want enterprise adoption, the API must be a first-class product. ### Core API Design Structure your REST API around five resource groups: **Templates** (CRUD, field definitions, workflow configuration), **Documents** (create from template or upload, assign signers, send, check status, download completed PDF), **Signers** (manage details, resend notifications, reassign), **Events** (retrieve audit trail for a document), and **Webhooks** (register endpoints, manage subscriptions, view delivery logs). Use cursor-based pagination for list endpoints, consistent error response schemas with machine-readable error codes, and API versioning via URL prefix (/v1/) from day one. The highest-value API feature is embedded signing. Generate a short-lived, pre-authenticated URL that the integrating app loads in an iframe or modal. The signer completes the document without leaving the host application. Implement this with a JWT-based URL that expires after a configurable period (default 24 hours). Post events to the parent window via **window.postMessage** so the host app can react to signing_complete, signing_declined, and document_viewed in real time. ### Webhooks for Real-Time Integration Polling is wasteful. Push events to integrators when document status changes: document.sent, document.viewed, signer.completed, document.completed, document.declined, document.voided. Sign payloads with HMAC-SHA256 using a per-customer secret so recipients can verify authenticity. Implement automatic retries with exponential backoff (1 minute, 5 minutes, 30 minutes, 2 hours, 12 hours) for failed deliveries. Provide a webhook log dashboard where developers can inspect payloads, response codes, and retry history without opening a support ticket. ### Mobile-Responsive Signing Experience Over 40% of document signings now happen on mobile devices. Your signing experience must work flawlessly on phones and tablets without requiring an app download. Design a "guided signing" mode for mobile that presents one field at a time, auto-scrolling and zooming to each required field in sequence. The signer taps "Next" to advance through fields rather than hunting around a full-page PDF. Make the signature capture canvas full-width on mobile with large touch targets. Test on both iOS Safari and Android Chrome because they handle viewport scaling, position: fixed elements, and touch events differently. Pay special attention to the virtual keyboard: when a text field is focused, the viewport shifts, and your field overlay positioning must account for that shift or the signer will be typing into a field they cannot see. ### Recommended Tech Stack Here is the stack we recommend for teams building an e-signature platform from scratch. **Frontend:** React with Next.js for SSR and SEO on marketing pages, TypeScript throughout, pdf.js or PSPDFKit for document rendering, dnd-kit for the template builder, signature_pad for draw capture. **Backend:** Node.js with Express or Fastify, TypeScript, Bull or BullMQ for job queues (PDF conversion, notification dispatch, hash chain computation). **Database:** PostgreSQL for relational data (users, templates, documents, workflow state), with a separate append-only schema for audit events. **Storage:** AWS S3 with server-side encryption (SSE-KMS) for documents, with region-specific buckets for data residency compliance. **Notifications:** SendGrid or Resend for transactional email, Twilio for SMS. **Security:** AWS KMS or HashiCorp Vault for key management, bcrypt for password hashing, TOTP-based 2FA for user accounts. **Infrastructure:** Docker containers on AWS ECS or Kubernetes, with separate services for the API, worker processes, and the webhook delivery system. ![Developer laptop showing code for building an e-signature platform backend](https://images.unsplash.com/photo-1517694712202-14dd9538aa97?w=800&q=80) ## Costs, Timeline, and Getting Started Building a document e-signature platform is a serious investment, but the unit economics are compelling. Per-envelope SaaS revenue compounds quickly, enterprise contracts bring high ACV, and the switching costs for embedded API customers are steep once they integrate. Here is what to budget and how to phase the build. ### MVP Phase (3 to 5 Months, $90,000 to $140,000) Your MVP should cover: PDF upload and rendering, signature capture (draw, type, upload), sequential signing workflows with email notifications, a basic audit trail with hash chain integrity, ESIGN/UETA-compliant consent capture and document retention, and a downloadable signed PDF with an embedded certificate of completion. This gets you a product that handles straightforward one-to-three signer workflows for your first customers. Three to four engineers can build this in 3 to 5 months depending on whether you use PDF.js (slower to build, free) or PSPDFKit (faster to build, $3,000+ per year license). ### Full Platform Phase (8 to 14 Months, $200,000 to $350,000) The full platform adds: the visual template builder with drag-and-drop fields and conditional logic, parallel and conditional signing workflows, an embeddable signing API with webhooks, PKI-based digital signatures and RFC 3161 timestamping, eIDAS AES compliance (and optionally QES via Trust Service Provider integration), mobile-optimized guided signing, SSO and SCIM provisioning for enterprise customers, and a self-service API dashboard with sandbox environment. Budget an additional $30,000 to $80,000 for SOC 2 Type II certification and $10,000 to $25,000 for legal review of your terms of service, data processing agreements, and privacy policy. ### Pricing Models That Work **Per-envelope pricing** works best for API customers with variable volumes. Charge $0.50 to $3.00 per envelope depending on volume tier, with discounts at 1,000, 10,000, and 100,000 monthly envelopes. **Subscription pricing** works for self-service users: Starter at $15 per user per month (50 envelopes), Professional at $35 per user per month (unlimited envelopes, templates, and workflows), Enterprise at custom pricing (API access, SSO, dedicated support, custom branding, data residency options). Offer annual billing at a 20% discount to improve cash flow and reduce churn. Most successful platforms offer both models to capture different customer segments. ### Build vs. Embed If signing is a small part of a larger product, embedding an existing API (HelloSign, BoldSign, SignWell) may be faster and cheaper than building from scratch. The calculus changes when you send more than 5,000 envelopes per month (API costs add up), when you need deep workflow customization that third-party APIs do not support, when you operate in a regulated vertical requiring specific compliance features, or when owning the signing experience is a competitive differentiator for your product. If two or more of those conditions apply, building your own platform is the stronger long-term play. Document e-signature is one of those rare product categories where the technical complexity is manageable, the legal requirements are well-documented, and the market demand is growing steadily across every industry. The key is getting the audit trail, compliance layer, and workflow engine right from the start, because retrofitting those is painful and expensive. If your product handles documents, contracts, or approvals, and you are ready to own the signing experience, [book a free strategy call](/get-started) and we will scope the build together. --- *Originally published on [Kanopy Labs](https://kanopylabs.com/blog/how-to-build-a-document-esignature-platform)*