REST API Overview
The WPsigner REST API allows you to interact with your documents, signers, and signing workflows programmatically. Built on top of the WordPress REST API, it provides secure endpoints for managing electronic signatures.
Base URL
Section titled “Base URL”All API endpoints are available at:
https://your-site.com/wp-json/wpsigner/v1/Authentication
Section titled “Authentication”WPsigner uses API Key + Secret authentication. You’ll need to generate credentials from the WordPress admin panel.
Generating API Credentials
Section titled “Generating API Credentials”- Go to WPsigner → More → API in your WordPress admin
- Click Create New Key
- Enter a name and description for your key
- Select the permission level:
- Full Access: Read and write operations
- Read Only: Only GET requests allowed
- Click Create Key
- Important: Copy and save the API Secret immediately. It will only be shown once!
Using API Credentials
Section titled “Using API Credentials”Include the following headers in all API requests:
X-WPS-API-Key: wps_your_api_key_hereX-WPS-API-Secret: your_api_secret_hereExample Request
Section titled “Example Request”curl -X GET "https://your-site.com/wp-json/wpsigner/v1/documents" \ -H "X-WPS-API-Key: wps_PPF0L3qPubG4YedgDx5H5IqMpTgfv5h3" \ -H "X-WPS-API-Secret: heP9XXeZJJPMttYg4XfRXe6YFvCW..."Response Format
Section titled “Response Format”All responses are returned in JSON format. Successful responses typically include the requested data:
{ "id": "44", "title": "Contract Agreement", "status": "sent", "created_at": "2024-01-15 10:30:00"}Error Responses
Section titled “Error Responses”Errors follow the WordPress REST API error format:
{ "code": "rest_forbidden", "message": "Invalid API key or secret.", "data": { "status": 401 }}HTTP Status Codes
Section titled “HTTP Status Codes”| Code | Description |
|---|---|
200 | Success |
201 | Created (for POST requests) |
400 | Bad Request - Invalid parameters |
401 | Unauthorized - Invalid or missing credentials |
403 | Forbidden - Insufficient permissions |
404 | Not Found - Resource doesn’t exist |
429 | Too Many Requests - Rate limit exceeded |
500 | Server Error |
Rate Limiting
Section titled “Rate Limiting”To protect your server and ensure fair usage, the API implements rate limiting:
- Per API Key: 1,000 requests per hour
- Per IP Address: 100 requests per minute (for unauthenticated requests)
When you exceed the rate limit, you’ll receive a 429 response:
{ "code": "rate_limit_exceeded", "message": "Rate limit exceeded. Please wait 45 seconds before trying again.", "data": { "status": 429, "retry_after": 45 }}Permissions
Section titled “Permissions”API key permissions determine which operations are allowed:
| Permission | GET | POST | PUT | DELETE |
|---|---|---|---|---|
| Full Access | ✅ | ✅ | ✅ | ✅ |
| Read Only | ✅ | ❌ | ❌ | ❌ |
If you attempt a write operation with a Read Only key, you’ll receive:
{ "code": "rest_forbidden", "message": "This API key has read-only permissions.", "data": { "status": 403 }}Available Endpoints
Section titled “Available Endpoints”| Method | Endpoint | Description |
|---|---|---|
GET | /documents | List all documents |
POST | /documents | Create a new document |
GET | /documents/{id} | Get document details |
PUT | /documents/{id} | Update a document |
DELETE | /documents/{id} | Delete a document |
GET | /documents/{id}/signers | List signers |
POST | /documents/{id}/signers | Add a signer |
GET | /documents/{id}/fields | List document fields |
POST | /documents/{id}/fields | Save document fields |
POST | /documents/{id}/send | Send for signing |
GET | /documents/{id}/audit | Get audit trail |
GET | /stats | Get statistics |
Next Steps
Section titled “Next Steps”- Documents API - Work with documents
- Signers API - Manage signers
- Webhooks - Receive real-time notifications