# Sign API v2 Changelog | Version | Date | Details | |---------|------|---------| | 2.1.3 | 23.06.2026 | Async-cascade `403` on document delete, `error.sr.last_document_cannot_be_removed`, JWT bearer format | | 2.1.2 | 10.06.2026 | `feature-not-enabled` (`403`) problem type, documented error keys | | 2.1.1 | June 2026 | Identification pending callback; signature request expiry (`expires_at`), `EXPIRED` status, and error-envelope refinements | | 2.1.0 | March 2026 | Takeover of the PostMan collection | | 2.0.1 | December 2025 | Express QES (xQES) and identification related endpoints | | 2.0.0 | June 2024 | Official release of Sign API v2 | --- ## 2.1.3 — 23.06.2026 ### Documents - **Async-cascade `403` on delete** — `DELETE /documents/{id}` now documents a `403 Forbidden` response. When a signature request is deleted, its documents are cleaned up asynchronously; during this window the document is still listed by `GET /documents` but delete attempts return `403`. Retry after a few seconds — the document will either have been removed by the cascade or the delete will succeed. - **`error.sr.last_document_cannot_be_removed`** — Attempting to remove the last document from a signature request returns `400` with this error key. An SR must keep at least one document. ### Authentication - **JWT bearer format** — The API key security scheme now explicitly declares `bearerFormat: JWT`. --- ## 2.1.2 — 10.06.2026 ### Error handling - **`feature-not-enabled` problem type** — New Problem+JSON type `https://api.skribble.com/problem/feature-not-enabled` and a shared `403` response, returned when an operation depends on a feature that is not enabled for the business. This now gates setting `expires_at` (`POST /signature-requests`) and the Express QES identification evidence endpoints (status, JSON, files, JWT). - **Documented error `key` values** — The error envelope's optional `key` now enumerates the known stable, machine-readable keys, grouped by category: authentication (`error.auth.*`), rate limiting (`error.rate_limit.*`), file/attachment (`file.attachment.unsupported`, `file.malware.detected`), and PDF processing (`file.pdf.*`). Prefer matching on `key` over parsing `message`. - **`404` removed from delete** — `DELETE /signature-requests/{SR_ID}` no longer documents a `404 Not Found` response. See [Error Handling](/error-handling) for the full envelope schema. --- ## 2.1.1 — June 2026 ### Callbacks - **Identification pending callback** — New `callback_ident_pending_url` field on signature requests, called when the identification of a signer requires manual review (e.g. Express QES without NFC) - **`IDENT_PENDING` callback type** — New callback type triggered when a signer's identification process requires manual review ### Signature Requests - **Expiry date (`expires_at`)** — **Early access (opted-in businesses only).** Owner-set expiry date for a signature request, set at create time. When the date passes, the request transitions to `status_overall=EXPIRED`. Must be today or later, at most 6 months in the future, and — if the owning business has a retention policy — at most one day before the retention deletion date. - **Retention date (`auto_delete_at`)** — New read-only field on signature request responses exposing the server-managed date on which the request and its documents are automatically deleted per the business's retention policy. Together with `expires_at`, this replaces the former free-form `expiration_date` field. ### Status - **`EXPIRED` status** — New terminal `status_overall` value, set when an owner-defined `expires_at` passes before all signers have signed. ### Error handling - **Refined error `key`** — The optional `key` on the Problem+JSON error envelope is now present for a broader set of errors that carry a stable code (PDF loading, malware detection, unsupported attachment types, rate-limit, authentication). Prefer matching on `key` over parsing `message`, which is not part of the stable contract. - **`404` on withdraw/delete** — The delete signature request endpoint (`DELETE /signature-requests/{SR_ID}`) now documents a `404 Not Found` response. See [Error Handling](/error-handling) for the full envelope schema. --- ## 2.0.0 — June 2024 ### Integration - **Send-To** — Initiate the signing process without the need for an API key ([→ SendTo reference](/api/sign-v2)) ### Signature Requests - **Create** — Full signature request creation with documents, signers, and options - **Add / remove signers** — Add and remove individual signers from an existing signature request - **Custom owner** — Define a specific signature request owner - **Signing sequence** — Define the order in which signers must complete their signatures - **Multiple visual signatures** — Define multiple visual signature placements per signer - **Disable TAN notifications** — Disable TAN-based NAS notifications for SES signatures - **Withdraw** — Withdraw an open signature request at any time ### Find - **Title search** — Enhanced search capabilities with full title search for signature requests - **Pagination** — Extended signature request listing with pagination options ### Triggers - **Reminders** — Remind signers with pending signatures (rate-limited to once per hour per signer) ### Users - **Signature quality details** — Extended details on available signature qualities per user ### Monitoring - **Callback status** — Get details about the status of signature request callbacks ### Reporting - **Signature activities** — Get signature activities for a business