Sign API v3 Changelog

Version	Date	Details
3.0.5	23.06.2026	Async-cascade `403` on document delete, `error.sr.last_document_cannot_be_removed`, JWT bearer format
3.0.4	10.06.2026	`feature-not-enabled` (`403`) problem type, documented error keys
3.0.3	June 2026	Observer Groups; signature request expiry (`expires_at`), `EXPIRED` status, and error-envelope refinements
3.0.2	December 2025	Express QES (xQES) and identification related endpoints
3.0.1	September 2025	Groups in Signature Requests
3.0.0	April 9, 2025	First version with Multi-Doc support

3.0.5 — 23.06.2026

Documents

Async-cascade 403 on delete — DELETE /documents/{id} now documents a 403 Forbidden response. When a signature request is deleted, its documents are cleaned up asynchronously; during this window the document is still listed by GET /documents but delete attempts return 403. Retry after a few seconds — the document will either have been removed by the cascade or the delete will succeed.
error.sr.last_document_cannot_be_removed — Attempting to remove the last document from a signature request returns 400 with this error key. An SR must keep at least one document.

Authentication

JWT bearer format — The API key security scheme now explicitly declares bearerFormat: JWT.

3.0.4 — 10.06.2026

Error handling

feature-not-enabled problem type — New Problem+JSON type https://api.skribble.com/problem/feature-not-enabled and a shared 403 response, returned when an operation depends on a feature that is not enabled for the business. This now gates setting/clearing expires_at (POST /signature-requests, DELETE /signature-requests/{SR_ID}/expires-at), adding group observers (addSignatureObserver), and the Express QES identification evidence endpoints (status, JSON, files, JWT).
Documented error key values — The error envelope's optional key now enumerates the known stable, machine-readable keys, grouped by category: authentication (error.auth.*), rate limiting (error.rate_limit.*), file/attachment (file.attachment.unsupported, file.malware.detected), and PDF processing (file.pdf.*). Prefer matching on key over parsing message.
Refined response coverage — getSignatureRequest now documents 406 Not Acceptable, and listSignatureObservers / getSignatureObserver now document 400 Bad Request.

See Error Handling for the full envelope schema.

3.0.3 — June 2026

Signature Requests

Expiry date (expires_at) — Early access (opted-in businesses only). Owner-set expiry date for a signature request, settable on create/update while status_overall=DRAFT. When the date passes, the request transitions to status_overall=EXPIRED. Must be today or later, at most 6 months in the future, and — if the owning business has a retention policy — at most one day before the retention deletion date.
Clear expiry date — New endpoint DELETE /signature-requests/{SR_ID}/expires-at removes the owner-set expires_at from a DRAFT signature request (returns 400 if not DRAFT). The auto_delete_at retention date is unaffected.
Retention date (auto_delete_at) — New read-only field on signature request responses exposing the server-managed date on which the request and its documents are automatically deleted per the business's retention policy. Together with expires_at, this replaces the former free-form expiration_date field.

Status

EXPIRED status — New terminal status_overall value, set when an owner-defined expires_at passes before all signers have signed.

Error handling

Refined error key — The optional key on the Problem+JSON error envelope is now present for a broader set of errors that carry a stable code (PDF loading, malware detection, unsupported attachment types, rate-limit, authentication). Prefer matching on key over parsing message, which is not part of the stable contract.
404 on withdraw/delete — The delete signature request endpoint (DELETE /signature-requests/{SR_ID}) now documents a 404 Not Found response.

See Error Handling for the full envelope schema.

Sign API v3 Changelog

Version	Date	Details
3.0.5	23.06.2026	Async-cascade `403` on document delete, `error.sr.last_document_cannot_be_removed`, JWT bearer format
3.0.4	10.06.2026	`feature-not-enabled` (`403`) problem type, documented error keys
3.0.3	June 2026	Observer Groups; signature request expiry (`expires_at`), `EXPIRED` status, and error-envelope refinements
3.0.2	December 2025	Express QES (xQES) and identification related endpoints
3.0.1	September 2025	Groups in Signature Requests
3.0.0	April 9, 2025	First version with Multi-Doc support

3.0.5 — 23.06.2026

Documents

Async-cascade 403 on delete — DELETE /documents/{id} now documents a 403 Forbidden response. When a signature request is deleted, its documents are cleaned up asynchronously; during this window the document is still listed by GET /documents but delete attempts return 403. Retry after a few seconds — the document will either have been removed by the cascade or the delete will succeed.
error.sr.last_document_cannot_be_removed — Attempting to remove the last document from a signature request returns 400 with this error key. An SR must keep at least one document.

Authentication

JWT bearer format — The API key security scheme now explicitly declares bearerFormat: JWT.

3.0.4 — 10.06.2026

Error handling

feature-not-enabled problem type — New Problem+JSON type https://api.skribble.com/problem/feature-not-enabled and a shared 403 response, returned when an operation depends on a feature that is not enabled for the business. This now gates setting/clearing expires_at (POST /signature-requests, DELETE /signature-requests/{SR_ID}/expires-at), adding group observers (addSignatureObserver), and the Express QES identification evidence endpoints (status, JSON, files, JWT).
Documented error key values — The error envelope's optional key now enumerates the known stable, machine-readable keys, grouped by category: authentication (error.auth.*), rate limiting (error.rate_limit.*), file/attachment (file.attachment.unsupported, file.malware.detected), and PDF processing (file.pdf.*). Prefer matching on key over parsing message.
Refined response coverage — getSignatureRequest now documents 406 Not Acceptable, and listSignatureObservers / getSignatureObserver now document 400 Bad Request.

See Error Handling for the full envelope schema.

3.0.3 — June 2026

Signature Requests

Expiry date (expires_at) — Early access (opted-in businesses only). Owner-set expiry date for a signature request, settable on create/update while status_overall=DRAFT. When the date passes, the request transitions to status_overall=EXPIRED. Must be today or later, at most 6 months in the future, and — if the owning business has a retention policy — at most one day before the retention deletion date.
Clear expiry date — New endpoint DELETE /signature-requests/{SR_ID}/expires-at removes the owner-set expires_at from a DRAFT signature request (returns 400 if not DRAFT). The auto_delete_at retention date is unaffected.
Retention date (auto_delete_at) — New read-only field on signature request responses exposing the server-managed date on which the request and its documents are automatically deleted per the business's retention policy. Together with expires_at, this replaces the former free-form expiration_date field.

Status

EXPIRED status — New terminal status_overall value, set when an owner-defined expires_at passes before all signers have signed.

Error handling

Refined error key — The optional key on the Problem+JSON error envelope is now present for a broader set of errors that carry a stable code (PDF loading, malware detection, unsupported attachment types, rate-limit, authentication). Prefer matching on key over parsing message, which is not part of the stable contract.
404 on withdraw/delete — The delete signature request endpoint (DELETE /signature-requests/{SR_ID}) now documents a 404 Not Found response.

See Error Handling for the full envelope schema.