Inkless Digital Signing API v1

Introduction

The Inkless API lets you programmatically create and send signing links (“envelopes”) based on your email templates and document templates, with signing order, merge fields, auditing, and expiry. To get started you must create an API Token, to do this you can browse to Admin -> Company then click on the API Details Tab, Once their type a description in the input box and click "Create Token". Copy the token and store it in a secure place as this will not be shown again and will require you to revoke the token and create a new one if lost.

Tip: Tokens are company-scoped. The email_template_id and all document_template_id values must belong to the same company as the token.

API Endpoints

Production Endpoint

https://inkless.co.uk/api/service.php

Development Endpoint

https://inkless.co.uk/api/service.php

Authentication

To access the API, you must include your API token in the Authorization header:

Header 
Authorization: Bearer YOUR_API_TOKEN

API Token Format

The API token must follow the format:

ink_live_key.secret
  • key is a unique identifier for the key (8-16 alphanumeric characters)
  • secret is the secret key (20+ alphanumeric characters)

Authentication Flow

When you send a request with the API token in the Authorization header, the following steps occur:

  1. The token is extracted and validated against the expected format.
  2. If the token does not match the expected format, a 401 Unauthorized error is returned.
  3. The system checks if the token is valid and not revoked. If the token is revoked or invalid, a 401 Unauthorized error is returned.
  4. The system checks if the token has expired. If the token is expired, a 401 Unauthorized error is returned.
  5. The system verifies that the provided HMAC matches the stored HMAC. If it does not match, a 401 Unauthorized error is returned.
  6. If all checks pass, the request proceeds and the token data is returned for use in subsequent operations.

Response Codes

The following error codes may be returned during the authentication process:

Missing API token
401 Unauthorized
Invalid API token format
401 Unauthorized
Revoked API token
401 Unauthorized
Expired API token
401 Unauthorized
Invalid HMAC (token integrity check failed)
401 Unauthorized

Rate Limiting

Each API token is subject to rate limiting based on the following parameters:

  • Limit: The maximum number of requests allowed within a specified time window.
  • Window: The time period within which requests are counted.

If the rate limit is exceeded, a 429 Too Many Requests error will be returned. The rate_limit_limit and rate_limit_window values are provided as part of the token data.

Last Used IP

The IP address associated with the API token is updated each time the token is used. The system tracks this and logs the IP in case of misuse or troubleshooting.

Get Balance

POST /api/get_balance

Each document sent (after being combined) will deduct from your overall balance.
For example: If 1 envelope with 2 documents priced at £0.70 is sent, it will cost £1.40. If the payload has a combine: 1 for both documents, they will be combined into one document, costing you only £0.70.

Response Codes

No credits left
402 insufficient_funds
Successful response
200 OK

Response Example

Example
                    
{
    "ok":true,
    "company_id":127,
    "balance":"£0.50",
    "as_of":"2025-10-13T15:51:23+00:00"
}

Errors

If the company does not exist or the API token is invalid, a 404 Not Found error will be returned with the message "company not found".

How to Request the Balance

To retrieve the balance for a company, send a POST request to /api/get_balance with the API token in the Authorization header. The request will return the company's wallet balance and the date and time the balance was last updated.

curl -sS -X POST "https://inkless.co.uk/api/get_balance" \
 -H "Authorization: Bearer YOUR_API_TOKEN" \
 -H "Content-Type: application/json"

Limitations

The endpoint currently does not allow you to directly modify your balance. It only provides the current balance associated with the authenticated company.

Get Document Templates

POST /api/get_documents

This endpoint retrieves the document templates associated with your company. It returns a list of available templates for your account. If you're working in the sandbox environment, predefined templates will be returned.

Response Codes

No templates available
404 Not Found
Successful response
200 OK

Response Example

Example
                    
{
    "ok":true,
    "documents":[
        {
        "id":1,
            "name":"template 1"
        },
        {
            "id":2,
            "name":"template 2"
        }
    ]
}

How to Request Document Templates

To retrieve document templates, send a POST request to /api/get_documents with your API token in the Authorization header. If you're working in the sandbox environment, you will receive predefined templates.

curl -sS -X POST "https://inkless.co.uk/api/get_documents" \
 -H "Authorization: Bearer YOUR_API_TOKEN" \
 -H "Content-Type: application/json"

Get Email Templates

POST /api/get_emails

This endpoint retrieves the email templates associated with your company. It returns a list of available email templates for your account. If you're working in the sandbox environment, predefined templates will be returned.

Response Codes

No templates available
404 Not Found
Successful response
200 OK

Response Example

Example
                    
{
    "ok":true,
    "templates":[
        {
            "id":1,
            "name":"document 1"
        },
        {
            "id":2,
            "name":"document 2"
        }
    ]
}

How to Request Email Templates

To retrieve email templates, send a POST request to /api/get_emails with your API token in the Authorization header. If you're working in the sandbox environment, you will receive predefined templates.

curl -sS -X POST "https://inkless.co.uk/api/get_emails" \
 -H "Authorization: Bearer YOUR_API_TOKEN" \
 -H "Content-Type: application/json"

Download Signed Document

POST /api/download_signed

Downloads the signed document by its token and returns the document details along with the base64 content.

Request

Send a POST request with the document token to retrieve the signed document.

Request Body

Example
                    
{
  "document_token": "your_document_token"
}

Response

200 OK

Example
{
  "ok": true,
  "file": {
    "filename": "agreement-signed.pdf",
    "mime": "application/pdf",
    "size": 350170,
    "sha256": "2a4bd9a8d0a2b8eda8b076cb1db9e94b777dc6e7c1c653032c70f0568e296165",
    "content_base64": "BASE64_ENCODED_CONTENT"
  }
}
curl -X POST "https://inkless.co.uk/api/download_signed" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{"document_token": "your_document_token"}'

Common Errors

HTTPErrorMeaning
400document_token is requiredProvide a valid document_token in the body.
404document not foundThe requested document could not be found.
500server errorUnexpected failure (file I/O, network issues, etc.).

Download Document Archive

POST /api/download_archive

Downloads a zip archive containing the documents associated with the document token.

Request

Send a POST request with the document token to retrieve the document archive.

Request Body

Example
                    
{
  "document_token": "your_document_token"
}

Response

200 OK

Example
{
  "ok": true,
  "file": {
    "filename": "documents-archive.zip",
    "mime": "application/zip",
    "size": 1024000,
    "sha256": "a1b2c3d4e5f67890abcde1234567890abcdef1234567890abcdef1234567890",
    "content_base64": "BASE64_ENCODED_CONTENT"
  }
}
curl -sS -X POST "https://inkless.co.uk/api/download_archive" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{"document_token": "your_document_token"}'

Common Errors

HTTPErrorMeaning
400document_token is requiredProvide a valid document_token in the body.
404document not foundThe requested document could not be found.
500server errorUnexpected failure (archive creation, file I/O, etc.).

Download Envelope Archive

POST /api/download_envelope_archive

Downloads a zip archive containing all the documents within an envelope.

Request

Send a POST request with the envelope token to retrieve the envelope archive.

Request Body

Example
                    
{
  "envelope_token": "your_envelope_token"
}

Response

200 OK

Example
{
  "ok": true,
  "file": {
    "filename": "envelope-documents-archive.zip",
    "mime": "application/zip",
    "size": 1536000,
    "sha256": "3b6c5d9a3b5c9e89fabae0234567890abcdef1234567890abcdef1234567890",
    "content_base64": "BASE64_ENCODED_CONTENT"
  }
}
curl -sS -X POST "https://inkless.co.uk/api/download_envelope_archive" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{"envelope_token": "your_envelope_token"}'

Common Errors

HTTPErrorMeaning
400envelope_token is requiredProvide a valid envelope_token in the body.
404envelope not foundThe requested envelope could not be found.
500server errorUnexpected failure (archive creation, file I/O, etc.).

Get Envelope Status

POST /api/get_envelope_status

Fetches the status of an envelope to check the signing progress and details of its recipients.

Request

Send a POST request with the envelope token to get the envelope status.

Request Body

Example
                    
{
  "envelope_token": "your_envelope_token"
}

Response

200 OK

Example
{
  "ok": true,
  "status": "in_progress",
  "recipients": [
    {
      "name": "Joe Blogs",
      "email": "Joe@example.com",
      "status": "signed",
      "signed_at": "2025-09-05 10:14:00"
    },
    {
      "name": "Manager",
      "email": "manager@example.com",
      "status": "pending"
    }
  ]
}
curl -sS -X POST "https://inkless.co.uk/api/get_envelope_status" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{"envelope_token": "your_envelope_token"}'

Common Errors

HTTPErrorMeaning
400envelope_token is requiredProvide a valid envelope_token in the body.
404envelope not foundThe requested envelope could not be found.
500server errorUnexpected failure (status retrieval, network issues, etc.).

Error Handling

We return a non-2xx HTTP status and a JSON body with ok: false and an error key. Your client should check response.ok and handle these values appropriately.

For example:

Example
                    
{
  "ok": false,
  "error": "documents is required"
}

Common errors

HTTPErrorMeaning
400documents is requiredProvide a non-empty documents array with valid document IDs.
400document_id is requiredEach document must have a valid document_id. It is required for mapping and document preparation.
400email_template_id is requiredProvide a valid email template ID.
400no valid documents or recipientsCheck document IDs and recipients (name, email, and recipient numbers).
401Missing or invalid token.
402insufficient_creditsBuy credits or top up.
403email template not found for this companyTemplate ownership mismatch.
403invalid_document_idsOne or more documents aren’t owned by your company.
500server errorUnexpected failure (conversion, I/O). Retry or contact support.

Webhooks (optional)

Inkless can POST JSON to your webhook endpoint for events such as:

  • document_signing_link_sent
  • document_signed
  • archive_ready
  • link_resent
Example payload
{
  "event": "document_signed",
  "company_id": 16,
  "doc_token": "a1b2...c3d4",
  "secure_link_id": 271,
  "recipient": { "name": "Joe Blogs", "email": "Joe@example.com" },
  "signed_at": "2025-09-04T10:25:31Z",
  "metadata": { "ip": "203.0.113.5", "user_agent": "..." }
}

Ask support to enable & configure your webhook URL. Use HTTPS. We can sign payloads and retry deliveries if needed.

Changelog

  • 2025-09-04 — Added docs for get_credits, list_email_templates, list_document_templates, and get_artifact. Kept layout, added PHP/Python examples, generic tab & copy handling.
  • 2025-09-04 — Initial docs for send_link. Credits check & debit, ownership checks, audit logging, first-batch mailing.