Three-legged OAuth

signNow API allows third-party applications to access users’ resources in signNow account. All they need is to get a token with the authorization_code grant type.


  • Obtain an authorization code
  • Request a bearer token using the authorization code

signNow generates an authorization code automatically for the application’s client ID. Having generated the code, signNow passes it as a query parameter of the redirect_URI.


▶ Embed the following link to signNow Auth page with specific query parameters into your app/crm/website

Required query parameters: client_id, redirect_uri, response_type=code

Link to embed:



Example: link to get the authorization code

▶ Follow the link
▶ Log in to signNow (thus authorizing your app at signNow)
▶ Click Grant access to signNow
▶ The redirect_uri opens. This time with an authorization code in the code query parameter: retrieve authorization code from the URI

Example: redirect URI with an authorization code


▶ Use the authorization code to get a bearer access token with grant type authorization_code

curl -X POST '' \
-H 'Authorization: Basic {{basic_token}}' \
-H 'Content-Type: multipart/form-data;' \
-F 'grant_type=authorization_code' \
-F 'scope=*' \
-F 'code={{authorization_code}}'

Here is an example of JSON you get in response:

  "expires_in": "1584793649",
  "token_type": "bearer",
  "access_token": "4f3c0ce3f667fd20418fe866b29cb51bdd7f86d997a36364d65f7ac02071aaa4",
  "refresh_token": "5c10fbb9b0e6056a018c6470e3015448711060043d620efdb47c4bbad9531c34",
  "scope": "*",
  "last_login": 1