Recipient authentication
Multiple Authentication Methods
Combine authentication methods to require recipients to complete more than one verification step.
You can combine multiple authentication methods in a single ceremony. Recipients must complete each method in sequence before accessing the ceremony.
Rules
Not all combinations are valid. The table below shows which methods can appear at each position.
| Method | First step | Second step and beyond |
|---|---|---|
| Email Link | Yes | No |
| Email Code | Yes | Yes |
| Custom | Yes | No |
Additional constraints:
- A ceremony supports a maximum of 5 authentication methods.
email_linkandcustomcan each only be used as the first step.email_linkandcustomcannot be combined together.- You cannot use the same authentication method more than once in a ceremony.
Common combinations
Custom + Email Code
Your application authenticates the recipient first. SignatureAPI then independently verifies the recipient’s identity by sending a code to their email.
Use this combination when you want to authenticate recipients in your own system and also require a second factor that SignatureAPI controls.
// POST https://api.signatureapi.com/v1/recipients/{recipient_id}/ceremonies
// X-API-Key: key_test_...
// Content-Type: application/json
{
"authentication": [
{
"type": "custom",
"provider": "SuperApp",
"data": {
"Session ID": "a4f9e8b2-7c1d-4b2d-9a4b-e0c5d6f7a1b3",
"Authenticated At": "2026-01-15T10:30:00Z"
}
},
{
"type": "email_code"
}
]
}Recipient experience:
Authentication in your app
The recipient authenticates in your system (custom authentication).
Access the ceremony
You direct the recipient to the ceremony URL or embed the ceremony in your app.
Email verification
SignatureAPI prompts for additional email verification.
Code entry
The recipient enters the 9-digit code from their email.
Signing
The recipient proceeds to sign documents.
Email Link + Email Code
SignatureAPI sends the invitation email automatically. When the recipient opens the ceremony, they must also enter an email verification code.
Use this combination when you want SignatureAPI to handle delivery but also need a second verification step inside the ceremony, for example to meet compliance requirements.
// POST https://api.signatureapi.com/v1/recipients/{recipient_id}/ceremonies
// X-API-Key: key_test_...
// Content-Type: application/json
{
"authentication": [
{
"type": "email_link"
},
{
"type": "email_code"
}
]
}Recipient experience:
Email link
The recipient clicks the ceremony link in the email sent by SignatureAPI.
Email verification
SignatureAPI prompts for a second verification step.
Code entry
The recipient enters the 9-digit code from their email.
Signing
The recipient proceeds to sign documents.