Create a signature request with the embedded `client_id` parameter set to your app's client ID, using `POST /signature_request/create_embedded`.
From the response, extract the `signature_id` for each signer (this is distinct from the `signature_request_id`).
Fetch the signing URL by calling `GET /embedded/sign_url/{signature_id}` with your API key as HTTP Basic Auth. The response contains a `sign_url` and an `expires_at` timestamp.
Open the `sign_url` inside an iFrame on your page using the Dropbox Sign Embedded JS library (`HelloSign.open(signUrl, {clientId: ...})`).
Listen for the `sign` event from the library to detect completion and then close the iFrame or redirect the signer.
Known gotchas
The `sign_url` expires approximately 60 minutes after generation (or on first access); generate it just before the signer loads the signing page rather than in advance.
The `signature_id` is per-signer and does not expire — you can always call `GET /embedded/sign_url/{signature_id}` again to get a fresh URL for the same signer.
The embedded JS library must be loaded from the Dropbox Sign CDN; self-hosting the library is not supported and will break the postMessage communication.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp