Zoho Sign API Integration in Node.js (2026 Complete Guide)
After the rise of Artificial Intelligence and automation, businesses are rapidly moving toward digital document workflows.
Companies are now using digital document signing systems instead of physical signatures, which helps speed up approvals and automate paperwork.
Zoho Sign is a powerful electronic signature platform that provides APIs for developers to integrate document signing workflows into their applications.
In this guide, we will learn in detail:
- What Zoho Sign API is
- How to integrate it in Node.js
- How OAuth authentication works
- How document upload and sending works
- How webhooks work
- How to maintain document status on a website
- Real-world production use cases
What Is Zoho Sign API?
Zoho Sign is a digital signature service that allows developers to electronically send, sign, and track documents through APIs.
Using Zoho Sign APIs, developers can:
- Upload PDF documents
- Send signing requests to users
- Track signature status
- Create automated workflows
- Receive real-time updates through webhooks
- Automate contract management
Real-World Use Cases of Zoho Sign APIs
- Employment offer letters
- Freelance contracts
- Rental agreements
- Loan approvals
- NDA signing
- Client onboarding
- HR document approvals
- Insurance documents
- Business contracts
Why Developers Use Zoho Sign APIs
- Easy API integration
- Secure document signing
- Legally valid electronic signatures
- Webhook support
- Real-time status tracking
- Workflow automation
- Multi-user signing support
- Cloud-based system
- Mobile-friendly signing
How Zoho Sign Workflow Works
The basic workflow looks like this:
- The user uploads a document on the website
- The backend sends a request to the Zoho Sign API
- Zoho Sign creates the document request
- The signer receives an email or signing link
- The user signs the document
- Zoho triggers the webhook
- The website database updates the document status
Step 1: Create Node.js Project
mkdir zoho-sign-nodejs cd zoho-sign-nodejs npm init -y
Step 2: Install Required Packages
npm install express axios dotenv multer form-data
Step 3: Create Express Server
const express = require('express');
const dotenv = require('dotenv');
dotenv.config();
const app = express();
app.use(express.json());
app.listen(3000, () => {
console.log('Server running on port 3000');
});
Step 4: Create Zoho Developer Application
To use Zoho Sign APIs, you need to create an application in the Zoho Developer Console.
From there, you will receive:
- Client ID
- Client Secret
- Redirect URI
These credentials are used for OAuth authentication.
Step 5: Generate OAuth Access Token
Zoho Sign APIs do not use direct API keys.
They use OAuth 2.0 authentication.
Authorization URL:
https://accounts.zoho.com/oauth/v2/auth
Example:
https://accounts.zoho.com/oauth/v2/auth?scope=ZohoSign.documents.ALL&client_id=YOUR_CLIENT_ID&response_type=code&access_type=offline&redirect_uri=http://localhost:3000/callback
The user will authorize the application, and you will receive an authorization code.
Step 6: Exchange Authorization Code for Access Token
const axios = require('axios');
async function generateToken(code) {
const response = await axios.post(
'https://accounts.zoho.com/oauth/v2/token',
null,
{
params: {
grant_type: 'authorization_code',
client_id: process.env.CLIENT_ID,
client_secret: process.env.CLIENT_SECRET,
redirect_uri: process.env.REDIRECT_URI,
code: code
}
}
);
console.log(response.data);
}
generateToken('AUTHORIZATION_CODE');
Example .env File
CLIENT_ID=your_client_id CLIENT_SECRET=your_client_secret REDIRECT_URI=http://localhost:3000/callback ACCESS_TOKEN=your_access_token
Step 7: Upload Document to Zoho Sign
const fs = require('fs');
const FormData = require('form-data');
app.post('/upload-document', async (req, res) => {
try {
const form = new FormData();
form.append(
'file',
fs.createReadStream('./contract.pdf')
);
const response = await axios.post(
'https://sign.zoho.com/api/v1/requests',
form,
{
headers: {
Authorization: `Zoho-oauthtoken ${process.env.ACCESS_TOKEN}`,
...form.getHeaders()
}
}
);
res.json(response.data);
} catch (error) {
res.status(500).json({
error: error.message
});
}
});
Step 8: Send Document for Signature
const data = {
requests: {
request_name: 'Employment Agreement',
actions: [
{
action_type: 'SIGN',
recipient_name: 'John Doe',
recipient_email: 'john@example.com'
}
]
}
};
const response = await axios.post(
'https://sign.zoho.com/api/v1/requests',
data,
{
headers: {
Authorization: `Zoho-oauthtoken ${process.env.ACCESS_TOKEN}`
}
}
);
How Signing Links Work
Zoho Sign can automatically:
- Send emails to signers
- Generate signing URLs
Developers can also display signing links inside a custom frontend application.
const signingLink = response.data.requests.sign_url;
You can display this link on your website.
What Are Webhooks in Zoho Sign?
A webhook is an automated callback URL.
Whenever any action happens on a document:
- Signed
- Declined
- Viewed
- Expired
Zoho automatically notifies your backend endpoint.
Why Webhooks Are Important
- Provide real-time updates
- Reduce server load
- Make automation easier
- Instantly update document status
Step 9: Create Webhook Endpoint in Node.js
app.post('/zoho-webhook', (req, res) => {
const webhookData = req.body;
console.log(webhookData);
res.status(200).send('Webhook Received');
});
Example Webhook Payload
{
"request_id": "123456",
"status": "completed",
"document_name": "Contract.pdf",
"signed_time": "2026-05-28"
}
How to Maintain Document Status in Database
Developers mostly use MongoDB or MySQL.
Example status values:
- pending
- viewed
- signed
- declined
- expired
After receiving the webhook, update the database accordingly.
await db.query( 'UPDATE documents SET status=? WHERE request_id=?', ['signed', webhookData.request_id] );
How to Show Document Status on Website
In the dashboard, you can display:
- Pending
- Signed
- Expired
- Rejected
statuses for documents.
The frontend will call the backend API and fetch the latest document status.
app.get('/document-status/:id', async (req, res) => {
const document = await db.query(
'SELECT * FROM documents WHERE id=?',
[req.params.id]
);
res.json(document);
});
Multi-Signer Workflow
actions: [
{
recipient_name: 'Manager',
recipient_email: 'manager@test.com'
},
{
recipient_name: 'Employee',
recipient_email: 'employee@test.com'
}
]
Security Best Practices
- Keep access tokens secure
- Use HTTPS
- Implement webhook verification
- Use environment variables
- Add rate limiting
- Do not publicly expose signed URLs
Common Mistakes Developers Make
- Exposing access tokens in the frontend
- Skipping webhook validation
- Not handling expired tokens
- Ignoring document permissions
- Skipping file validation
Zoho Sign API Limitations
- API rate limits
- File size limits
- OAuth token expiration
- Region-specific endpoints
Best Architecture for Zoho Sign Integration
Recommended architecture:
Frontend → Node.js Backend → Zoho Sign API
Never call Zoho APIs directly from the frontend.
The backend maintains security.
Final Thoughts
Zoho Sign APIs provide developers with the ability to build powerful document automation workflows.
Using Node.js and Express, developers can easily build:
- Digital signing systems
- Contract automation platforms
- HR onboarding systems
- Client approval systems
Webhook integrations and real-time status tracking have become extremely important for modern SaaS applications.
Developers who understand document automation and workflow APIs will build far more scalable business applications in the future.
