Zoho Sign API Integration in Node.js (2026 Complete Guide)

After the rise of Artificial Intelligence and automation, businesses are rapidly moving toward digital document workflows.

Companies are now using digital document signing systems instead of physical signatures, which helps speed up approvals and automate paperwork.

Zoho Sign is a powerful electronic signature platform that provides APIs for developers to integrate document signing workflows into their applications.

In this guide, we will learn in detail:

• What Zoho Sign API is
• How to integrate it in Node.js
• How OAuth authentication works
• How document upload and sending works
• How webhooks work
• How to maintain document status on a website
• Real-world production use cases

What Is Zoho Sign API?

Zoho Sign is a digital signature service that allows developers to electronically send, sign, and track documents through APIs.

Using Zoho Sign APIs, developers can:

• Upload PDF documents
• Send signing requests to users
• Track signature status
• Create automated workflows
• Receive real-time updates through webhooks
• Automate contract management

Real-World Use Cases of Zoho Sign APIs

• Employment offer letters
• Freelance contracts
• Rental agreements
• Loan approvals
• NDA signing
• Client onboarding
• HR document approvals
• Insurance documents
• Business contracts

Why Developers Use Zoho Sign APIs

• Easy API integration
• Secure document signing
• Legally valid electronic signatures
• Webhook support
• Real-time status tracking
• Workflow automation
• Multi-user signing support
• Cloud-based system
• Mobile-friendly signing

How Zoho Sign Workflow Works

The basic workflow looks like this:

1. The user uploads a document on the website
2. The backend sends a request to the Zoho Sign API
3. Zoho Sign creates the document request
4. The signer receives an email or signing link
5. The user signs the document
6. Zoho triggers the webhook
7. The website database updates the document status

Step 1: Create Node.js Project

mkdir zoho-sign-nodejs
cd zoho-sign-nodejs
npm init -y

Step 2: Install Required Packages

npm install express axios dotenv multer form-data

Step 3: Create Express Server

const express = require('express');
const dotenv = require('dotenv');

dotenv.config();

const app = express();

app.use(express.json());

app.listen(3000, () => {
  console.log('Server running on port 3000');
});

Step 4: Create Zoho Developer Application

To use Zoho Sign APIs, you need to create an application in the Zoho Developer Console.

From there, you will receive:

• Client ID
• Client Secret
• Redirect URI

These credentials are used for OAuth authentication.

Step 5: Generate OAuth Access Token

Zoho Sign APIs do not use direct API keys.

They use OAuth 2.0 authentication.

Authorization URL:

https://accounts.zoho.com/oauth/v2/auth

Example:

https://accounts.zoho.com/oauth/v2/auth?scope=ZohoSign.documents.ALL&client_id=YOUR_CLIENT_ID&response_type=code&access_type=offline&redirect_uri=http://localhost:3000/callback

The user will authorize the application, and you will receive an authorization code.

Step 6: Exchange Authorization Code for Access Token

const axios = require('axios');

async function generateToken(code) {

  const response = await axios.post(
    'https://accounts.zoho.com/oauth/v2/token',
    null,
    {
      params: {
        grant_type: 'authorization_code',
        client_id: process.env.CLIENT_ID,
        client_secret: process.env.CLIENT_SECRET,
        redirect_uri: process.env.REDIRECT_URI,
        code: code
      }
    }
  );

  console.log(response.data);
}

generateToken('AUTHORIZATION_CODE');

Example .env File

CLIENT_ID=your_client_id
CLIENT_SECRET=your_client_secret
REDIRECT_URI=http://localhost:3000/callback
ACCESS_TOKEN=your_access_token

Step 7: Upload Document to Zoho Sign

const fs = require('fs');
const FormData = require('form-data');

app.post('/upload-document', async (req, res) => {

  try {

    const form = new FormData();

    form.append(
      'file',
      fs.createReadStream('./contract.pdf')
    );

    const response = await axios.post(
      'https://sign.zoho.com/api/v1/requests',
      form,
      {
        headers: {
          Authorization: `Zoho-oauthtoken ${process.env.ACCESS_TOKEN}`,
          ...form.getHeaders()
        }
      }
    );

    res.json(response.data);

  } catch (error) {

    res.status(500).json({
      error: error.message
    });

  }

});

Step 8: Send Document for Signature

const data = {
  requests: {
    request_name: 'Employment Agreement',
    actions: [
      {
        action_type: 'SIGN',
        recipient_name: 'John Doe',
        recipient_email: 'john@example.com'
      }
    ]
  }
};

const response = await axios.post(
  'https://sign.zoho.com/api/v1/requests',
  data,
  {
    headers: {
      Authorization: `Zoho-oauthtoken ${process.env.ACCESS_TOKEN}`
    }
  }
);

How Signing Links Work

Zoho Sign can automatically:

• Send emails to signers
• Generate signing URLs

Developers can also display signing links inside a custom frontend application.

const signingLink = response.data.requests.sign_url;

You can display this link on your website.

What Are Webhooks in Zoho Sign?

A webhook is an automated callback URL.

Whenever any action happens on a document:

• Signed
• Declined
• Viewed
• Expired

Zoho automatically notifies your backend endpoint.

Why Webhooks Are Important

• Provide real-time updates
• Reduce server load
• Make automation easier
• Instantly update document status

Step 9: Create Webhook Endpoint in Node.js

app.post('/zoho-webhook', (req, res) => {

  const webhookData = req.body;

  console.log(webhookData);

  res.status(200).send('Webhook Received');

});

Example Webhook Payload

{
  "request_id": "123456",
  "status": "completed",
  "document_name": "Contract.pdf",
  "signed_time": "2026-05-28"
}

How to Maintain Document Status in Database

Developers mostly use MongoDB or MySQL.

Example status values:

• pending
• viewed
• signed
• declined
• expired

After receiving the webhook, update the database accordingly.

await db.query(
  'UPDATE documents SET status=? WHERE request_id=?',
  ['signed', webhookData.request_id]
);

How to Show Document Status on Website

In the dashboard, you can display:

• Pending
• Signed
• Expired
• Rejected

statuses for documents.

The frontend will call the backend API and fetch the latest document status.

app.get('/document-status/:id', async (req, res) => {

  const document = await db.query(
    'SELECT * FROM documents WHERE id=?',
    [req.params.id]
  );

  res.json(document);

});

Multi-Signer Workflow

actions: [
  {
    recipient_name: 'Manager',
    recipient_email: 'manager@test.com'
  },
  {
    recipient_name: 'Employee',
    recipient_email: 'employee@test.com'
  }
]

Security Best Practices

• Keep access tokens secure
• Use HTTPS
• Implement webhook verification
• Use environment variables
• Add rate limiting
• Do not publicly expose signed URLs

Common Mistakes Developers Make

• Exposing access tokens in the frontend
• Skipping webhook validation
• Not handling expired tokens
• Ignoring document permissions
• Skipping file validation

Zoho Sign API Limitations

• API rate limits
• File size limits
• OAuth token expiration
• Region-specific endpoints

Best Architecture for Zoho Sign Integration

Recommended architecture:

Frontend → Node.js Backend → Zoho Sign API

Never call Zoho APIs directly from the frontend.

The backend maintains security.

Final Thoughts

Zoho Sign APIs provide developers with the ability to build powerful document automation workflows.

Using Node.js and Express, developers can easily build:

• Digital signing systems
• Contract automation platforms
• HR onboarding systems
• Client approval systems

Webhook integrations and real-time status tracking have become extremely important for modern SaaS applications.

Developers who understand document automation and workflow APIs will build far more scalable business applications in the future.