Service: Electronic Signature
The Electronic Signature Service is a specialized component responsible for managing the legally binding execution of all critical documents on the platform. It integrates with a dedicated third-party provider (e.g., Dropbox Sign) to ensure all agreements are signed in a compliant, secure, and auditable manner.
This engine is built on four key pillars:
Legal Compliance: Ensures all electronic signatures adhere to legal standards, making them as binding as a wet signature.
Security & Verifiability: Provides strong signer authentication and generates tamper-proof certificates of completion for every signed document.
Automation: Eliminates the need for manual paperwork, dramatically speeding up the investment closing process.
Seamless Integration: Embeds the signing process directly within the investment workflow, providing a smooth, uninterrupted experience for the investor.
Core Technical Components & APIs
This service acts as a bridge between our platform's business logic and the external e-signature provider.
Primary Models:
Investment Model: The primary object that a signing event is associated with. The service updates this model's
signature_status.Document Model: The service uses this model (via the Filer) to store the final, executed agreements.
Offer Model: The source for the document templates that need to be signed.
Governing Logic:
Investment Status Lifecycle: The signing process is a critical step within this lifecycle.
Global Business Rules: It enforces the "re-signature" rule if investment data changes.
Primary APIs:
e-signature-api: Exposed by this service to allow other services (like Investment Process Management) to initiate a signing session.
Consumed APIs: This service consumes the APIs of the third-party provider to create templates, send signature requests, and retrieve signed documents.
The Process Lifecycle: A Step-by-Step Breakdown
The engine manages a signing session through a distinct, three-phase lifecycle.
Phase 1: Document Preparation & Generation
This phase begins when another service requests a document to be signed for a specific investment.
Template Retrieval: The service identifies the correct document template based on the Offer the investor is committing to.
Dynamic Data Merging: It fetches the specific details from the Investment, Profile, and Offer models and merges them into the template to create a personalized, unique agreement for the investor.
Phase 2: Embedded Signing Experience
The engine then presents the prepared document to the user in a secure, hosted environment.
Session Creation: The service calls the third-party provider's API to generate a secure, one-time-use embedded signing URL.
Presentation: This URL is passed back to the calling service, which presents the signing interface to the user directly within the investment process. The user completes all required fields and applies their signature within the provider's secure UI.
Phase 3: Finalization, Storage & Auditing
This phase completes the process after the user has signed.
Webhook Confirmation: The service listens for a webhook from the e-signature provider confirming the signing process is complete.
Status Update: Upon confirmation, it immediately updates the Investment record's
signature_statustoSIGNED.Secure Storage: The service retrieves the final, executed PDF of the agreement and the accompanying audit trail document (Certificate of Completion) from the provider. It then uses the Filer to securely store these files, linking them to the Investment record.
Advanced Scenarios & Platform Resilience
Re-signature on Data Change: If critical data on an Investment (e.g.,
amount,ownership) is modified after the signature step has been completed, the engine must automatically void the previous signature and require the investor to re-sign the updated agreement.Signing Session Expiration: If an investor does not complete a signing session within a pre-configured timeframe, the session will expire, and they will need to restart the step.
Declined to Sign: If an investor explicitly declines to sign a document, the service logs this action and prevents the Investment from proceeding.
Provider Unavailability: If the third-party provider's API is unavailable, the service will log the error and employ a retry mechanism to ensure the request is eventually processed.