> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firma.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# List Signing Requests

> Retrieve a paginated list of signing requests



## OpenAPI

````yaml api-reference/v01.12.00/openapi-v01.12.00.json get /signing-requests
openapi: 3.0.3
info:
  title: Firma Partner API
  description: >-
    RESTful API for document signing and template management.


    **Authentication**: All endpoints require API key authentication via the
    `Authorization` header. Use your API key directly without any prefix (e.g.,
    `your-api-key`). The Bearer prefix is optional but not required.


    **Security Features**:

    - Input validation using Zod schemas with detailed field-level error
    messages

    - RSA-256 signed JWT tokens for embedded template access


    **Rate Limiting**: Rate limits are tiered based on operation type:

    - Read operations (GET): 200 requests per minute

    - Write operations (POST/PUT/PATCH/DELETE): 120 requests per minute

    - Webhook CRUD operations: 60 requests per minute

    - Webhook test: 10 requests per minute

    - API key regeneration/expiration: 1 request per minute

    - Webhook secret rotation: 1 request per minute


    When rate limits are exceeded, the API returns a `429 Too Many Requests`
    response with headers:

    - `X-RateLimit-Limit`: Maximum requests per minute for this endpoint

    - `X-RateLimit-Remaining`: Requests remaining in current window

    - `X-RateLimit-Reset`: Unix timestamp when limit resets

    - `Retry-After`: Seconds until retry is allowed


    **Error Handling**: All errors return structured JSON responses with `error`
    (human-readable message), `code` (machine-readable identifier), and
    `details` (field-level validation errors when applicable).


    **Embedded Template Integration**: The Firma Template Editor can be embedded
    in your application using a standalone JavaScript library.


    ```html

    <!-- Load the Firma Template Editor library -->

    <script
    src="https://api.firma.dev/functions/v1/embed-proxy/template-editor.js"></script>


    <script>

    // Generate JWT token via API first

    fetch('https://api.firma.dev/functions/v1/signing-request-api/generate-template-token',
    {
      method: 'POST',
      headers: {
        'Authorization': 'YOUR_API_KEY',
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        companies_workspaces_templates_id: 'template-id'
      })
    })

    .then(res => res.json())

    .then(data => {
      // Initialize editor with JWT token
      window.FirmaTemplateEditor.init({
        container: '#firma-editor-container',
        jwt: data.token,
        templateId: 'template-id',
        theme: 'dark',
        readOnly: false,
        onSave: (savedData) => {
          console.log('Template saved:', savedData);
        },
        onError: (error) => {
          console.error('Editor error:', error);
        },
        onLoad: (template) => {
          console.log('Template loaded:', template);
        }
      });
    });

    ```
  version: 01.12.00
  contact:
    name: API Support
    url: https://firma.com/support
servers:
  - url: https://api.firma.dev/functions/v1/signing-request-api
    description: Production API - Recommended (Current)
  - url: https://api.firma.dev/api/v1
    description: Production API - Planned
security:
  - ApiKeyAuth: []
tags:
  - name: Company
    description: Company information and settings
  - name: Workspaces
    description: Workspace management operations
  - name: Templates
    description: Template management operations
  - name: Signing Requests
    description: Document signing request operations
  - name: Custom Fields
    description: >-
      Custom field definition management for workspaces, templates, and signing
      requests
  - name: Webhooks
    description: Webhook configuration and management
  - name: JWT Management
    description: JWT token generation and revocation for embedded templates
  - name: Workspace Settings
    description: Workspace configuration and settings
  - name: Email Domains
    description: >-
      Email domain setup and verification for sending signing request emails
      from custom domains
  - name: Email Templates
    description: >-
      Email template management for workspace and company-level customization of
      signing request notifications
  - name: Legacy
    description: Deprecated endpoints maintained for backward compatibility
paths:
  /signing-requests:
    get:
      tags:
        - Signing Requests
      summary: List Signing Requests
      description: Retrieve a paginated list of signing requests
      parameters:
        - name: page
          in: query
          schema:
            type: integer
            minimum: 1
            default: 1
          description: Page number
        - name: page_size
          in: query
          schema:
            type: integer
            minimum: 1
            maximum: 200
            default: 50
          description: Items per page
        - name: name
          in: query
          schema:
            type: string
          description: Filter by signing request name (partial match, case-insensitive)
        - name: status
          in: query
          schema:
            type: string
            enum:
              - not_sent
              - in_progress
              - finished
              - cancelled
              - declined
              - deleted
              - expired
          description: >-
            Filter by signing request status. Supports multiple comma-separated
            values.


            **Available statuses:**

            - `not_sent`: Request created but not yet sent to signers

            - `in_progress`: Sent to signers but not completed, cancelled,
            declined, or expired

            - `finished`: All signers have completed

            - `cancelled`: Request was cancelled by sender

            - `declined`: A signer declined to sign (request stopped)

            - `deleted`: Soft-deleted records (normally hidden)

            - `expired`: Sent but past expiration time (sent_on +
            expiration_hours < now)


            **Example:** `?status=in_progress,expired`


            **Note:** The `expired` status uses post-filtering which may have
            performance implications on large datasets.
        - name: created_after
          in: query
          schema:
            type: string
            format: date-time
          description: Filter signing requests created after this date (ISO 8601 format)
        - name: created_before
          in: query
          schema:
            type: string
            format: date-time
          description: Filter signing requests created before this date (ISO 8601 format)
        - name: signer_email
          in: query
          schema:
            type: string
          description: Filter by signer email address (exact match)
        - name: signer_name
          in: query
          schema:
            type: string
          description: Filter by signer name (partial match, case-insensitive)
        - name: sort_by
          in: query
          schema:
            type: string
            enum:
              - name
              - created_on
              - expiration_hours
              - sent_on
              - finished_on
            default: created_on
          description: Field to sort by
        - name: sort_order
          in: query
          schema:
            type: string
            enum:
              - asc
              - desc
            default: desc
          description: Sort order
      responses:
        '200':
          description: Signing requests retrieved successfully
          headers:
            X-RateLimit-Limit:
              schema:
                type: integer
              description: 'Rate limit: 200 requests per minute'
            X-RateLimit-Remaining:
              schema:
                type: integer
            X-RateLimit-Reset:
              schema:
                type: integer
          content:
            application/json:
              schema:
                type: object
                properties:
                  results:
                    type: array
                    items:
                      $ref: '#/components/schemas/SigningRequestListItem'
                  pagination:
                    type: object
                    properties:
                      current_page:
                        type: integer
                      page_size:
                        type: integer
                      total_count:
                        type: integer
                      total_pages:
                        type: integer
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '429':
          $ref: '#/components/responses/RateLimitError'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    SigningRequestListItem:
      type: object
      description: Signing request as returned by the LIST endpoint (GET /signing-requests)
      properties:
        id:
          type: string
          format: uuid
          description: Unique identifier for the signing request
        name:
          type: string
          description: Signing request name
          maxLength: 255
        description:
          type: string
          nullable: true
          description: Signing request description
        status:
          type: string
          enum:
            - not_sent
            - in_progress
            - finished
            - cancelled
            - declined
            - deleted
            - expired
          description: Current status of the signing request
        document_url:
          type: string
          format: uri
          description: >-
            Pre-signed URL to the PDF document. This is a time-limited signed
            URL for secure access - see document_url_expires_at for expiration
            time. Initial URLs are valid for 7 days; refreshed URLs are valid
            for 1 hour. Request a new signing request retrieval to get a fresh
            URL if expired.
        document_url_expires_at:
          type: string
          format: date-time
          nullable: true
          description: >-
            ISO 8601 timestamp when the document_url will expire. After this
            time, the URL will return an access denied error. Fetch the signing
            request again to receive a fresh signed URL.
        page_count:
          type: integer
          minimum: 1
          description: Number of pages in the document
        expiration_hours:
          type: integer
          minimum: 1
          default: 168
          description: 'Hours until signing request expires (default: 168 = 7 days)'
        expires_at:
          type: string
          format: date-time
          nullable: true
          description: >-
            ISO 8601 timestamp when the signing request expires. Computed from
            sent_date + expiration_hours. Null if the signing request has not
            been sent yet or has no expiration_hours set.
        credit_cost:
          type: integer
          minimum: 1
          default: 1
          description: >-
            Number of credits consumed when this signing request was sent.
            Minimum value is 1.
        template_id:
          type: string
          format: uuid
          nullable: true
          description: Template ID if created from a template
        settings:
          $ref: '#/components/schemas/SigningRequestSettings'
        created_date:
          type: string
          format: date-time
          description: Creation timestamp
        updated_date:
          type: string
          format: date-time
          description: Last update timestamp
        sent_date:
          type: string
          format: date-time
          nullable: true
          description: When the signing request was sent
        finished_date:
          type: string
          format: date-time
          nullable: true
          description: When all signatures were completed
        cancelled_date:
          type: string
          format: date-time
          nullable: true
          description: When the signing request was cancelled
        declined_date:
          type: string
          format: date-time
          nullable: true
          description: When the signing request was declined
        recipients:
          type: array
          description: Signing request recipients (simplified shape)
          items:
            $ref: '#/components/schemas/SigningRequestListRecipient'
        fields:
          type: array
          description: Signing request fields with nested position object
          items:
            type: object
            properties:
              id:
                type: string
                format: uuid
              type:
                type: string
                enum:
                  - text
                  - signature
                  - date
                  - checkbox
                  - dropdown
                  - radio_buttons
                  - number
                  - text_area
                  - file
                  - initial
              required:
                type: boolean
              recipient_id:
                type: string
                format: uuid
                nullable: true
              variable_name:
                type: string
                nullable: true
              position:
                type: object
                properties:
                  x:
                    type: number
                  'y':
                    type: number
                  width:
                    type: number
                  height:
                    type: number
              value:
                type: string
                nullable: true
                description: Final value of the field after signing
              dropdown_options:
                type: array
                items:
                  type: string
                nullable: true
              format_rules:
                $ref: '#/components/schemas/DateFormatRules'
                nullable: true
              validation_rules:
                $ref: '#/components/schemas/FieldValidationRules'
    SigningRequestSettings:
      type: object
      description: >-
        Signing request and template settings. All 9 fields are returned by
        every endpoint that includes settings.
      properties:
        allow_download:
          type: boolean
          description: Whether recipients can download the document
          default: true
        attach_pdf_on_finish:
          type: boolean
          description: Whether to attach PDF when signing is complete
          default: true
        allow_editing_before_sending:
          type: boolean
          description: Whether the signing request can be edited before sending
          default: false
        use_signing_order:
          type: boolean
          description: >-
            Whether signing order is enforced among recipients. When true,
            signers receive the document in sequence based on their order. When
            false, all signers receive the document simultaneously.
          default: true
        hand_drawn_only:
          type: boolean
          description: >-
            When enabled, signers can only hand-draw their signatures and cannot
            use typed/font-based signatures
          default: false
        send_signing_email:
          type: boolean
          description: Whether to send signing request notification emails to signers
          default: true
        send_finish_email:
          type: boolean
          description: Whether to send completion email when all signers finish
          default: true
        send_expiration_email:
          type: boolean
          description: Whether to send expiration notification email when request expires
          default: true
        send_cancellation_email:
          type: boolean
          description: >-
            Whether to send cancellation notification email when request is
            cancelled
          default: true
        require_otp_verification:
          type: boolean
          nullable: true
          description: >-
            Whether signers must verify their email with a one-time code before
            accessing the document. null = inherit from workspace/company
            setting.
          default: null
    SigningRequestListRecipient:
      type: object
      description: >-
        Recipient as returned in LIST signing request responses (simplified
        shape)
      properties:
        id:
          type: string
          format: uuid
          description: Unique identifier for the recipient
        name:
          type: string
          description: Combined full name
        email:
          type: string
          format: email
          description: Recipient email address
        designation:
          type: string
          enum:
            - Signer
          description: Role of the recipient
        order:
          type: integer
          minimum: 1
          description: Signing order
        finished_date:
          type: string
          format: date-time
          nullable: true
          description: When this recipient completed signing
        signature_details:
          type: object
          nullable: true
          description: Details about the recipient's signature
    DateFormatRules:
      type: object
      description: >-
        Formatting rules for date fields. Specifies how date values should be
        displayed and formatted.
      properties:
        dateFormat:
          type: string
          description: >-
            Date format pattern. Use predefined formats or custom patterns with:
            yyyy (4-digit year), MM (2-digit month), dd (2-digit day), MMMM
            (full month name), MMM (abbreviated month name), HH (24-hour), mm
            (minute), ss (second). Examples: 'MM/dd/yyyy' displays as
            01/31/2024, 'MMMM dd, yyyy' displays as January 31, 2024.
          enum:
            - MM/dd/yyyy
            - dd/MM/yyyy
            - yyyy-MM-dd
            - MMMM dd, yyyy
            - MMM dd, yyyy
            - dd MMMM yyyy
          default: MM/dd/yyyy
      example:
        dateFormat: MMMM dd, yyyy
    FieldValidationRules:
      type: object
      nullable: true
      description: >-
        Validation rules for field values. Reserved for future use - currently
        not enforced for any field types.
      additionalProperties: true
    Error:
      type: object
      properties:
        error:
          type: string
          description: Human-readable error message
        message:
          type: string
          description: Detailed error description
        details:
          type: object
          description: Additional error details
          additionalProperties: true
  responses:
    UnauthorizedError:
      description: Unauthorized - Invalid or missing API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: Unauthorized
            message: Invalid API key
    RateLimitError:
      description: Too Many Requests - Rate limit exceeded
      headers:
        X-RateLimit-Limit:
          schema:
            type: integer
          description: Maximum requests per minute
        X-RateLimit-Remaining:
          schema:
            type: integer
          description: Requests remaining
        X-RateLimit-Reset:
          schema:
            type: integer
          description: Unix timestamp of reset
        Retry-After:
          schema:
            type: integer
          description: Seconds until retry allowed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: Rate Limit Exceeded
            message: Too many requests. Please wait before retrying.
            details:
              retry_after: 45
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        API key for authentication. Use your API key directly without any prefix
        (e.g., 'your-api-key'). Bearer prefix is optional but not required.

````