> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firma.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Save embedded signing request (JWT authenticated)

> Save changes to a signing request when using embedded editor. Requires JWT authentication obtained from `/jwt/generate-signing-request`.



## OpenAPI

````yaml api-reference/v01.18.00/openapi-v01.18.00.json post /save-embedded-signing-request
openapi: 3.0.3
info:
  title: Firma Partner API
  description: >-
    RESTful API for document signing and template management.


    **Authentication**: All endpoints require API key authentication via the
    `Authorization` header. Use your API key directly without any prefix (e.g.,
    `your-api-key`). The Bearer prefix is optional but not required.


    **Security Features**:

    - Input validation using Zod schemas with detailed field-level error
    messages

    - RSA-256 signed JWT tokens for embedded template access


    **Rate Limiting**: Rate limits are tiered based on operation type:

    - Read operations (GET): 200 requests per minute

    - Write operations (POST/PUT/PATCH/DELETE): 120 requests per minute

    - Webhook CRUD operations: 60 requests per minute

    - Webhook test: 10 requests per minute

    - API key regeneration/expiration: 1 request per minute

    - Webhook secret rotation: 1 request per minute


    When rate limits are exceeded, the API returns a `429 Too Many Requests`
    response with headers:

    - `X-RateLimit-Limit`: Maximum requests per minute for this endpoint

    - `X-RateLimit-Remaining`: Requests remaining in current window

    - `X-RateLimit-Reset`: Unix timestamp when limit resets

    - `Retry-After`: Seconds until retry is allowed


    **Error Handling**: All errors return structured JSON responses with `error`
    (human-readable message), `code` (machine-readable identifier), and
    `details` (field-level validation errors when applicable).


    **Embedded Template Integration**: The Firma Template Editor can be embedded
    in your application using a standalone JavaScript library.


    ```html

    <!-- Load the Firma Template Editor library -->

    <script
    src="https://api.firma.dev/functions/v1/embed-proxy/template-editor.js"></script>


    <script>

    // Generate JWT token via API first

    fetch('https://api.firma.dev/functions/v1/signing-request-api/generate-template-token',
    {
      method: 'POST',
      headers: {
        'Authorization': 'YOUR_API_KEY',
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        companies_workspaces_templates_id: 'template-id'
      })
    })

    .then(res => res.json())

    .then(data => {
      // Initialize editor with JWT token
      window.FirmaTemplateEditor.init({
        container: '#firma-editor-container',
        jwt: data.token,
        templateId: 'template-id',
        theme: 'dark',
        readOnly: false,
        onSave: (savedData) => {
          console.log('Template saved:', savedData);
        },
        onError: (error) => {
          console.error('Editor error:', error);
        },
        onLoad: (template) => {
          console.log('Template loaded:', template);
        }
      });
    });

    ```
  version: 01.18.00
  contact:
    name: API Support
    url: https://firma.com/support
servers:
  - url: https://api.firma.dev/functions/v1/signing-request-api
    description: Production API - Recommended (Current)
  - url: https://api.firma.dev/api/v1
    description: Production API - Planned
security:
  - ApiKeyAuth: []
tags:
  - name: Company
    description: Company information and settings
  - name: Workspaces
    description: Workspace management operations
  - name: Templates
    description: Template management operations
  - name: Signing Requests
    description: Document signing request operations
  - name: Custom Fields
    description: >-
      Custom field definition management for workspaces, templates, and signing
      requests
  - name: Webhooks
    description: Webhook configuration and management
  - name: JWT Management
    description: JWT token generation and revocation for embedded templates
  - name: Workspace Settings
    description: Workspace configuration and settings
  - name: Email Domains
    description: >-
      Email domain setup and verification for sending signing request emails
      from custom domains
  - name: Email Templates
    description: >-
      Email template management for workspace and company-level customization of
      signing request notifications
  - name: Legacy
    description: Deprecated endpoints maintained for backward compatibility
paths:
  /save-embedded-signing-request:
    post:
      tags:
        - Signing Requests
      summary: Save embedded signing request (JWT authenticated)
      description: >-
        Save changes to a signing request when using embedded editor. Requires
        JWT authentication obtained from `/jwt/generate-signing-request`.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - companies_workspaces_signing_requests_id
              properties:
                companies_workspaces_signing_requests_id:
                  type: string
                  format: uuid
                fields:
                  type: array
                  items:
                    $ref: '#/components/schemas/Field'
                recipients:
                  type: array
                  items:
                    $ref: '#/components/schemas/Recipient'
                reminders:
                  type: array
                  items:
                    $ref: '#/components/schemas/Reminder'
            example:
              companies_workspaces_signing_requests_id: 123e4567-e89b-12d3-a456-426614174000
              fields: []
              recipients: []
              reminders: []
      responses:
        '200':
          description: Signing request saved successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
              example:
                message: Signing request saved successfully
        '400':
          $ref: '#/components/responses/ValidationError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    Field:
      type: object
      required:
        - type
        - position
        - page_number
      description: >-
        Field definition for signing requests. **Read-only fields**: Set
        read_only=true to pre-fill a field value that signers cannot edit. Use
        read_only_value for static text, or prefilled_data to auto-populate from
        recipient attributes. **Template-based field merging**: When creating
        from a template with fields array, use template_field_id (preferred) or
        variable_name (fallback) to match template fields. Only provided
        properties override template defaults (partial update). Fields not
        matched are ignored.
      properties:
        id:
          type: string
          format: uuid
          description: Unique identifier (include for updates, omit for new fields)
        template_field_id:
          type: string
          format: uuid
          description: >-
            Template field ID to match for partial updates (template-based
            creation only). Use this to identify which template field to
            override. Takes precedence over variable_name for matching.
        type:
          type: string
          enum:
            - signature
            - text
            - date
            - checkbox
            - dropdown
            - initial
            - initials
            - text_area
            - textarea
            - image
            - stamp
            - approval_signature
            - approval_checkmark
            - approval_date
          description: >-
            Type of field. Accepts 'initial' or 'initials' (normalized to
            'initial'), 'textarea' or 'text_area' (normalized to 'text_area').
        position:
          type: object
          required:
            - x
            - 'y'
            - width
            - height
          description: >-
            Field must fit within page bounds: x + width <= 100 and y + height
            <= 100
          properties:
            x:
              type: number
              minimum: 0
              maximum: 100
              description: X coordinate as percentage (0-100)
            'y':
              type: number
              minimum: 0
              maximum: 100
              description: Y coordinate as percentage (0-100)
            width:
              type: number
              minimum: 0
              maximum: 100
              description: Width as percentage (0-100). x + width must be <= 100
            height:
              type: number
              minimum: 0
              maximum: 100
              description: Height as percentage (0-100). y + height must be <= 100
        page_number:
          type: integer
          minimum: 1
          description: >-
            Page number where field is located (1-indexed). Must not exceed the
            document's total page count.
        required:
          type: boolean
          default: false
          description: Whether field must be completed
        recipient_id:
          type: string
          description: >-
            ID of recipient assigned to this field. Use real UUID for
            template-based creation or updates, or temporary ID (e.g., 'temp_1')
            for document-based creation to reference recipients defined in the
            same request.
        variable_name:
          type: string
          maxLength: 100
          nullable: true
          description: >-
            Variable name for field (used in templates). Also used as fallback
            for field matching in template-based creation when template_field_id
            is not provided.
        variable_defined_name:
          type: string
          maxLength: 100
          nullable: true
          description: >-
            Human-readable custom field definition name. Can be used as an
            alternative to variable_name for targeting fields in template-based
            creation.
        dropdown_options:
          type: array
          items:
            type: string
          description: Options for dropdown fields
        date_default:
          type: string
          format: date
          nullable: true
          description: Default date value
        date_signing_default:
          type: boolean
          default: false
          description: Use signing date as default
        multi_group_id:
          type: string
          format: uuid
          nullable: true
          description: >-
            Group ID for linking multiple checkbox or radio button fields
            together. Fields sharing the same multi_group_id behave as a
            mutually exclusive group (like radio buttons) - selecting one
            automatically deselects the others in the group. Use the same UUID
            across multiple fields to create a group where only one option can
            be selected at a time.
        format_rules:
          oneOf:
            - $ref: '#/components/schemas/DateFormatRules'
            - $ref: '#/components/schemas/FileFormatRules'
            - type: object
              additionalProperties: true
          nullable: true
          description: >-
            Formatting rules for field value. For date fields, use
            DateFormatRules schema with dateFormat property. For file fields,
            use FileFormatRules schema with acceptedFileTypes property
            (image_and_pdf, image, or pdf). For url fields, use {
            urlDisplayText: string }.
        validation_rules:
          $ref: '#/components/schemas/FieldValidationRules'
        read_only:
          type: boolean
          default: false
          description: >-
            Whether this field is read-only (pre-filled before signing). When
            true, the signer cannot edit the field value. Useful for displaying
            contract terms, recipient information, or other fixed data.
        read_only_value:
          type: string
          nullable: true
          description: >-
            Static value for read-only fields. Takes precedence over
            prefilled_data if both are specified. Only applicable when read_only
            is true. Example: 'Contract #12345' or 'Acme Corporation'.
        prefilled_data:
          type: string
          nullable: true
          enum:
            - first_name
            - last_name
            - full_name
            - email
            - phone_number
            - company
            - title
            - street_address
            - city
            - state_province
            - postal_code
            - country
          description: >-
            User attribute to auto-populate when read_only is true. Value is
            pulled from the assigned recipient's data at signing time. Can also
            reference custom_fields keys defined on the recipient (not limited
            to enum values). Only applicable when read_only is true and
            read_only_value is not set. Example: Set to 'email' to display the
            recipient's email address.
        required_conditions:
          $ref: '#/components/schemas/ConditionSet'
          nullable: true
          description: >-
            Conditional rules for when this field is required. When set,
            overrides the static 'required' flag. The field is required only
            when the conditions evaluate to true based on other field values.
        visibility_conditions:
          $ref: '#/components/schemas/ConditionSet'
          nullable: true
          description: >-
            Conditional rules for when this field is visible. When set, the
            field is hidden unless the conditions evaluate to true. Hidden
            fields are not validated on submission.
        background_color:
          type: string
          nullable: true
          pattern: ^#([0-9A-Fa-f]{3}|[0-9A-Fa-f]{6})$
          description: >-
            Background color for the field as a hex color string (e.g.,
            '#FFFDE7', '#fff'). Useful for highlighting fields that need
            attention.
          example: '#FFFDE7'
    Recipient:
      type: object
      required:
        - first_name
        - email
        - designation
      description: >-
        Recipient schema with auto-construction and mapping behaviors. **Name
        field**: Auto-constructed from first_name and last_name ('First Last' if
        both present, otherwise 'First'). Manual name values are overwritten.
        **Order assignment**: ALL recipients MUST have an explicit order value.
        Order determines the signing sequence, which is always enforced.
        Recipients must sign in order, with lower numbers signing first.
        **Custom fields**: Supports both flat structure (e.g., company_name at
        root) and nested structure (custom_fields object). Both formats are
        normalized internally. **Template field mapping**: When creating from a
        template with custom recipients, use template_user_id or order to match
        template users. Only user info (name, email, phone, etc.) can be updated
        - order and designation are inherited from template. **Temporary IDs**:
        For document-based creation, use temporary IDs (format: 'temp_1',
        'temp_2', etc.) to reference recipients in fields and reminders before
        they're created. **CC recipients**: CC recipients receive a completed
        copy but cannot sign or have fields assigned. At least one Signer is
        required.
      properties:
        id:
          type: string
          description: >-
            Unique identifier. For updates: use existing UUID. For
            document-based creation: optionally use temporary ID (format:
            'temp_1', 'temp_2', etc.) to reference recipients in fields and
            reminders before creation. Temporary IDs are automatically resolved
            to real UUIDs in the response.
        _temp_id:
          type: string
          description: >-
            Temporary identifier for new recipients in PUT (comprehensive
            update) requests (e.g., 'temp_1'). Use this when creating new
            recipients alongside existing ones in comprehensive updates. Must
            start with 'temp_' and be unique within the request. Not used for
            POST (create) requests - use 'id' field instead.
        template_user_id:
          type: string
          format: uuid
          description: >-
            When creating from a template, the ID of the template user to
            update. If provided, this recipient's data will update the matching
            template user. If not provided, falls back to matching by order.
            Only user info (name, email, phone, address, title, company) can be
            updated - order and designation are always inherited from the
            template.
        first_name:
          type: string
          maxLength: 100
          description: Recipient's first name
        last_name:
          type: string
          maxLength: 100
          description: >-
            Recipient's last name (optional, but required if using full_name or
            last_name prefilled variables)
        email:
          type: string
          format: email
          maxLength: 255
          description: Recipient's email address
        designation:
          type: string
          enum:
            - Signer
            - Approver
            - CC
          description: >-
            Role of the recipient. Signer signs the document, Approver approves
            with approval fields, CC receives a copy when complete.
        order:
          type: integer
          minimum: 1
          description: >-
            Signing sequence number. Recipients must sign in order, with lower
            numbers signing first. This field is required for all recipients.
        phone_number:
          type: string
          maxLength: 50
          nullable: true
          description: Recipient's phone number
        street_address:
          type: string
          maxLength: 255
          nullable: true
          description: Street address
        city:
          type: string
          maxLength: 100
          nullable: true
          description: City
        state_province:
          type: string
          maxLength: 100
          nullable: true
          description: State or province
        postal_code:
          type: string
          maxLength: 20
          nullable: true
          description: Postal/ZIP code
        country:
          type: string
          maxLength: 100
          nullable: true
          description: Country
        title:
          type: string
          maxLength: 100
          nullable: true
          description: Job title
        company:
          type: string
          maxLength: 255
          nullable: true
          description: Company name
        custom_fields:
          type: object
          additionalProperties: true
          description: Custom key-value pairs for additional recipient data
    Reminder:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Unique identifier for the reminder
        hours:
          type: integer
          minimum: 1
          description: Hours after sending before reminder is sent
        subject:
          type: string
          description: Email subject for the reminder
          maxLength: 255
        message:
          type: string
          description: Email message body for the reminder
          maxLength: 5000
        all_users:
          type: boolean
          description: Whether reminder applies to all users
        template_user_id:
          type: string
          format: uuid
          nullable: true
          description: Specific user to send reminder to (used in template context)
        recipient_id:
          type: string
          format: uuid
          nullable: true
          description: >-
            Specific recipient to send reminder to (used in signing request
            context, same as template_user_id)
        sent_on:
          type: string
          format: date-time
          nullable: true
          description: Timestamp when the reminder was actually sent
        created_at:
          type: string
          format: date-time
          description: Reminder creation timestamp
        updated_at:
          type: string
          format: date-time
          description: Reminder last update timestamp
    DateFormatRules:
      type: object
      description: >-
        Formatting rules for date fields. Specifies how date values should be
        displayed and formatted.
      properties:
        dateFormat:
          type: string
          description: >-
            Date format pattern. Use predefined formats or custom patterns with:
            yyyy (4-digit year), MM (2-digit month), dd (2-digit day), MMMM
            (full month name), MMM (abbreviated month name), HH (24-hour), mm
            (minute), ss (second). Examples: 'MM/dd/yyyy' displays as
            01/31/2024, 'MMMM dd, yyyy' displays as January 31, 2024.
          enum:
            - MM/dd/yyyy
            - dd/MM/yyyy
            - yyyy-MM-dd
            - MMMM dd, yyyy
            - MMM dd, yyyy
            - dd MMMM yyyy
          default: MM/dd/yyyy
      example:
        dateFormat: MMMM dd, yyyy
    FileFormatRules:
      type: object
      description: >-
        Formatting rules for file upload fields. Specifies which file types
        signers are allowed to upload.
      properties:
        acceptedFileTypes:
          type: string
          enum:
            - image_and_pdf
            - image
            - pdf
          default: image_and_pdf
          description: >-
            Accepted file types for upload. 'image_and_pdf' accepts JPG, PNG,
            and PDF. 'image' accepts JPG and PNG only. 'pdf' accepts PDF only.
            Files are validated by magic bytes, not just extension. Maximum file
            size is 10MB.
      example:
        acceptedFileTypes: image_and_pdf
    FieldValidationRules:
      type: object
      nullable: true
      description: >-
        Validation rules for field values. Reserved for future use - currently
        not enforced for any field types.
      additionalProperties: true
    ConditionSet:
      type: object
      required:
        - logic
        - groups
      description: >-
        A set of condition groups with nested logic. The outer 'logic' operator
        combines groups, while each group's conditions use the opposite
        operator. Example: logic='and' means all groups must match, and within
        each group any condition can match (OR).
      properties:
        logic:
          type: string
          enum:
            - and
            - or
          description: >-
            Logical operator to combine groups. 'and' = all groups must match,
            'or' = any group can match.
        groups:
          type: array
          items:
            $ref: '#/components/schemas/ConditionGroup'
          description: Array of condition groups
    Error:
      type: object
      properties:
        error:
          type: string
          description: Human-readable error message
        message:
          type: string
          description: Detailed error description
        details:
          type: object
          description: Additional error details
          additionalProperties: true
    ConditionGroup:
      type: object
      required:
        - conditions
      properties:
        conditions:
          type: array
          items:
            $ref: '#/components/schemas/Condition'
          description: >-
            Array of conditions within this group. Combined using the opposite
            of the parent ConditionSet's logic operator.
    Condition:
      type: object
      required:
        - field_id
        - operator
      description: A single condition that evaluates a field's value.
      properties:
        field_id:
          type: string
          format: uuid
          description: ID of the field to evaluate
        operator:
          type: string
          enum:
            - is_filled
            - is_empty
            - equals
            - not_equals
            - contains
            - not_contains
            - greater_than
            - less_than
            - greater_than_or_equal
            - less_than_or_equal
          description: >-
            Comparison operator. 'is_filled'/'is_empty' don't require a value.
            Text operators: equals, not_equals, contains, not_contains.
            Numeric/date operators: greater_than, less_than,
            greater_than_or_equal, less_than_or_equal.
        value:
          oneOf:
            - type: string
            - type: number
          nullable: true
          description: >-
            Value to compare against. Not required for is_filled/is_empty
            operators.
  responses:
    ValidationError:
      description: Bad Request - Validation failed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: Validation Error
            message: Invalid input data
            details:
              name: Name is required
              email: Invalid email format
    UnauthorizedError:
      description: Unauthorized - Invalid or missing API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: Unauthorized
            message: Invalid API key
    NotFoundError:
      description: Not Found - Resource does not exist
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: Not Found
            message: The requested resource was not found
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        API key for authentication. Use your API key directly without any prefix
        (e.g., 'your-api-key'). Bearer prefix is optional but not required.

````