> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firma.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Get embedded signing request data (JWT authenticated)

> Retrieve signing request data when using embedded editor. Requires JWT authentication obtained from `/jwt/generate-signing-request`. Returns the complete signing request including fields, recipients, and reminders.



## OpenAPI

````yaml api-reference/v01.19.00/openapi-v01.19.00.json post /get-embedded-signing-request
openapi: 3.0.3
info:
  title: Firma Partner API
  description: >-
    RESTful API for document signing and template management.


    **Authentication**: All endpoints require API key authentication via the
    `Authorization` header. Use your API key directly without any prefix (e.g.,
    `your-api-key`). The Bearer prefix is optional but not required.


    **Security Features**:

    - Input validation using Zod schemas with detailed field-level error
    messages

    - RSA-256 signed JWT tokens for embedded template access


    **Rate Limiting**: Rate limits are tiered based on operation type:

    - Read operations (GET): 200 requests per minute

    - Write operations (POST/PUT/PATCH/DELETE): 120 requests per minute

    - Webhook CRUD operations: 60 requests per minute

    - Webhook test: 10 requests per minute

    - API key regeneration/expiration: 1 request per minute

    - Webhook secret rotation: 1 request per minute


    When rate limits are exceeded, the API returns a `429 Too Many Requests`
    response with headers:

    - `X-RateLimit-Limit`: Maximum requests per minute for this endpoint

    - `X-RateLimit-Remaining`: Requests remaining in current window

    - `X-RateLimit-Reset`: Unix timestamp when limit resets

    - `Retry-After`: Seconds until retry is allowed


    **Error Handling**: All errors return structured JSON responses with `error`
    (human-readable message), `code` (machine-readable identifier), and
    `details` (field-level validation errors when applicable).


    **Embedded Template Integration**: The Firma Template Editor can be embedded
    in your application using a standalone JavaScript library.


    ```html

    <!-- Load the Firma Template Editor library -->

    <script
    src="https://api.firma.dev/functions/v1/embed-proxy/template-editor.js"></script>


    <script>

    // Generate JWT token via API first

    fetch('https://api.firma.dev/functions/v1/signing-request-api/generate-template-token',
    {
      method: 'POST',
      headers: {
        'Authorization': 'YOUR_API_KEY',
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        companies_workspaces_templates_id: 'template-id'
      })
    })

    .then(res => res.json())

    .then(data => {
      // Initialize editor with JWT token
      window.FirmaTemplateEditor.init({
        container: '#firma-editor-container',
        jwt: data.token,
        templateId: 'template-id',
        theme: 'dark',
        readOnly: false,
        onSave: (savedData) => {
          console.log('Template saved:', savedData);
        },
        onError: (error) => {
          console.error('Editor error:', error);
        },
        onLoad: (template) => {
          console.log('Template loaded:', template);
        }
      });
    });

    ```
  version: 01.19.00
  contact:
    name: API Support
    url: https://firma.com/support
servers:
  - url: https://api.firma.dev/functions/v1/signing-request-api
    description: Production API - Recommended (Current)
  - url: https://api.firma.dev/api/v1
    description: Production API - Planned
security:
  - ApiKeyAuth: []
tags:
  - name: Company
    description: Company information and settings
  - name: Workspaces
    description: Workspace management operations
  - name: Templates
    description: Template management operations
  - name: Signing Requests
    description: Document signing request operations
  - name: Custom Fields
    description: >-
      Custom field definition management for workspaces, templates, and signing
      requests
  - name: Webhooks
    description: Webhook configuration and management
  - name: JWT Management
    description: JWT token generation and revocation for embedded templates
  - name: Workspace Settings
    description: Workspace configuration and settings
  - name: Email Domains
    description: >-
      Email domain setup and verification for sending signing request emails
      from custom domains
  - name: Email Templates
    description: >-
      Email template management for workspace and company-level customization of
      signing request notifications
  - name: Legacy
    description: Deprecated endpoints maintained for backward compatibility
paths:
  /get-embedded-signing-request:
    post:
      tags:
        - Signing Requests
      summary: Get embedded signing request data (JWT authenticated)
      description: >-
        Retrieve signing request data when using embedded editor. Requires JWT
        authentication obtained from `/jwt/generate-signing-request`. Returns
        the complete signing request including fields, recipients, and
        reminders.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - companies_workspaces_signing_requests_id
              properties:
                companies_workspaces_signing_requests_id:
                  type: string
                  format: uuid
                  description: ID of the signing request to retrieve
            example:
              companies_workspaces_signing_requests_id: 123e4567-e89b-12d3-a456-426614174000
      responses:
        '200':
          description: Signing request retrieved successfully
          content:
            application/json:
              schema:
                type: object
                description: >-
                  Response uses camelCase keys. The signingRequest is a raw
                  database row (not a formatted object).
                properties:
                  signingRequest:
                    type: object
                    description: >-
                      Raw signing request database row. Field names use database
                      column names (e.g., template_description,
                      document_page_count, created_on, allow_downlaod). Integer
                      flags (0/1) are used instead of booleans.
                  fields:
                    type: array
                    items:
                      $ref: '#/components/schemas/SigningRequestField'
                    description: Raw field database rows
                  users:
                    type: array
                    items:
                      $ref: '#/components/schemas/SigningRequestUser'
                    description: >-
                      Raw user database rows (note: key is 'users', not
                      'recipients')
                  reminders:
                    type: array
                    items:
                      $ref: '#/components/schemas/Reminder'
                  workspace:
                    type: object
                    description: Workspace details
                    properties:
                      name:
                        type: string
                      team_email:
                        type: string
                        nullable: true
                      icon_url:
                        type: string
                        nullable: true
                      timezone:
                        type: string
                      show_credit_cost_in_editor:
                        type: boolean
                      require_otp_verification:
                        type: boolean
                        nullable: true
        '400':
          $ref: '#/components/responses/ValidationError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    SigningRequestField:
      type: object
      description: >-
        Field associated with a signing request, containing position, type, and
        value information
      properties:
        id:
          type: string
          format: uuid
          description: Unique identifier for the field
        type:
          type: string
          enum:
            - text
            - signature
            - date
            - checkbox
            - initial
            - dropdown
            - radio_buttons
            - text_area
            - url
            - file
            - stamp
            - approval_signature
            - approval_checkmark
            - approval_date
          description: Type of the field. Clean alias for field_type.
        recipient_id:
          type: string
          format: uuid
          nullable: true
          description: >-
            ID of the recipient assigned to this field. Clean alias for
            companies_workspaces_signing_requests_users_id.
        value:
          type: string
          nullable: true
          description: Final signed value of the field. Clean alias for final_value.
        position:
          type: object
          description: >-
            Position and dimensions of the field on the document. All values are
            percentages (0-100).
          properties:
            x:
              type: number
              nullable: true
              description: X position (percentage, 0-100). Clean alias for x_postion.
            'y':
              type: number
              nullable: true
              description: Y position (percentage, 0-100). Clean alias for y_position.
            width:
              type: number
              nullable: true
              description: Width (percentage, 0-100).
            height:
              type: number
              nullable: true
              description: Height (percentage, 0-100). Clean alias for heigh.
        companies_workspaces_signing_requests_id:
          type: string
          format: uuid
          description: >-
            Deprecated: redundant with path parameter. ID of the signing request
            this field belongs to.
        companies_workspaces_signing_requests_users_id:
          type: string
          format: uuid
          nullable: true
          description: >-
            Deprecated: use 'recipient_id' instead. ID of the recipient assigned
            to this field.
        field_type:
          type: string
          enum:
            - text
            - signature
            - date
            - checkbox
            - initial
            - dropdown
            - radio_buttons
            - text_area
            - url
            - file
            - stamp
            - approval_signature
            - approval_checkmark
            - approval_date
          description: 'Deprecated: use ''type'' instead. Type of the field.'
        required:
          type: boolean
          description: Whether the field is required.
        x_postion:
          type: number
          nullable: true
          description: >-
            Deprecated: use 'position.x' instead. X position (note: column name
            has typo).
        y_position:
          type: number
          nullable: true
          description: 'Deprecated: use ''position.y'' instead. Y position of the field.'
        width:
          type: number
          nullable: true
          description: 'Deprecated: use ''position.width'' instead. Width of the field.'
        heigh:
          type: number
          nullable: true
          description: >-
            Deprecated: use 'position.height' instead. Height (note: column name
            has typo).
        page_number:
          type: integer
          nullable: true
          description: Page number where the field is located (1-indexed)
        tl_position:
          type: number
          nullable: true
          description: Top-left corner position
        tr_position:
          type: number
          nullable: true
          description: Top-right corner position
        bl_position:
          type: number
          nullable: true
          description: Bottom-left corner position
        br_position:
          type: number
          nullable: true
          description: Bottom-right corner position
        variable_name:
          type: string
          nullable: true
          description: Variable name for prefilled data mapping
        variable_defined_name:
          type: string
          nullable: true
          description: >-
            Human-readable field name from the custom field definition (e.g.
            'artist_name'). Only present for fields linked to a custom field
            definition, null otherwise.
        final_value:
          type: string
          nullable: true
          description: 'Deprecated: use ''value'' instead. Final signed value of the field.'
        date_default:
          type: string
          nullable: true
          description: Default date value
        date_signing_default:
          type: boolean
          nullable: true
          description: Whether to use signing date as default.
        format_rules:
          type: object
          nullable: true
          description: Formatting rules (e.g., date format)
        validation_rules:
          type: object
          nullable: true
          description: Validation rules for the field
        dropdown_options:
          type: array
          items:
            type: string
          nullable: true
          description: Options for dropdown fields
        multi_group_id:
          type: string
          format: uuid
          nullable: true
          description: >-
            Group ID for linking multiple checkbox or radio button fields
            together. Fields sharing the same multi_group_id behave as a
            mutually exclusive group (like radio buttons) - selecting one
            automatically deselects the others in the group. Use the same UUID
            across multiple fields to create a group where only one option can
            be selected at a time.
        read_only:
          type: boolean
          description: Whether the field is read-only.
        read_only_value:
          type: string
          nullable: true
          description: Static value for read-only fields
        background_color:
          type: string
          nullable: true
          description: Background color as hex (e.g., '#FFFDE7')
        calculated_font_size:
          type: number
          nullable: true
          description: Calculated font size for the field
        deleted:
          type: integer
          enum:
            - 0
            - 1
          description: >-
            Deprecated: internal field, will be removed in v2. Soft delete flag
            (0 = active, 1 = deleted).
    SigningRequestUser:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Unique identifier for the signing request user
        name:
          type: string
          description: Recipient name (combined first and last name)
        email:
          type: string
          format: email
          description: Recipient email address
        first_name:
          type: string
          nullable: true
          description: Recipient first name
        last_name:
          type: string
          nullable: true
          description: Recipient last name
        designation:
          type: string
          enum:
            - Signer
            - Approver
            - CC
          description: >-
            Role of the recipient. Signer signs the document, Approver approves
            with approval fields, CC receives a copy when complete.
        order:
          type: integer
          minimum: 1
          description: Signing order
        finished_on:
          type: string
          format: date-time
          nullable: true
          description: Timestamp when this recipient completed all actions
        declined_on:
          type: string
          format: date-time
          nullable: true
          description: Timestamp when this recipient declined to sign
        decline_reason:
          type: string
          nullable: true
          description: Reason provided by recipient for declining
        phone_number:
          type: string
          nullable: true
          description: Recipient phone number
        street_address:
          type: string
          nullable: true
          description: Recipient street address
        city:
          type: string
          nullable: true
          description: Recipient city
        state_province:
          type: string
          nullable: true
          description: Recipient state or province
        postal_code:
          type: string
          nullable: true
          description: Recipient postal code
        country:
          type: string
          nullable: true
          description: Recipient country
        title:
          type: string
          nullable: true
          description: Recipient job title
        company:
          type: string
          nullable: true
          description: Recipient company name
        custom_fields:
          type: object
          nullable: true
          description: Custom field values for this recipient
        required_fields:
          type: array
          items:
            type: string
          description: >-
            List of recipient data fields required for sending (based on fields
            with variable_name mappings). Always includes 'email' and
            'first_name'.
        missing_fields:
          type: array
          items:
            type: string
          description: List of required fields that are currently empty for this recipient
        required_read_only_fields:
          type: array
          items:
            type: object
            properties:
              variable_name:
                type: string
                nullable: true
                description: Variable name of the read-only field
              variable_defined_name:
                type: string
                nullable: true
                description: >-
                  Human-readable field name from the custom field definition
                  (e.g. 'artist_name'). Only present for fields linked to a
                  custom field definition, null otherwise.
              field_type:
                type: string
                description: Type of the field (text, date, etc.)
              has_value:
                type: boolean
                description: Whether this read-only field has a value set
          description: >-
            List of required read-only fields that need pre-filled values before
            sending
        ready_to_send:
          type: boolean
          description: Whether this recipient has all required data filled in for sending
    Reminder:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Unique identifier for the reminder
        hours:
          type: integer
          minimum: 1
          description: Hours after sending before reminder is sent
        subject:
          type: string
          description: Email subject for the reminder
          maxLength: 255
        message:
          type: string
          description: Email message body for the reminder
          maxLength: 5000
        all_users:
          type: boolean
          description: Whether reminder applies to all users
        template_user_id:
          type: string
          format: uuid
          nullable: true
          description: Specific user to send reminder to (used in template context)
        recipient_id:
          type: string
          format: uuid
          nullable: true
          description: >-
            Specific recipient to send reminder to (used in signing request
            context, same as template_user_id)
        sent_on:
          type: string
          format: date-time
          nullable: true
          description: Timestamp when the reminder was actually sent
        created_at:
          type: string
          format: date-time
          description: Reminder creation timestamp
        updated_at:
          type: string
          format: date-time
          description: Reminder last update timestamp
    Error:
      type: object
      properties:
        error:
          type: string
          description: Human-readable error message
        message:
          type: string
          description: Detailed error description
        details:
          type: object
          description: Additional error details
          additionalProperties: true
  responses:
    ValidationError:
      description: Bad Request - Validation failed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: Validation Error
            message: Invalid input data
            details:
              name: Name is required
              email: Invalid email format
    UnauthorizedError:
      description: Unauthorized - Invalid or missing API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: Unauthorized
            message: Invalid API key
    NotFoundError:
      description: Not Found - Resource does not exist
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: Not Found
            message: The requested resource was not found
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        API key for authentication. Use your API key directly without any prefix
        (e.g., 'your-api-key'). Bearer prefix is optional but not required.

````