Download signed document and audit proof after completion
At the end of the signing flow, once all required signatures are collected, you can download two artifacts: the signed document (the final PDF with all signatures applied) and the proof document (a tamper-proof audit trail PDF). This tutorial explains how to detect completion, which APIs to call to retrieve both, and what the proof contains.
When is an envelope complete?
Section titled “When is an envelope complete?”Subscribe to the ENVELOPE_COMPLETED webhook. It is sent once when all required signatures have been collected. The payload includes the IDs you need to download the signed document and proof:
{ "eventType": "ENVELOPE_COMPLETED", "data": { "workspaceUuid": "workspace-uuid", "envelopeUuid": "envelope-uuid", "documentUuid": "document-uuid", "finalRevisionVersion": 1 }}Use workspaceUuid, envelopeUuid, and documentUuid from data for the download calls below.
API Base URL: The examples below use the API Proxy — replace http://your-proxy:8080 with your proxy’s address. You need your API credentials (ACCESS_KEY and SECRET_KEY) for team authentication.
Downloading the signed document
Section titled “Downloading the signed document”The signed document is the final PDF with all applied signatures.
curl -X POST http://your-proxy:8080/public/envelope/get-document \ -H "Authorization: Bearer $ACCESS_KEY:$SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{"workspaceUuid":"YOUR_WORKSPACE_UUID","envelopeUuid":"YOUR_ENVELOPE_UUID","documentUuid":"YOUR_DOCUMENT_UUID"}' \ -o signed-document.pdfResponse: application/octet-stream (PDF binary). The -o flag saves the file locally; use the UUIDs from your ENVELOPE_COMPLETED webhook payload.
Downloading the proof (audit) document
Section titled “Downloading the proof (audit) document”The proof document is a separate PDF that contains the audit trail. Use it for compliance and verification.
curl -X POST http://your-proxy:8080/public/envelope/get-proof \ -H "Authorization: Bearer $ACCESS_KEY:$SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{"workspaceUuid":"YOUR_WORKSPACE_UUID","envelopeUuid":"YOUR_ENVELOPE_UUID"}' \ -o audit-proof.pdfResponse: application/octet-stream (PDF binary). The envelope must be completed; otherwise the API returns ENVELOPE_NOT_COMPLETED.
What the proof document contains
Section titled “What the proof document contains”The proof document is a signed PDF titled Audit Trail. It is generated inside Subnoto’s confidential computing enclave and is cryptographically signed by Subnoto (e.g. signer “Subnoto Platform”, [email protected]). It includes:
-
What is an Audit Trail — Short explanation that the document is a tamper-proof audit trail of all activities, cryptographically verified and recorded in the enclave.
-
Document information — Envelope and document identifiers, creation and completion dates, sender name and email.
-
Recipients information — For each signer: name, email, role, status, signing order, recipient integrity hash, key version, signed fields, and timestamp.
-
Events log — Chronological list of envelope events (e.g. created, sent, opened, signed) with event type, timestamp, author, and event-specific data.
-
Footer — Signed revision version and generation time.
You can store this PDF alongside the signed document for compliance and dispute resolution.
Example: webhook handler
Section titled “Example: webhook handler”-
Handle ENVELOPE_COMPLETED in your webhook endpoint and read
data.workspaceUuid,data.envelopeUuid,data.documentUuid. -
Download the signed document with
POST /public/envelope/get-documentand the three UUIDs. Save or forward the PDF as needed. -
Download the proof with
POST /public/envelope/get-proofandworkspaceUuidandenvelopeUuid. Store the proof PDF for your records.