Documenso

Self-hosted, open-source DocuSign alternative with legally binding PDF signatures, multi-party workflows, and a full REST and tRPC API.

13.6Kstars
2.9Kforks
GNU AGPLv3
TypeScript

Documenso is an open-source electronic signature platform built on the belief that signing infrastructure should be auditable, self-hostable, and free from vendor lock-in. Organizations can deploy a fully operational e-signature system on their own infrastructure while retaining complete control over documents, cryptographic keys, and signing workflows.

The platform handles the complete document lifecycle: upload a PDF, place typed or drawn signature fields for one or more recipients, send signing invitations by email, collect signatures in the browser, and receive a cryptographically sealed PDF with an audit certificate. Multi-party workflows support sequential and parallel signing with role-based access, recipient re-authentication via passkeys, and per-envelope expiration.

Developers get two API surfaces — a RESTful ts-rest API (v1) and a tRPC API (v2) — along with embeddable signing components that can be rendered inside any web application without redirecting users to an external service. Webhooks, document templates, and bulk-send capabilities make it practical for high-volume automated workflows.

Documenso is built with React Router v7, Hono, Prisma, PostgreSQL, and TypeScript throughout. Storage, signing, email, and background job providers are all swappable via environment variables, so self-hosters can use local P12 certificates or Google Cloud KMS for signing, S3 or database storage, and Inngest, BullMQ, or a local queue for async processing.

What You Get

  • Self-Hosted PDF Signing - Deploy Documenso on Docker, Railway, Render, Koyeb, or Kubernetes and sign PDFs with PAdES-compliant digital signatures using either a local P12 certificate or Google Cloud KMS for HSM-backed cryptographic operations.
  • Multi-Party Document Workflows - Configure sequential or parallel signing orders with multiple recipients, each assigned specific signature, initials, text, checkbox, or date fields — with automatic email notifications at each step.
  • Embeddable Signing Components - Integrate the document signing experience directly into your application via an iframe embed API, allowing users to sign without leaving your product; white-label branding is available under the Enterprise Edition.
  • Dual API Surface - Interact with documents, recipients, templates, and envelopes through a RESTful ts-rest API (v1) for broad client compatibility or a type-safe tRPC API (v2) for tighter TypeScript integrations.
  • Document Templates - Create reusable document templates with pre-positioned fields and default recipients so teams can send the same contract type repeatedly without manual field placement.
  • Webhook Event System - Subscribe to document lifecycle events — sent, viewed, signed, completed, rejected — and push real-time notifications to any HTTP endpoint for downstream automation.
  • Passkey and WebAuthn Re-Authentication - Require signers to authenticate with a passkey or TOTP before accessing or signing documents, adding a hardware-backed identity layer beyond email link authentication.
  • AI-Assisted Field Placement - Automatically detect and place signature fields from existing PDF form placeholders, or use Gemini Flash AI to suggest field positions based on document content.

Common Use Cases

  • Legal team replacing DocuSign to meet data residency requirements - A law firm subject to EU data sovereignty mandates deploys Documenso on their own servers so signed contracts and personally identifying information never leave their jurisdiction.
  • SaaS product embedding e-signature in its own UI - A contract management startup integrates Documenso’s embed API so their customers sign agreements without being redirected to a third-party service, preserving brand consistency and session context.
  • HR department automating offer letter workflows - A people operations team creates an offer letter template, sets up a sequential signing order (candidate then HR manager), and uses bulk-send to distribute multiple offers simultaneously.
  • Fintech platform requiring re-authentication on high-value documents - A lending platform configures passkey re-authentication on loan agreements so borrowers must verify their identity with a hardware key or biometric before each signing action.
  • Developer building a compliance-grade signing integration - An engineer uses the tRPC API to programmatically create documents, set recipients, define fields, and trigger sending as part of an automated onboarding pipeline triggered by CRM events.
  • Healthcare provider needing 21 CFR Part 11 compliant signatures - A clinical research organization deploys Documenso’s Enterprise Edition to access 21 CFR audit trail features and re-authentication controls required for FDA-regulated electronic records.

Under The Hood

Architecture Documenso is organized as a Turborepo monorepo with a clean layered architecture and physically separated packages for each bounded context. The main application runs React Router v7 on a Hono Node.js server, which mounts four distinct API surfaces under separate route prefixes: a ts-rest REST API, a tRPC API, job handler endpoints, and React Router SSR routes. Business logic lives exclusively in @documenso/lib, with the signing engine, email system, authentication, and enterprise features each isolated in their own packages. A strategy pattern selects runtime providers — storage, PDF signing, email transport, and background jobs — via environment variables, enabling genuine dependency injection without a framework. Enterprise-only features are physically gated in a separate package under a commercial license, with clear FEATURES files documenting exactly what requires a subscription.

Tech Stack The codebase is TypeScript throughout, running on Node.js 22+ with React Router v7 (Remix-style) for the frontend, served by a Hono web framework server. Prisma 6.x is the primary ORM with Kysely extensions for complex analytical queries, backed by PostgreSQL 15. API consumers can use tRPC v11 for type-safe RPC or a ts-rest contract-based REST API. PDF operations combine @libpdf/core and pdfjs-dist for rendering and manipulation, with cryptographic signing delegated to either a local P12 certificate or Google Cloud KMS. Authentication uses Arctic for OAuth provider integration and SimpleWebAuthn for passkey/FIDO2 flows. Background jobs are pluggable: Inngest for managed serverless, BullMQ on Redis for self-hosted queues, or a local database-backed queue for simple deployments. Lingui.js handles i18n with Crowdin integration for community-contributed translations.

Code Quality The test suite uses Playwright for end-to-end coverage across document flows, organization management, signing scenarios, and visual regression — with structured fixtures for authentication, document seeding, and envelope state setup that keep tests isolated and composable. Biome handles linting and formatting across the entire monorepo with a shared config. TypeScript is strict throughout and Prisma-generated types enforce data contract integrity at compile time. Error handling uses typed AppError classes rather than generic thrown strings. Developer tooling is unusually thorough: the repository includes AGENTS.md for AI-assisted development, ARCHITECTURE.md with ASCII flow diagrams, CODE_STYLE.md, WRITING_STYLE.md, CONTRIBUTING.md, and a SIGNING.md explaining cryptographic implementation decisions.

What Makes It Unique Documenso’s standout technical decisions center on making enterprise-grade signing genuinely self-hostable. The pluggable provider system means teams can start with local P12 certificates and migrate to Google Cloud HSM without code changes. The AI-assisted field placement using Gemini Flash, combined with a PDF form placeholder auto-detection system, reduces setup friction for common contract types. WebAuthn passkey re-authentication for individual signing actions goes beyond what most commercial e-signature tools offer as a baseline security feature. The dual API strategy — maintaining a deprecated but supported REST v1 alongside a fully type-safe tRPC v2 — reflects pragmatic care for existing integrations while pushing the developer experience forward.

Self-Hosting

Documenso’s core application is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0). AGPL is a strong copyleft license: you can use, modify, and self-host the software freely, including for commercial purposes, but any modifications you make and deploy over a network must be released under the same license. For most self-hosters running Documenso internally — using it to send and receive signed contracts — this rarely creates obligations, because you’re not distributing the software itself. If you build a product that wraps or extends Documenso and offer it as a service to others, the AGPL’s network use clause requires you to share your modified source code with users of that service.

Running Documenso yourself is genuinely feasible but requires meaningful infrastructure commitment. You need a PostgreSQL 15 database, Node.js 22+ runtime, an SMTP server or email API (Resend, Mailchannels, or standard SMTP), and either S3-compatible object storage or database-backed file storage. For production-grade cryptographic signing, you’ll want either a valid P12 certificate from a trusted CA or a Google Cloud KMS setup; a self-signed certificate works but won’t produce widely trusted signatures. Background job processing defaults to a local database queue, but high-volume deployments benefit from switching to BullMQ backed by Redis. You are responsible for uptime, database backups, certificate renewal, dependency upgrades, and security patches — and the release cadence of roughly one release per week means there are frequent updates to evaluate.

Documenso’s hosted cloud tier (documenso.com) adds managed infrastructure, automatic upgrades, and dedicated support that don’t come with self-hosting. The Enterprise Edition license covers additional features: Stripe-based subscription billing, organization authentication portals, passkey and 2FA re-authentication for signing actions, 21 CFR Part 11 audit compliance, email domain management, and embed authoring with white-label branding. If your use case requires regulatory compliance certifications, SLA guarantees, or the EE feature set without managing a custom license agreement, the cloud offering or an Enterprise subscription is the practical path.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search