E-signature in Oryn uses a Dropbox Sign sub-account provisioned automatically for each firm on first use. You don\u2019t need a separate Dropbox Sign subscription or account.

How provisioning works

The first time your firm calls sendForSignature on any document, Oryn:

  1. Reads the firm\u2019s billingEmail
  2. Calls provider.provisionSubAccount(email) against the Dropbox Sign API
  3. Stores the resulting OAuth tokens encrypted on the firm record
  4. Logs an esign.subaccount_provisioned audit event

This is lazy provisioning \u2014 there\u2019s no admin step to run in advance. It happens on first use.

Sending a document

  1. Open the document
  2. Click Send for signature
  3. Add signer email addresses and the order they should sign
  4. Optionally add fields (signature, initials, date, text) by dragging onto the document
  5. Click Send

What happens next

  • Dropbox Sign issues the signature request
  • Your signers receive emails (in TEST MODE, signatures happen via the Dropbox Sign dashboard without real emails)
  • As each signer completes the request, webhook events arrive at Oryn
  • EsignEventDedup ensures duplicate webhooks aren\u2019t double-processed (replay protection)
  • The document\u2019s esignStatus transitions sent \u2192 signed
  • The signed PDF is pulled into R2 and linked to the document

Audit trail

Every stage of this flow writes to the audit log:

  • esign.subaccount_provisioned
  • esign.signature_request_created
  • esign.event_received (per webhook)
  • document.esign_status_changed

This means a full reconstruction of any signature request\u2019s timeline is always available for a court or a vendor security review.

Last updated: 2026-04-21 \u2190 All articles