Drop DocuGlow into any system.

REST endpoints for AI document formatting, e-signature workflows, and encrypted document storage. Bearer auth, JSON in & out, generous per-key rate limits.

Introduction

The DocuGlow API mirrors what the web app does: takes raw text or files, returns clean Markdown or PDF; creates signing sessions with per-signer email links; reads and writes documents into the user’s encrypted vault. Every endpoint is a single HTTPS POST or GET — no SDKs required, but they help.

Base URL. https://docuglow.ai

Content type. All bodies are application/json unless noted (file uploads use multipart/form-data).

Authentication

Every request must include a Bearer token in the Authorization header. Generate a key from your API keys page — keys begin with dgk_live_ and are shown exactly once at creation.

$ curl https://docuglow.ai/api/v1/usage \
  -H "Authorization: Bearer dgk_live_3f2a1b...c8e9"

Security. Treat keys as production credentials. Store them in a secrets manager (1Password, AWS Secrets Manager, GitHub Actions secrets). If a key is compromised, revoke it from the dashboard — revoked keys fail with 401 on the next request.

Errors & rate limits

Errors return a JSON body with error (machine-readable) and message (human-readable):

{
  "error": "rate_limited",
  "message": "Rate limit exceeded (600 req/min). Slow down or contact us for higher limits."
}

Status	Code	Meaning
400	invalid_request	Missing or malformed parameter.
401	unauthorized	Missing, malformed, or revoked API key.
403	forbidden	Authenticated but not authorized for that resource.
404	not_found	Resource doesn’t exist.
429	rate_limited	Per-key cap is 600 req/min; contact us for higher tiers.
5xx	server_error	Our problem — retry with backoff.

Format a document

Takes raw text + a style preset, returns clean Markdown matching the style. Use any of the 23 styles (corporate, legal, invoice, letterhead, executive, etc.).

Field	Type	Description
contentrequired	string	Raw text or Markdown to format. Up to 80,000 chars.
stylerequired	string	Style preset slug. e.g. corporate, legal, invoice.
customInstructions	string	Optional override (e.g. “use bullet points throughout”).
companyName	string	Embed in headers / letterheads.
colors	object	{primary, accent} hex strings for branding.
previousOutput	string	For multi-turn refinements — the prior output to revise.

$ curl https://docuglow.ai/api/v1/format \
  -H "Authorization: Bearer dgk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "content": "we made $4.2M in q4 across 312 enterprise deals...",
    "style": "executive"
  }'

{
  "ok": true,
  "markdown": "# Q4 Performance Summary\n\n## Headline...",
  "style": "executive",
  "charCount": 1842
}

Send a document for signature

Creates a multi-signer session and returns a unique signing URL per signer. Email those links to your signers however you like — DocuGlow sends them automatically too if you call this from a logged-in session, but the API form gives you the URLs so your own system can route them.

Field	Type	Description
documentMarkdownrequired	string	The document body (Markdown). Use the output of /api/v1/format or your own.
documentTitle	string	Shown to signers and on the executed PDF.
signersrequired	array	[{name, email}] — at least one signer.
pdfOpts	object	Reserved for letterhead, color, footer overrides.

$ curl https://docuglow.ai/api/v1/sign/sessions \
  -H "Authorization: Bearer dgk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "documentTitle": "Vendor Master Service Agreement",
    "documentMarkdown": "# Master Service Agreement\n\n...",
    "signers": [
      { "name": "Jane Lender", "email": "jane@lender.com" },
      { "name": "DocuGlow", "email": "deploy@docuglow.ai" }
    ]
  }'

{
  "ok": true,
  "sessionId": "f3a1d2b6-...",
  "status": "pending",
  "signers": [
    {
      "name": "Jane Lender",
      "email": "jane@lender.com",
      "signingUrl": "https://docuglow.ai/sign/f3a1d2b6-.../e3a1f...c8d4"
    },
    ...
  ]
}

Check signing status

Returns the current state of a signing session — useful for polling while you wait for all signers to complete.

{
  "ok": true,
  "session": {
    "id": "f3a1d2b6-...",
    "status": "completed",
    "documentTitle": "Vendor Master Service Agreement",
    "createdAt": "2026-04-26T18:14:22Z",
    "completedAt": "2026-04-26T19:02:11Z",
    "signers": [
      { "name": "Jane Lender", "email": "jane@lender.com", "signed": true, "signedAt": "..." },
      { "name": "DocuGlow", "email": "deploy@docuglow.ai", "signed": true, "signedAt": "..." }
    ]
  }
}

Save a document to the vault

Field	Type	Description
namerequired	string	Display name shown in the vault.
markdownrequired	string	The document content in Markdown. Up to 200,000 chars.
style	string	Style preset slug for re-rendering later.
folderId	string	Optional folder UUID; defaults to vault root.
type	string	transformed, draft, etc.

List vault documents

Optional ?folderId=<uuid> query parameter to list a specific folder. Defaults to the vault root.

{
  "ok": true,
  "documents": [
    {
      "id": "8a2f...",
      "name": "Q4 Strategy Brief",
      "style": "executive",
      "type": "transformed",
      "size_bytes": 4120,
      "created_at": "2026-04-26T18:14:22Z"
    },
    ...
  ]
}

Inspect API key usage

Returns the calling key’s metadata + total request count + rate limit. Helpful for client-side dashboards and SLA monitoring.

{
  "ok": true,
  "key": {
    "id": "...",
    "name": "Production server",
    "prefix": "dgk_live_3f2a1b…c8e9",
    "createdAt": "2026-04-26T18:00:00Z",
    "lastUsedAt": "2026-04-26T19:42:11Z",
    "usageCount": 14237,
    "scopes": ["format","sign","vault"]
  },
  "rateLimit": { "perMinute": 600 }
}

Webhooks

Subscribe your systems to DocuGlow events — keep your CRM, billing platform, or ops Slack channel in sync without polling. Manage webhook endpoints from your webhooks dashboard.

Headers on every delivery:

Content-Type:        application/json
User-Agent:          DocuGlow-Webhooks/1.0
DocuGlow-Event:      signing.session.completed
DocuGlow-Delivery:   01HVCM... (uuid)
DocuGlow-Timestamp:  1714186742  (unix seconds)
DocuGlow-Signature:  sha256=8e0a...c7d4

Events

Event	When it fires
signing.session.created	A new signing session was created (web app or via API).
signing.signer.signed	A signer completed their signature on a session.
signing.session.completed	All signers have signed and the session is fully executed.
vault.document.created	A document was saved to the vault (transformed or via API).

Sample payload (a signing.session.completed event):

{
  "id": "01HVCMQ... (delivery uuid)",
  "type": "signing.session.completed",
  "created": 1714186742,
  "data": {
    "sessionId": "f3a1d2b6-...",
    "status": "completed",
    "documentTitle": "Vendor Master Service Agreement",
    "completedAt": "2026-04-27T18:14:22Z",
    "signers": [
      { "name": "Jane Lender", "email": "jane@lender.com", "signedAt": "..." },
      { "name": "Acme Corp", "email": "ops@acme.com", "signedAt": "..." }
    ]
  }
}

Verifying signatures

Each delivery is signed with HMAC-SHA256 over ${timestamp}.${rawBody} using the secret you stored when you created the webhook. Verify on your side before acting on the payload — and reject anything older than 5 minutes to defeat replay attacks.

// Node.js verification helper
const crypto = require('crypto');
function verify(req, secret) {
  const ts  = req.headers['docuglow-timestamp'];
  const sig = req.headers['docuglow-signature']; // "sha256=..."
  const raw = req.rawBody; // the unparsed request body string
  const expected = 'sha256=' + crypto
    .createHmac('sha256', secret)
    .update(ts + '.' + raw)
    .digest('hex');
  return crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected))
      && (Math.abs(Date.now()/1000 - Number(ts)) < 300);
}

Retry behavior. A delivery is retried up to 3 times with exponential backoff (1s, 4s, 16s) on network errors and 5xx responses. Any 2xx or 4xx response counts as terminal — that means returning a fast 200 even if processing fails async on your end is the cleanest pattern.

Need more?

Webhook delivery for signing events, custom scopes, IP allowlists, audit log exports, and SOC 2 reports are available on enterprise plans. Email us with your use case and we’ll set you up.