Imagine you want an additional layer of security for your signature
requests, by requesting the signer to use a password or a phone verification
in the document signing step.
You can add the additional layer of security in a template or when
you create a signature request.
Phone verification
You can require the signer to use 2FA through their mobile phone to complete
the signature request by passing the verification_phone_number parameter on the signer along with their phone number. For example:
curl --location 'https://api.box.com/2.0/sign_requests' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ej...3t' \
--data-raw '{
"is_document_preparation_needed": true,
"is_phone_verification_required_to_view": true,
"parent_folder": {
"id": "234102987614",
"type": "folder"
},
"source_files": [
{
"id": "1358047520478",
"type": "file"
}
],
"signers": [
{
"email": "verify@example.com",
"role": "signer",
"verification_phone_number": "+15551232190"
}
]
}'
By default, phone verification is required at the signing step, which means
the signer can view the document before completing the verification. To
require phone verification before the signer can view the document, set the
is_phone_verification_required_to_view parameter to true when creating
the sign request.
Password verification
You can require the signer to use a password to open the signature request
by passing the password parameter in the signer object. For example:
curl --location 'https://api.box.com/2.0/sign_requests' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ej...3t' \
--data-raw '{
"is_document_preparation_needed": true,
"parent_folder": {
"id": "234102987614",
"type": "folder"
},
"source_files": [
{
"id": "1358047520478",
"type": "file"
}
],
"signers": [
{
"email": "verify@example.com",
"role": "signer",
"password": "1234"
}
]
}'
As the password verification is done on the first step, it prevents the
signer from accessing the document until the correct password is provided.
