As the world steadily embraces digitization, the evolution of document signing from traditional pen and paper to digital signatures is inevitable. This shift brings notable challenges, not only in retaining the familiar signing process but, more importantly, in safeguarding the security and legal integrity of signed documents. Moreover, digital signatures need to be able to verify the identity of the signer to prevent fraud, which is where electronic ID (eID) comes in, serving as a digital form of identity verification.
Dropbox Sign can help with all these challenges seamlessly. With Dropbox Sign, you can create legally binding signatures by drawing, typing, or uploading signatures—all within seconds. With Dropbox Sign’s eID verification feature, you can verify the identity of the signers and ensure that they are who they claim to be.
In this article, you'll learn how Dropbox Sign streamlines the eID verification process and delivers a safe and secure document signing process.
What is Dropbox eID
Many businesses face situations where verifying identity is crucial to avoid potential fraud and legal ramifications. For instance, companies need to be able to verify the identity of a new hire before they sign a job offer. Typically, when digitally signing a job offer, there's no way to verify that the new hire is actually the one signing the document. However, with eID, the signer must perform an identity check and verify their identity to be able to sign the document.
Different countries use different eID frameworks, but the concept of eID is always the same. With eID, every user has an electronic proof of identity that they must present to validate their authenticity. Thankfully, with the Dropbox Sign eID feature, it's easy to implement.
Dropbox Sign partners with Qualified Trust Service Providers (QTSP) in different countries to provide a streamlined eID verification process that looks like this:
- The eID verification is enabled when you create the Signature Request.
- The signer can proceed with signing the document.
- The signer is asked to verify their identity.
- The signer selects their country.
- An eID verification method is chosen based on the country. eID verification is quick and easy, using AI-powered liveliness checks and government ID verification.
- Once the eID is verified, the document is successfully signed.
eIDAS compliance
Because eID is a critical aspect of verifying the identities of users, it's essential that proper standards are set in place to ensure the highest level of security and reliability. That's where electronic IDentification, Authentication, and trust Services (eIDAS) comes in.
eIDAS is a European Union project that was launched in 2014. It works to regulate eID frameworks across Europe.
eIDAS creates and maintains standards for eSignatures, eSeals, eTimestamps, and eID, which enables a safe and secure electronic transaction experience with the same legal validity as paper-based transactions.
eIDAS offers two levels of trust for digital signatures: advanced electronic signature (AES) and qualified electronic signature (QES).
AES requires the signer to pass identity verification by producing a valid government-issued document and/or passing a biometric check. AES provides a higher level of trust than typical signatures by verifying the government-issued proof of identity.
QES goes one step further by using a face-to-face, or equivalent, ID verification process by a QTSP. The resulting digital certificate is created with a qualified electronic signature device.
Dropbox Sign supports both AES and QES by partnering with reputed QTSPs throughout the world.
Benefits of Dropbox eID
Dropbox eID provides numerous benefits for your document signing workflow, including the following:
- Mitigates risk with identity verification: eID verification with Dropbox Sign increases security and combats fraud and scams. You get a legally binding signature while also verifying the identity of the signer.
- Streamlines identity verification through simplified integration: To integrate eID verification with a document signing workflow, developers need to build integrations with two separate APIs: one for document signing and one for eID verification. However, this process can be tedious and error-prone. Dropbox Sign simplifies this process by putting both under one umbrella. Enabling eID verification is as easy as passing a single parameter to the API call, and Dropbox Sign handles the rest.
- Offers an easy-to-use system: Dropbox Sign is easy to use and offers comprehensive documentation and a responsive support team.
How to use eID verification with Dropbox Sign
In this section, you'll learn how to use eID verification with Dropbox Sign. This article integrates Dropbox Sign with a Next.js project using its Node.js SDK, but you can also follow a similar process for other frameworks.
To follow along, you need the following:
- A Dropbox Sign account. Please note that eID verification is only available with the Premium plan. To participate, you need to subscribe to that plan. eID verification cannot be used in test mode, so following along will cost you money. If you prefer not to follow along, screenshots are provided throughout to offer insights into the functionality.
- The latest version of Node.js installed. This article uses Node.js v20.
Enabling eID verification
To begin, sign into your Dropbox Sign account. Click on the user avatar in the top-right corner of your dashboard and select Admin Console.
In the Admin Console, navigate to Settings > Signature requests. In the Signature request options sections, you'll find a toggle to turn on eID:
When you turn eID on, you'll be asked to confirm your decision. Click on Yes, I'm sure to enable eID:
Make sure you save your settings before proceeding.
On the Dropbox Sign dashboard, click on API in the left sidebar. Then click on Generate key to create a new API key. Give the key a name (here, it's named "eID demo") and click on Generate key:
Copy the newly created API key and store it in a safe place.
Creating the application
For simplicity, a starter app has been created using Next.js, which you can find on GitHub. You need to clone the starter
branch of this repository, which acts as the starting point for this tutorial:
Install the dependencies with npm install
.
In components/CreateSignatureRequestForm.jsx
, you'll find a form that helps you upload a document and create a Signature Request. Right now, the backend code is incomplete, so the form does nothing. You can confirm this by running npm run dev
and visiting http://localhost:3000
in your browser:
The form is defined in the components/CreateSignatureRequestForm.jsx
file. The file looks like this:
Pay special attention to the onSubmit
method. It extracts the values from the form and makes a POST
request to /api/signature-request
. Next, you'll write the handler for this API route.
Writing the API handler
Start by creating a file named .env
in the root of the project and add the following code:
Replace <YOUR_API_KEY>
with the API key you generated in the previous section.
Inside the pages
directory, create a new api/signature-request
directory. Create an index.js
file inside this newly created directory.
This file is responsible for taking the contents of the form and making requests to the Dropbox Sign API.
Now, you need to define the handler for the `/api/signature-request` route. You also need to turn off bodyParser
because you'll be using formidable to parse the form contents:
Inside the handler
function, the first step is to make sure it responds only to POST
requests:
Then you need to parse the submitted form and extract the fields:
Install the Dropbox Sign Node SDK by running npm install @dropbox/sign
.
Now, you need to configure an instance of the SignatureRequestApi
class from the Dropbox Sign SDK. This class is responsible for making the request to the Dropbox Sign SDK.
Begin by importing the class:
Then instantiate an object of the SignatureRequestApi
class:
And configure the options for the signature request:
Here, you're setting the title, subject, and message of the Signature Request by using the form content. The signers
option sets the name and email ID of the signer. An email notification is sent to the signer at this email address.
Please note: If you're enabling eID, you're not allowed to have more than one signer.
The files
option attaches the document that needs to be signed, and the signingOptions
option specifies how the signer can sign the document. In this case, you're allowing drawing, typing, and uploading the signature, as well as allowing a mobile signature.
The final parameter, isEid
, is the one that tells Dropbox Sign that the signer must verify their identity using eID before they can sign the document.
Note: If you're using the Dropbox Sign API directly, this parameter is named is_eid.
Finally, make the request:
The entire file looks like this:
Testing the app
To test the app, start the Next.js server with the following command:
Open http://localhost:3000
in your browser. You should see the Create Signature Request form.
Fill up the fields, attach a document, and click on Submit:
You'll receive an email asking you to sign the document:
When you click on Review & sign, you'll be taken to a preview of the document, with a new page appended to it. There, you have an option to add a signature:
Select Click to sign, and you are given the option to draw, type, or upload a signature:
When you click on Next, you'll receive a confirmation dialogue for starting eID:
When you click on Continue, the eID verification will begin. You need to choose your country and the method of verification. The process varies based on your location. Follow the prompts. Once the verification is done, the signature is complete.
You can find the final code in the main
branch of this GitHub repo.
Conclusion
eID is a crucial tool for identity verification. It adds an extra layer of security for document signing workflows by ensuring the signers are who they say they are.
In this article, you explored the eID feature of Dropbox Sign and learned how to use eID verification with Dropbox Sign. Dropbox Sign offers an easy-to-integrate eID verification flow with the help of QTSPs that are AES and QES compliant.
Stay in the loop
Thank you!
Thank you for subscribing!