TL;DR: The BoldSign Users API enables end-to-end automated user management by allowing applications to invite users, assign roles and teams, manage invitations, update user details, and audit users programmatically, removing the need for manual administration.
If you want to automate user onboarding and access control in BoldSign, you can do it end-to-end with the BoldSign Users API: invite users, assign roles, list and fetch user details for auditing, update roles, and resend or cancel invitations.
This guide is for developers embedding eSignatures into an app who need consistent, programmatic user provisioning instead of manual admin work.
What you can automate with the BoldSign Users API
- Provision users during onboarding (bulk invite by email)
- Assign teams and roles (Admin/Member/ TeamAdmin)
- Track and audit user rosters (list users + get user details)
- Manage invitation state (resend/cancel for pending users)
- Optionally manage organization changes (metadata updates, team moves)
What you’ll need before you start
- A BoldSign account(sandbox or production).
- An API key(orOAuth2 access token) to call BoldSign APIs over HTTPS.
- A REST client such as cURL, Postman, or your preferred HTTP library.
Authentication headers should be in one of the following formats:
- API Key: X-API-KEY: <your key>
- OAuth2: Authorization: Bearer <access_token>
Note: The examples below use API key authentication for clarity.
BoldSign Users API endpoints used in this guide
Core users endpoints (v1)
| Task | Method | Endpoint |
| Invite users (create users) | POST | https://api.boldsign.com/v1/users/create |
| List users | GET | https://api.boldsign.com/v1/users/list |
| Get a user | GET | https://api.boldsign.com/v1/users/get |
| Update user role | PUT | https://api.boldsign.com/v1/users/update |
| Resend invitation | POST | https://api.boldsign.com/v1/users/resendInvitation |
| Cancel invitation | POST | https://api.boldsign.com/v1/users/cancelInvitation |
| Update user metadata | PUT | https://api.boldsign.com/v1/users/updateMetaData |
| Move user to another team | PUT | https://api.boldsign.com/v1/users/changeTeam |
How to auto-provision users during app onboarding
If your SaaS product maps each customer to a BoldSign organization, your onboarding flow typically needs to:
- Assign users to the right team
- Set the correct role (Admin/Member/TeamAdmin)
- Attach department metadata (for reporting)
- Handle invitations (resend/cancel)
- Keep the roster auditable via API
The rest of this document implements that flow step-by-step.
How to create and manage BoldSign users
Step 1: Authenticate your requests
For each request, include any one of the following:
- API Key (server-to-server): X-API-KEY: <your key>
- OAuth2 (delegated): Authorization: Bearer <access_token>
Pro tip: Keep API keys and OAuth tokens server-side only—never embed them in browser/mobile apps.
Step 2: Get the Team ID you want to assign users to
Before inviting users, list teams and pick the right teamId.
You can find detailed instructions in the Teams API documentation.
What this does: Fetches teams (including teamId) so you can place users into the correct team.
Note: teamId is not mandatory when creating a user. If you want to assign the user to a team, include the teamId; otherwise, you can skip this step.
Step 3: Invite users with team, role, and metadata
Creating users is an invite flow: you send email addresses and BoldSign emails the invite. Users complete verification and set a password. For a full walkthrough, see invite new users to a team.
Required fields for invitations
| Field | Required | What it’s for | Notes |
EmailId | Yes | User’s email (treat this as your natural unique key) | Use a valid email format |
TeamId | No | Which BoldSign team the user belongs to | Get from /v1/teams/list |
UserRole | No | Admin or Member or TeamAdmin | Set explicitly for predictable access |
MetaData | No | Key-value attributes (department, designation, etc.) | Useful for reporting and filters |
For more details, refer to the official Create User API documentation
curl -X POST 'https://api.boldsign.com/v1/users/create' \
-H 'accept: */*' \
-H 'X-API-KEY: {your API key}' \
-H 'Content-Type: application/json' \
-d '[
{
"EmailId": "[email protected]",
"TeamId": "xxc5b097-xxxx-xxxx-xxxx-afd07c66xxxx",
"UserRole": "Admin",
"MetaData": {
"Employee": "Permanent",
"Department": "Sales",
"Designation": "Sales Manager"
}
},
{
"EmailId": "[email protected]",
"TeamId": "xxc5b097-xxxx-xxxx-xxxx-afd07c66xxxx",
"UserRole": "Member",
"MetaData": {
"Employee": "Contract",
"Department": "Sales",
"Designation": "Sales Executive"
}
}
]'
var apiClient = new ApiClient("https://api.boldsign.com", "YOUR_API_KEY");
var userClient = new UserClient(apiClient);
var createUserRequest = new List<CreateUserRequest>()
{
new CreateUserRequest()
{
EmailId = "[email protected]",
TeamId = "YOUR_TEAM_ID",
UserRole = UserRoleType.TeamAdmin,
MetaData = new Dictionary<string, string>()
{
{ "Employee", "Permanent" },
{ "Department", "Sales" },
{ "Designation", "Sales Manager" }
}
},
};
var userCreated = userClient.CreateUser(createUserRequest);
import boldsign
configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
with boldsign.ApiClient(configuration) as api_client:
user_api = boldsign.UserApi(api_client)
create_user_request = boldsign.CreateUser(
emailId= "[email protected]",
teamId="YOUR_TEAM_ID",
userRole="Admin")
user_created = user_api.create_user([create_user_request])
<?php require_once "vendor/autoload.php";
use BoldSign\Configuration;
use BoldSign\Api\UserApi;
use BoldSign\Model\CreateUser;
$config = new Configuration();
$config->setApiKey('YOUR_API_KEY');
$user_api = new UserApi($config);
$create_user_request = new CreateUser();
$create_user_request->setEmailId('[email protected]');
$create_user_request->setTeamId('YOUR_TEAM_ID');
$create_user_request->setUserRole('Member');
$user_created = $user_api->createUser([$create_user_request]);
ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("YOUR_API_KEY");
UserApi userApi = new UserApi(client);
CreateUser createUserRequest = new CreateUser();
createUserRequest.setEmailId("[email protected]");
createUserRequest.setTeamId("YOUR_TEAM_ID");
createUserRequest.setUserRole(CreateUser.UserRoleEnum.MEMBER);
userApi.createUser(Arrays.asList(createUserRequest));
import { UserApi, CreateUser } from "boldsign";
const userApi = new UserApi();
userApi.setApiKey("YOUR_API_KEY");
var createUserRequest = new CreateUser();
createUserRequest.emailId = "[email protected]";
createUserRequest.teamId = "YOUR_TEAM_ID";
createUserRequest.userRole = CreateUser.UserRoleEnum.Member;
const userCreated = userApi.createUser([createUserRequest]);
Step 4: List users to verify provisioning
After invites are sent, list users to confirm they exist and capture userId for future actions.
For more details, see the official List Users API documentation
Which query parameters control pagination and search?
| Parameter | Required? | What it does | Notes |
page | No | Page number to fetch | Typically starts from 1 |
pageSize | No | Number of users per page | Defaults to 10; can be set between 1 and 100 |
search | No | Filter results by user attributes (e.g., username, email, userId) | Useful for quick lookups |
curl -X 'GET' \
'https://api.boldsign.com/v1/users/list?pageSize=10&page=1&search=xxxx' \
-H 'accept: application/json' \
-H 'X-API-KEY: {your API key}'
var apiClient = new ApiClient("https://api.boldsign.com", "Your_API_Key");
var userClient = new UserClient(apiClient);
var userRecords = userClient.ListUsers(1, 10, "luther");
import boldsign
configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
with boldsign.ApiClient(configuration) as api_client:
user_api = boldsign.UserApi(api_client)
user_records = user_api.list_users(page=1,page_size=10,search="luther")
<?php require_once "vendor/autoload.php";
use BoldSign\Configuration;
use BoldSign\Api\UserApi;
$config = new Configuration();
$config->setApiKey('YOUR_API_KEY');
$user_api = new UserApi($config);
$user_records = $user_api->listUsers($page = 1,$page_Size=10,$search='luther');
ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("YOUR_API_KEY");
UserApi userApi = new UserApi(client);
UserRecords userRecords = userApi.listUsers(1, 10, "luther");
import { UserApi } from "boldsign";
const userApi = new UserApi();
userApi.setApiKey("YOUR_API_KEY");
const userRecords = userApi.listUsers(1, 10, "luther");
What this does: Pulls a paginated roster for verification and auditing.
Expect to capture: userId, email, teamId, role, userStatus, timestamps, and optional metaData.
Step 5: Get a single user’s details
Use users/get when you have a stored userId and want the latest status, role, teamId, and metadata.
Check the official Get User API documentation for complete usage guidelines.
curl -X 'GET' \
'https://api.boldsign.com/v1/users/get?userId=e892ea92-xxxx-xxxx-xxxx-bbdbcaa5xxxx' \
-H 'accept: application/json' \
-H 'X-API-KEY: {your API key}' \
var apiClient = new ApiClient("https://api.boldsign.com", "YOUR_API_KEY");
var userClient = new UserClient(apiClient);
var userDetails = userClient.GetUserDetails("YOUR_USER_ID");
import boldsign
configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
with boldsign.ApiClient(configuration) as api_client:
user_api = boldsign.UserApi(api_client)
user_details = user_api.get_user(user_id="YOUR_USER_ID")
<?php require_once "vendor/autoload.php";
use BoldSign\Configuration;
use BoldSign\Api\UserApi;
$config = new Configuration();
$config->setApiKey('YOUR_API_KEY');
$user_api = new UserApi($config);
$user_details = $user_api->getUser($user_id='YOUR_USER_ID');
ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("YOUR_API_KEY");
UserApi userApi = new UserApi(client);
UserProperties userDetails = userApi.getUser("YOUR_USER_ID");
import { UserApi } from "boldsign";
const userApi = new UserApi();
userApi.setApiKey("YOUR_API_KEY");
const userDetails = userApi.getUser("YOUR_USER_ID");
Pro tip: Read before your right. Fetch current values before you update roles or team assignment to avoid accidental overwrites.
Step 6: Update a user’s role
Promote a user to Admin (or demote back to Member) using the update endpoint.
Refer to the official Update User API documentation for detailed information and examples.
curl -X 'PUT' \
'https://api.boldsign.com/v1/users/update' \
-H 'accept: */*' \
-H 'X-API-KEY: {your API key}' \
-H 'Content-Type: application/json;odata.metadata=minimal;odata.streaming=true' \
-d '{
"UserId": "77f0a721-xxxx-xxxx-xxxx-17fcb032xxxx",
"UserRole": "Admin"
}'
var apiClient = new ApiClient("https://api.boldsign.com", "YOUR_API_KEY");
var userClient = new UserClient(apiClient);
var updateUser = new UpdateUser("YOUR_USER_ID", UserRoleType.Admin);
userClient.UpdateUser(updateUser);
import boldsign
configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
with boldsign.ApiClient(configuration) as api_client:
user_api = boldsign.UserApi(api_client)
update_User = boldsign.UpdateUser(
userId="YOUR_USER_ID",
userRole="Admin")
user_api.update_user(update_User)
<?php require_once "vendor/autoload.php";
use BoldSign\Configuration;
use BoldSign\Api\UserApi;
use BoldSign\Model\UpdateUser;
$config = new Configuration();
$config->setApiKey('YOUR_API_KEY');
$user_api = new UserApi($config);
$update_user = new UpdateUser();
$update_user->setUserId('YOUR_USER_ID');
$update_user->setUserRole('Admin');
$user_api->updateUser($update_user);
ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("YOUR_API_KEY");
UserApi userApi = new UserApi(client);
UpdateUser updateUser = new UpdateUser();
updateUser.setUserId("YOUR_USER_ID");
updateUser.setUserRole(UpdateUser.UserRoleEnum.TEAM_ADMIN);
userApi.updateUser(updateUser);
import { UserApi, UpdateUser } from "boldsign";
const userApi = new UserApi();
userApi.setApiKey("YOUR_API_KEY");
const updateUser = new UpdateUser();
updateUser.userId = "YOUR_USER_ID";
updateUser.userRole = UpdateUser.UserRoleEnum.Member;
userApi.updateUser(updateUser);
What this does: Updates the role of a specified user in your BoldSign organization.
Step 7: Resend or cancel invitations
If a user hasn’t accepted their invitation yet, you can resend or cancel it.
Resend invitation
Refer to the official Resend invitations guide for detailed steps and best practices.
curl -X 'POST' \
'https://api.boldsign.com/v1/users/resendInvitation?userId=e892ea92-xxxx-xxxx-xxxx-bbdbcaa5xxxx' \
-H 'accept: */*' \
-H 'X-API-KEY: {your API key}'
var apiClient = new ApiClient("https://api.boldsign.com", "YOUR_API_KEY");
var userClient = new UserClient(apiClient);
userClient.ResendInvitation("YOUR_USER_ID");
import boldsign
configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
with boldsign.ApiClient(configuration) as api_client:
user_api = boldsign.UserApi(api_client)
user_api.resend_invitation(user_id="YOUR_USER_ID")
<?php require_once "vendor/autoload.php";
use BoldSign\Configuration;
use BoldSign\Api\UserApi;
$config = new Configuration();
$config->setApiKey('YOUR_API_KEY');
$user_api = new UserApi($config);
$user_api->resendInvitation($user_id='YOUR_USER_ID');
ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("YOUR_API_KEY");
UserApi userApi = new UserApi(client);
userApi.resendInvitation("YOUR_USER_ID");
import { UserApi } from "boldsign";
const userApi = new UserApi();
userApi.setApiKey("YOUR_API_KEY");
userApi.resendInvitation("YOUR_USER_ID");
Cancel invitation
For detailed instructions, see the cancel invitations guide.
curl -X 'POST' \
'https://api.boldsign.com/v1/users/cancelInvitation?userId=e892ea92-xxxx-xxxx-xxxx-bbdbcaa5xxxx' \
-H 'accept: */*' \
-H 'X-API-KEY: {your API key}'
var apiClient = new ApiClient("https://api.boldsign.com", "YOUR_API_KEY");
var userClient = new UserClient(apiClient);
userClient.CancelInvitation("YOUR_USER_ID");
import boldsign
configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
with boldsign.ApiClient(configuration) as api_client:
user_api = boldsign.UserApi(api_client)
user_api.resend_invitation(user_id="YOUR_USER_ID")
<?php require_once "vendor/autoload.php";
use BoldSign\Configuration;
use BoldSign\Api\UserApi;
$config = new Configuration();
$config->setApiKey('YOUR_API_KEY');
$user_api = new UserApi($config);
$user_api->cancelInvitation($user_id='YOUR_USER_ID');
ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("YOUR_API_KEY");
UserApi userApi = new UserApi(client);
userApi.cancelInvitation("YOUR_USER_ID");
import { UserApi } from "boldsign";
const userApi = new UserApi();
userApi.setApiKey("YOUR_API_KEY");
userApi.cancelInvitation("YOUR_USER_ID");
Edge case: Resend/cancel applies only to users who haven’t accepted the invite.
How to update user metadata
If you store extra information like department or employee type, the endpoint supports partial updates.
For detailed guidance, see the official Update user metadata documentation
curl -X PUT 'https://api.boldsign.com/v1/users/updateMetaData' \
-H 'accept: */*' \
-H 'X-API-KEY: {apikey}' \
-H 'Content-Type: application/json' \
-d '{
"UserId": "6e455aa5-xxx-xxxx-xxx-2c6590521811",
"MetaData": {
"Department": "Sales"
}
}'
var apiClient = new ApiClient("https://api.boldsign.com", "{apikey}");
var userClient = new UserClient(apiClient);
var updateUserMetaData = new UpdateUserMetaData()
{
UserId = "6e455aa5-xxx-xxxx-xxx-2c6590521811",
MetaData = new Dictionary()
{
["Department"] = "Sales",
},
};
await userClient.UpdateUsersMetaDataAsync(updateUserMetaData);
import boldsign
# Configure the BoldSign client
configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
with boldsign.ApiClient(configuration) as api_client:
# Initialize the User API
user_api = boldsign.UserApi(api_client)
# Prepare the metadata update request
update_request = boldsign.UpdateMetaDataRequest(
user_id="6e455aa5-xxx-xxxx-xxx-2c6590521811",
meta_data={
"Department": "Sales"
}
)
# Call the API to update metadata
response = user_api.update_meta_data(update_request)
<?php require_once "vendor/autoload.php";
use BoldSign\Configuration;
use BoldSign\Api\UserApi;
use BoldSign\Model\UpdateUserMetaData;
$config = new Configuration();
$config->setApiKey('YOUR_API_KEY');
$user_api = new UserApi($config);
$update_meta = new UpdateUserMetaData();
$update_meta->setUserId('YOUR_USER_ID');
$update_meta->setMetaData([
'Department' => 'Sales',
]);
$response = $user_api->updateMetaData($update_meta);
ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("YOUR_API_KEY");
UserApi userApi = new UserApi(client);
// Prepare metadata update request
UpdateUserMetaData updateMeta = new UpdateUserMetaData();
updateMeta.setUserId("YOUR_USER_ID");
Map metaData = new HashMap<>();
metaData.put("Department", "Sales");
updateMeta.setMetaData(metaData);
userApi.updateMetaData(updateMeta);
import { UserApi, UpdateUserMetaData} from "boldsign";
// Initialize the User API
const userApi = new UserApi();
userApi.setApiKey("YOUR_API_KEY");
// Prepare the metadata update request
const updateMetaDataRequest = new UpdateUserMetaData();
updateMetaDataRequest.userId = "6e455aa5-xxx-xxxx-xxx-2c6590521811"; // User ID
updateMetaDataRequest.metaData = {
Department: "Sales",
};
// Call the API to update metadata
userApi.updateMetaData(updateMetaDataRequest)
How to move a user to another team
When a user changes departments, move them to a different team. The change-team endpoint can optionally transfer documents.
Change Team API Parameters
| Parameter | Type | Required | Description |
userId (Query) | string | Yes | The unique identifier of the user being moved. Obtainable from the Users or Teams section of the web app. |
toTeamId (Request Body) | string | Yes | The target team ID to which the user will be transferred. |
transferDocumentsToUserId (Request Body) | string | No | The user ID of the recipient who will inherit the documents of the transferred user. |
Consult the official Change team API documentation for comprehensive guidance and best practices.
curl --location --request PUT 'https://api.boldsign.com/v1/users/changeTeam?userId=d98c14c5- xxx-xxxx-xxx-b39ca83c0da8' \
--header 'accept: */*' \
--header 'X-API-KEY: {apikey}' \
--header 'Content-Type: application/json' \
--data '{
"toTeamId": "9bca0986-xxx-xxxx-xxx-30ffe3a2c5b7"}'
var apiClient = new ApiClient("https://api.boldsign.com", "{apikey}");
var userClient = new UserClient(apiClient);
var changeTeam = new ChangeTeam()
{
ToTeamId = "9bca0986-xxx-xxxx-xxx-30ffe3a2c5b7"
};
userClient.ChangeTeam("UserId", changeTeam);
import boldsign
configuration = boldsign.Configuration(api_key="YOUR_API_KEY")
with boldsign.ApiClient(configuration) as api_client:
# Initialize the User API
user_api = boldsign.UserApi(api_client)
# Prepare the change team request
change_team_request = boldsign.ChangeTeamRequest(
to_team_id="9bca0986-xxx-xxxx-xxx-30ffe3a2c5b7" )
response = user_api.change_team(
user_id="6e455aa5-xxx-xxxx-xxx-2c6590521811",
change_team_request=change_team_request
)
<?php
require_once "vendor/autoload.php";
use BoldSign\Configuration;
use BoldSign\Api\UserApi;
use BoldSign\Model\ChangeTeamRequest;
$config = new Configuration();
$config->setApiKey('YOUR_API_KEY');
$user_api = new UserApi($config);
$change_team = new ChangeTeamRequest();
$change_team->setToTeamId('YOUR_TEAM_ID');
$response = $user_api->changeTeam('YOUR_USER_ID', $change_team);
ApiClient client = Configuration.getDefaultApiClient();
client.setApiKey("YOUR_API_KEY");
UserApi userApi = new UserApi(client);
// Prepare change team request
ChangeTeamRequest changeTeam = new ChangeTeamRequest();
changeTeam.setToTeamId("YOUR_TEAM_ID");
// Call the API to change team for the user
userApi.changeTeam("YOUR_USER_ID", changeTeam);
import { UserApi, ChangeTeamRequest } from "boldsign";
const userApi = new UserApi();
userApi.setApiKey("YOUR_API_KEY");
const changeTeamRequest = new ChangeTeamRequest();
changeTeamRequest.toTeamId = "9bca0986-xxx-xxxx-xxx-30ffe3a2c5b7";
userApi.changeTeam("6e455aa5-xxx-xxxx-xxx-2c6590521811", changeTeamRequest)
What this does: Moves a user to a new team and optionally transfers their documents.
Plan ahead for: document ownership, in-progress workflows, and approval side effects.
Important Notes
- In-progress documents: If a document is currently in-progress, it will be declined or revoked during transfer.
- Completed documents: All completed documents will remain in the completed state and are moved along with the user when they change to another team.
- Sender identity approvals: All sender identity approvals associated with the changed user will be revoked. The reassigned user must obtain approval again from those sender identities to access on-behalf documents.
- Impact & Risks:
- Transferred documents become accessible under the new team, which may alter visibility and permissions.
- Sensitive or confidential files could unintentionally be exposed to new team members.
- TransferDocumentsToUserId behavior: If specified, all transferred documents will be accessible only to the new target user. The old user will no longer have access once the transfer is complete.
Testing checklist for a reliable onboarding flow
- List teams → pick a teamId.
- Create (invite) user(s) → confirm invitation sent.
- List users → capture userId.
- Get user → verify userStatus, role, teamId, metadata.
- Update role or resend/cancel invite as needed.
- Optional: update metadata or change team.
Best practices for production-grade provisioning
- Never expose credentials client-side. Keep API keys/OAuth tokens on the server.
- Avoid duplicate provisioning. Treat email as your unique key, and store a mapping to BoldSign userId.
- Implement retries with exponential backoff for transient failures.
- Read before you write. Fetch current role/team/status before applying updates.
- Validate behavior and plan for change.
Key takeaways
With the BoldSign Users API, you can run a complete provisioning lifecycle inside your product: invite in bulk, audit users, update roles, and manage invitations. For richer admin workflows, endpoints like metadata updates and team moves help model real org changes, just plan carefully around document ownership and workflow side effects.
Take advantage of a 30-day free trial, or get expert assistance via the BoldSign support portal to design your ideal integration.
FAQ : BoldSign user provisioning via API
How do I invite users using the Users API?
Use the Create Users endpoint with the user’s email (and optionally role, teamId, and metadata).
How do I get the userId required for updates and invitation actions?
You can retrieve the userId by listing users using the Users List API and optionally confirming details with the Get User API.
Which roles can be assigned to a user?
Users can be assigned the Admin, Member, or TeamAdmin roles during creation or updated later using the Update User API.
When can invitations be resent or canceled?
Resend and cancel actions apply only to users who have not yet accepted their invitation.
Can I update user metadata without overwriting existing values?
Yes. The Update Metadata API supports partial updates, allowing you to modify or add specific key-value pairs without affecting existing metadata.
Is it possible to move a user to another team?
Yes. Users can be moved to a different team using the Change Team API, with an option to transfer document ownership.
What’s the recommended approach for production usage?
Store credentials securely on the server, avoid duplicate users by treating email as the unique identifier, fetch user details before updates, and test team and document transfers carefully.
