OpenSign

OpenSign is a self‑hosted, open‑source PDF e‑signature platform designed to replace commercial services such as DocuSign. At its core, the application exposes a RESTful API and a web UI that together enable secure document signing workflows: upload, annotate, send to multiple parties, enforce signing order, and generate audit‑ready certificates. The system is built with a clear separation of concerns—an API layer, a background worker pipeline, and a React‑based front end—all orchestrated through Docker Compose for straightforward deployment.

Architecture & Technical Stack

• Backend – Golang (Go 1.22) powering a fast, type‑safe HTTP server with the chi router and gorm ORM. PostgreSQL serves as the primary relational store, while Redis is leveraged for message queuing and rate‑limiting.
• Worker Layer – Go routines consuming a RabbitMQ queue for heavy tasks such as PDF rendering, signature image generation, and email notifications. This decouples the API from long‑running jobs, ensuring a responsive user experience.
• Frontend – React 18 with TypeScript, using react-pdf for in‑browser PDF rendering and a custom canvas component that captures hand‑drawn signatures. Styling is managed through Tailwind CSS, allowing rapid UI tweaks without touching the core logic.
• Containerization – The entire stack is packaged in Docker images, with a single docker‑compose.yml that defines services for API, worker, web, PostgreSQL, Redis, and RabbitMQ. This makes scaling a matter of adjusting replica counts or deploying to Kubernetes.

Core Capabilities & APIs

• Document Lifecycle – Create, upload (multipart/form‑data), and store PDFs. Each document is immutable once signed; a new version can be created for re‑signing.
• Signing Workflow – API endpoints to create signing sessions, add signers (by email or link), enforce order, and track status (PENDING, IN_PROGRESS, COMPLETED). The worker signs PDFs using the pdfcpu library, embedding signature images and cryptographic hashes.
• Audit & Certification – Every signed document is accompanied by a certificate JSON containing timestamps, signer IPs, and access logs. The API exposes these logs for compliance reporting.
• Templates & Bulk Send – Reusable document templates are stored as JSON metadata. A bulk‑send endpoint accepts a CSV of signers and dispatches personalized signing links, integrating with an SMTP server configured via environment variables.
• Webhooks – Developers can register endpoints to receive POST notifications on status changes, enabling integration with CRM or ERP systems.

Deployment & Infrastructure

• Self‑Hosting – No proprietary dependencies; all components are open source. The Docker images can run on any host with Docker Engine, or be ported to Kubernetes via Helm charts (see the charts/opensign repo).
• Scalability – The worker service can be horizontally scaled; RabbitMQ guarantees message ordering and durability. PostgreSQL supports read replicas for reporting workloads, while Redis can be clustered for high‑throughput caching.
• Persistence & Backups – Persistent volumes are used for PostgreSQL data and PDF storage. Automated pg_dump scripts can be scheduled, and the API exposes a /backup endpoint that streams a compressed archive of all documents.

Integration & Extensibility

• Plugin System – The core exposes a Go plugin interface (opensign/plugin) that allows developers to inject custom authentication backends, signature rendering engines, or notification adapters. Plugins are compiled as shared objects and loaded at runtime.
• SDKs & Libraries – While the primary API is REST, a lightweight Go SDK (github.com/opensignlabs/sdk-go) wraps common calls and handles pagination. Community efforts have produced unofficial Python, Node.js, and Java clients.
• Custom UI – The React front end is modular; developers can fork the repo, replace components (e.g., swap react-pdf for a custom viewer), or integrate the API into their own SPA.

Developer Experience

• Configuration – All settings are driven by environment variables (OPEN_SIGN_DB_URL, SMTP_HOST, etc.), making CI/CD pipelines straightforward. The README includes a minimal .env.example and detailed documentation on each variable.
• Documentation Quality – The project hosts comprehensive docs under /docs: API reference, authentication flows, deployment guides, and a plugin development tutorial. The API docs are auto‑generated from OpenAPI annotations.
• Community & Support – A growing contributor base (≈ 70+ contributors) and an active Discord channel provide quick help. Issues are triaged with a clear labeling system, and the maintainers use isitmaintained to show healthy response times.

Use Cases

1. Enterprise Contract Signing – Companies can host OpenSign on their own infrastructure, ensuring GDPR compliance while leveraging the bulk‑send API to automate NDA workflows.
2. Legal & Notary Services – The audit trail and certificate generation satisfy regulatory requirements for notarized documents, and the plugin system allows integration with electronic notary platforms.
3. Freelance Platforms – A SaaS offering can embed OpenSign’s API to provide clients with a branded signing experience, while scaling workers behind a load balancer.
4. Educational Institutions – Schools can host the platform to allow students and staff to sign consent forms, with a simple CSV bulk‑send script for parent approvals.

Advantages Over Alternatives