Penpact

Open source, AGPL-3.0, self-hostable

The e-signature API built to live inside your product.

Penpact is an open-source, embeddable e-signature API, the open alternative to DocuSign. Self-host the whole stack or use the managed cloud. Typed SDK, AI field detection, a real audit trail, no per-seat billing.

Get your API key Star on GitHub Read the quickstart

Early development (v0.1.0). The API is not stable yet and the consent text is pending a lawyer's review. We would rather say that plainly.

From zero to a sent document

Install @penpact/sdk, create an envelope, place a field, and send. The signer does the rest.

Add it to a React app 
import { PenpactClient } from '@penpact/sdk';

const penpact = new PenpactClient({ apiKey: process.env.PENPACT_API_KEY! });

const envelope = await penpact.createEnvelope({
  documentName: 'Mutual NDA',
  signers: [{ name: 'Ada Lovelace', email: '[email protected]' }],
});

await penpact.uploadDocument(envelope.id, pdfBytes);
await penpact.placeFields(envelope.id, [
  { type: 'signature', signerId: envelope.signers[0].id,
    page: 1, x: 72, y: 620, width: 200, height: 40 },
]);
await penpact.send(envelope.id);
// Your signer gets a link, consents, and signs. You get a sealed PDF.

How it works

  1. 1
    Create an envelope

    One call with the document name and signers.

  2. 2
    Upload and place fields

    Send a PDF, then place fields by coordinate or let AI propose them.

  3. 3
    Send

    Each signer gets a link, accepts the ESIGN disclosure, and signs.

  4. 4
    Get a sealed PDF

    Penpact flattens the values, seals the PDF, and writes a certificate of completion.

Why developers pick Penpact

Typed SDK, not a generated blob

A small, hand-written TypeScript client you can read in one sitting. No 200-method generated SDK, no learning a foreign object model.

AI field detection

Point Claude at the PDF and it proposes signature, date, and name fields. Review and send. Set ANTHROPIC_API_KEY to enable it when self-hosting.

Self-host in two minutes

docker compose up starts Postgres and the API and prints a working key. Keep every document on your own infrastructure under AGPL-3.0.

Evidence built in

ESIGN consent, an append-only audit trail with IP and timestamps, a PAdES digital signature on the sealed PDF, and a SHA-256 Certificate of Completion.

No per-seat, no per-page

Usage-based pricing on the managed cloud, and free forever when you self-host. Signing is part of your product, not a per-envelope tax.

Embeddable signing

A hosted signing page today, a drop-in React <Sign/> component next. Your users stay in your product.

Coming from DocuSign?

Per-envelope pricing, seat minimums, a generated SDK, and an iframe you style around. Penpact takes the opposite stance: open source, a typed SDK, and usage-based pricing with no seats.

See the full comparison

Read the source. Run it yourself.

The core engine is on GitHub under AGPL-3.0. Self-host for free, or use the managed cloud when you would rather not run the infrastructure.

Get your API key github.com/penpact/penpact