Where do I start with Chaindoc?

Head to the Quick Start guide. It walks you through creating an account, uploading your first document, and sending it for signature. Takes about five minutes if you already have a document ready.

Is there an API reference?

Yes. The API reference covers every endpoint, including authentication, document upload, signer management, and webhook configuration. Each endpoint includes request and response examples you can test in the sandbox.

What SDKs are available for Chaindoc?

Chaindoc has SDKs for JavaScript/TypeScript, Python, and Go. The SDKs and libraries page has installation instructions and code samples. If your language isn't listed, the REST API works with any HTTP client.

How do webhooks work in Chaindoc?

Chaindoc sends POST requests to your endpoint when events happen: document signed, viewed, expired, and so on. The webhooks guide shows how to configure endpoints, verify signatures, and handle retries.

Do I need an account to use the Chaindoc sandbox?

Yes, but it's free. Sign up at chaindoc.io and you'll get sandbox access automatically. No credit card needed. The sandbox mirrors production, so anything you build there will work the same way when you switch.

Where can I find Chaindoc code examples?

Every docs page has inline code snippets. For full working examples, the guides section includes end-to-end signing flows, bulk operations, and template-based workflows with copy-paste code.

Team management

Chaindoc lets you organize your team with roles, permissions, and shared workspaces. This page covers how to invite members, set up access control, create approval workflows, and work with external collaborators.

Every action is logged in the audit trail, so you'll always know who did what and when. If you're just getting started, the quick start guide shows the basics first.

How teams are structured

The hierarchy goes: Organization > Departments > Teams > Projects. Most companies don't need all four levels. Start with teams and add departments if your org is big enough to need them.

Organization — your top-level entity (one per company)
Departments — group teams by function: Legal, HR, Sales, etc.
Teams — smaller groups that work together on documents
Projects — temporary groups for specific initiatives, auto-archive when done

Teams can be private (only members see them), public (visible to the whole org), or cross-functional (members from different departments). You can also create client teams that include external collaborators.

Roles and permissions

Chaindoc has six built-in roles. Each one controls what a person can see and do across the organization.

Built-in roles

Owner — full control: billing, user management, account deletion. There's always exactly one.
Admin — manages users, teams, system settings, and integrations. Can do everything except delete the account.
Manager — runs a team or department. Creates teams, manages members, approves documents.
Member — the standard role. Can create documents, send signature requests, and view team documents.
Guest — for external people (clients, vendors). Can only view and sign documents assigned to them. No extra license cost.
Auditor — read-only access across everything. Can view all documents and audit trails, generate reports. Useful for compliance teams.

Custom roles

If the built-in roles don't fit, create custom ones. You pick which permissions to include (view, create, edit, delete, approve) and scope them to specific departments or document types. For example, you might create a "HR Reviewer" role that can only access employee contracts.

Custom roles can have expiration dates too, which is handy for temporary assignments.

Adding and managing users

Inviting members

The easiest way is email invitation. Send invites one at a time or bulk import via CSV. If you have SSO set up, users from your identity provider get provisioned automatically when they first log in.

Email invitation with a custom welcome message
Bulk import via CSV for onboarding a whole department
SSO auto-provisioning (Azure AD, Google Workspace, Okta, OneLogin)
Domain-based auto-join: anyone with @yourcompany.com can request access
API-based creation for programmatic user management

User lifecycle

Users move through states as they join and eventually leave. The important thing: when someone leaves, deactivate their account immediately and transfer their document ownership. The audit trail stays intact even after deactivation.

Onboarding — invitation sent, automated welcome email with setup guide
Active — full access to assigned resources
Suspended — temporary freeze (investigation, extended leave)
Deactivated — permanent removal, documents transferred to another user
Audit trail data is preserved after deactivation for compliance

Shared workspaces

Each team gets a shared workspace with folders, templates, and tags. Members automatically have access to everything in the workspace. You don't have to share individual documents one by one.

Workspaces include a team activity dashboard, shared signature workflows, and team-level analytics. Comments on documents support @mentions, so you can ping specific people. Internal notes (not visible to signers) work well for leaving context for your teammates.

Approval workflows

Route documents through an approval chain before they go out for signing. This is useful for contracts that need manager review, or legal documents that require compliance sign-off.

Multi-step approval chains (e.g., manager > legal > VP)
Sequential or parallel approval at each step
Conditional routing based on document value or type
Automatic escalation if someone doesn't approve within the deadline
Delegation: approvers can assign someone else to cover for them
Full approval history in the audit trail

You can save approval chains as templates and reuse them. Most teams set up 2-3 templates for common scenarios (standard contract, high-value deal, employment agreement).

Working with external parties

Guests get limited access to specific documents or folders. They can view and sign what you assign to them, but can't see anything else. Guest accounts don't count toward your user license.

For ongoing client relationships, you can set up branded client portals: a dedicated space where clients upload files, sign documents, and communicate with your team. White-label options are available if you want to remove Chaindoc branding.

Guest activity is tracked in the audit log just like internal users. You can set time-limited access that expires automatically.

Authentication and security

You can require MFA for all users (recommended), or make it optional. For the full list of security options, see the security guide.

SSO via SAML 2.0 (Azure AD, Google Workspace, Okta, OneLogin)
Multi-factor authentication: authenticator app, SMS, hardware keys (FIDO2)
IP address and geographic restrictions
Session timeout policies (configurable by role)
Remote session termination and concurrent session limits
Login alerts for suspicious activity

If you're using LDAP or Active Directory, Chaindoc syncs with your directory so user provisioning and deprovisioning happen automatically.

Analytics and reporting

The team dashboard shows documents created per user, average time to signature completion, approval bottlenecks, and storage usage by team. You can export these reports or schedule them to be emailed to team leads weekly.

For compliance, there are pre-built reports for access audits, permission changes, failed authentication attempts, and retention policy adherence. All of this data is also available through the API if you need to pull it into another system.

Best practices

A few things that save headaches as your team grows:

Define roles and permissions before inviting anyone. Retroactive permission changes are a pain.
Set up SSO early. Adding it later means everyone has to re-link their accounts.
Enforce MFA from day one. It's much harder to turn on after people are used to logging in without it.
Review access quarterly. People change roles, and permissions tend to accumulate.
Deactivate departed users immediately. Don't just let accounts sit idle.
Use approval templates for your most common document types so teams don't have to build chains from scratch.

Troubleshooting

User can't access team documents

Check their team membership first, then their role. If they're in the team but still blocked, look at folder-level permissions. Permissions from roles and folders stack, so a restrictive folder permission can override a permissive role.

Invitation not received

Check the spam folder. If it's a corporate email, their IT team may be filtering signing-related emails. Verify the address is correct and resend. You can also send a direct link instead.

Verify the SAML configuration: the entity ID, ACS URL, and certificate all need to match exactly. Check with your identity provider admin. The most common issue is an expired certificate on the IdP side.

What to do next

Documents — organizing files, folders, and permissions
Signatures — signature types and signing workflows
API documentation — programmatic team and user management
Webhooks — get notified on team and document events
Security — encryption, access controls, and compliance

Documentation