reaching agreement: esignature api strategies (api days paris 2016-12-13)
TRANSCRIPT
DOCUSIGN CONFIDENTIAL
Reaching Agreement: eSignature API strategiesLarry Kluger, Sr Product Manager, API [email protected]
@larrykluger
Agreements are at the heart of business.
And a signature shows your acceptance of the agreement.
reynermedia
The first signature: Showing authorship.
Sumer, 3100 BCE
In what year did US courts first hold that an electronic signature was binding?
Before 1900? 1900-1949? 1950-1979? After 1980?
First electronic signature court case, 1869:“It makes no difference whether [the telegraph] operator writes … the [contract] acceptance … with a steel pen an inch long, … or [with a] pen [attached to a] copper wire a thousand miles long. In either case the thought is communicated … by the use of the finger resting upon the pen; nor does it make any difference that in one case … ink is used, while in the other case a more subtle fluid, known as electricity [is used].”[Howley v. Whipple, 48 N.H. 487]
147 years later: 2016 eIDAS regulations
Legal framework for eSignatures across the EU
100 Million usersin 188 countriesEvery day: 130K new users join DocuSign
Imagine What You Can Do.
100 Million usersin 188 countriesEvery day: 130K new users join DocuSign
Imagine What You Can Doand be the hero.
eSignatures for the World: Basic electronic signatures Advanced electronic
signatures: Digital Signatures
Qualified electronic signatures
Beyond Signatures: Authentication Workflow Payments & more to come
DocuSign is an API company:
“the API is the product–and developers are the customers”
>58% of
DocuSign’s transactions are via the API
500%
API transaction growth this year
API experience and issues
>3000 API integrations with customers and partners
Issue: Start with a Carrier-Grade Platform
0 min scheduled downtime
> 99.99%uptime
Thousandsof drives, tens
of PBs of storage
100s of Gbpsof networkbandwidth
150TB+of flash storagepowering our OLTP system
950K+daily
transactions
3K+ HTTPrequests/sec
Issue: Bank-level Security
To whom does InfoSec report?
IT / Engineering?
Legal?
Show a security badge
DocuSign Bank Grade Security ArchitectureDocuSign.net – Platform and Application
Trusted Participants
PrivateEnvelopes
EncryptedDocuments
Legal & BindingSignatures
Authenticity• Multi-facet
Signature verification
• Powerful Authentication
Confidentiality• AES 256
application• Key
Management & Encryption Program
Non-Repudiation• Digital audit
trail• Digital
checksums• ESIGN
warranted
Integrity• Tamper evident
documents• X.509 signed
final docs
DocuSign, Inc. – Business and OperationsPeople• Dedicated Staff• CISO, CLO, CTO• Industry voices
• Hiring policy• Formal
Certification
Process• 20+ internal
security policies• Incident
• Management• GRC Program• Security Council
Physically & Logically separate networks, dual firewalls, audited controls
Signers• 256 bit SSL• 11 Auth. Methods• Unalterable signer info
capture
Integrations• Secure API connections• Go Live Program
256bit SSLSecure Data in Motion
Data Centers
Disa
ster
Rec
over
y an
d Bu
sines
s Con
tinui
ty
NearReal-Time
Replication
Only fully ISO27001certified eSTM vendor
Carrier Grade Availability• Continuously
available• <30 minute RTO and
<10 second RPO• 99.99% since 2008• Advanced
monitoring & alerts
What do API Developers want?
First: who is using your API?
Or better, who is the customer?
Developers come in many flavors…
Table stakes:
DevCenter
Hello World
Recipes
Sample Apps
Reference Docs
Community
Internationalization Automatic language
detection Sign in 43 languages Send in 13 languages
“Apex” developers
IDE integration
SDKs
APIs
Most developers would prefer to not use your API.
(Sorry.)
We’re “all in” on SwaggerDocuSign Swagger file – 13 MbytesAutomatically generated: SDKs: C#, Java, Node.JS, PHP, Objective-C API Reference documentation API Explorer Custom Postman collection … and more to come
Larry [email protected]@larrykluger