DOCUSIGN CONFIDENTIAL

Reaching Agreement: eSignature API strategiesLarry Kluger, Sr Product Manager, API Strategylarry.kluger@docusign.com

@larrykluger

Agreements are at the heart of business.

And a signature shows your acceptance of the agreement.

reynermedia

The first signature: Showing authorship.

Sumer, 3100 BCE

In what year did US courts first hold that an electronic signature was binding?

Before 1900? 1900-1949? 1950-1979? After 1980?

First electronic signature court case, 1869:“It makes no difference whether [the telegraph] operator writes … the [contract] acceptance … with a steel pen an inch long, … or [with a] pen [attached to a] copper wire a thousand miles long. In either case the thought is communicated … by the use of the finger resting upon the pen; nor does it make any difference that in one case … ink is used, while in the other case a more subtle fluid, known as electricity [is used].”[Howley v. Whipple, 48 N.H. 487]

147 years later: 2016 eIDAS regulations

Legal framework for eSignatures across the EU

100 Million usersin 188 countriesEvery day: 130K new users join DocuSign

Imagine What You Can Do.

100 Million usersin 188 countriesEvery day: 130K new users join DocuSign

Imagine What You Can Doand be the hero.

eSignatures for the World: Basic electronic signatures Advanced electronic

signatures: Digital Signatures

Qualified electronic signatures

Beyond Signatures: Authentication Workflow Payments & more to come

DocuSign is an API company:

“the API is the product–and developers are the customers”

>58% of

DocuSign’s transactions are via the API

500%

API transaction growth this year

API experience and issues

>3000 API integrations with customers and partners

Issue: Start with a Carrier-Grade Platform

0 min scheduled downtime

> 99.99%uptime

Thousandsof drives, tens

of PBs of storage

100s of Gbpsof networkbandwidth

150TB+of flash storagepowering our OLTP system

950K+daily

transactions

3K+ HTTPrequests/sec

Issue: Bank-level Security

To whom does InfoSec report?

IT / Engineering?

Legal?

Show a security badge

DocuSign Bank Grade Security ArchitectureDocuSign.net – Platform and Application

Trusted Participants

PrivateEnvelopes

EncryptedDocuments

Legal & BindingSignatures

Authenticity• Multi-facet

Signature verification

• Powerful Authentication

Confidentiality• AES 256

application• Key

Management & Encryption Program

Non-Repudiation• Digital audit

trail• Digital

checksums• ESIGN

warranted

Integrity• Tamper evident

documents• X.509 signed

final docs

DocuSign, Inc. – Business and OperationsPeople• Dedicated Staff• CISO, CLO, CTO• Industry voices

• Hiring policy• Formal

Certification

Process• 20+ internal

security policies• Incident

• Management• GRC Program• Security Council

Physically & Logically separate networks, dual firewalls, audited controls

Signers• 256 bit SSL• 11 Auth. Methods• Unalterable signer info

capture

Integrations• Secure API connections• Go Live Program

256bit SSLSecure Data in Motion

Data Centers

Disa

ster

Rec

over

y an

d Bu

sines

s Con

tinui

ty

NearReal-Time

Replication

Only fully ISO27001certified eSTM vendor

Carrier Grade Availability• Continuously

available• <30 minute RTO and

<10 second RPO• 99.99% since 2008• Advanced

monitoring & alerts

What do API Developers want?

First: who is using your API?

Or better, who is the customer?

Developers come in many flavors…

Table stakes:

DevCenter

Hello World

Recipes

Sample Apps

Reference Docs

Community

Internationalization Automatic language

detection Sign in 43 languages Send in 13 languages

“Apex” developers

IDE integration

SDKs

APIs

Most developers would prefer to not use your API.

(Sorry.)

We’re “all in” on SwaggerDocuSign Swagger file – 13 MbytesAutomatically generated: SDKs: C#, Java, Node.JS, PHP, Objective-C API Reference documentation API Explorer Custom Postman collection … and more to come

Larry KlugerLarry.kluger@docusign.com@larrykluger