The Signatu SDK is written in Isomorphic Javascript, which means that you can use it in your NodeJS server as well as in the browser.


Access to the Signatu APIs are authorized using OAuth Bearer tokens. Your NodeJS app can use Client Credentials to create access tokens. We provide a convenient getToken() function that will manage the provisioning for you.

You need to set the following environment variables:

  • SIGNATU_CLIENT_ID - the client ID.
  • SIGNATU_CLIENT_SECRET - the client secret.

You can create new clients in Access Tokens under your account.

IMPORTANT - do not put any of these keys in your code (see Security).


const getToken = require('@signatu/sdk').oauth.getToken
const scope = 'consent policy' // list of scopes separated by space
const token = await getToken(scope)
* { access_token: '...',
* expires_in: 3600,
* scope: 'consent policy DEFAULT',
* refresh_token: '...',
* token_type: 'Bearer' }


We provide an example Express proxy.

Note - this code is an example and is not production ready.

const proxy = require('express-http-proxy')
const express = require('express')
const getToken = require('@signatu/sdk').oauth.getToken
const app = express()
const endPoint = 'https://api.signatu.com'
const scope = 'consent'
const port = 3600
throw new Error(`Must set SIGNATU_API_KEY`)
proxy(endPoint, {
proxyReqOptDecorator: async (proxyReqOpts, srcReq) => {
const token = await getToken(scope)
if (token) {
proxyReqOpts.headers['Authorization'] = `Bearer ${token.access_token}`
/** x-api-key is required for /v0 of the Consent API */
proxyReqOpts.headers['x-api-key'] = SIGNATU_API_KEY
return proxyReqOpts
/** @note this is not production ready - just an example for how to proxy requests */
app.listen(port, () => console.log(`Example Signatu Proxy listening on port ${port}!`))