> ## Documentation Index
> Fetch the complete documentation index at: https://signatureapi-daf4ee54.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Email Code Authentication

> Authenticate recipients with a verification code sent to their email address.

With email code authentication, SignatureAPI sends the [recipient](/docs/api/resources/recipients/object) an email containing a 9-digit verification code. The recipient enters this code to authenticate and access their signing ceremony.

## When to use

Email code authentication is useful when:

* You want to share the ceremony URL through your own channels (SMS, app notifications, direct links).
* Recipients are in environments where email links may be blocked by security policies.
* You want to embed the ceremony in your application while still using email-based authentication.

Unlike [email link authentication](/docs/api/resources/ceremonies/authentication/email-link), the ceremony URL is returned in the API response. You deliver the URL yourself.

## How it works

<Steps>
  <Step title="Configure the ceremony">
    Create an envelope or call the Create Ceremony endpoint with `email_code` authentication. The API returns the ceremony URL.
  </Step>

  <Step title="Deliver the URL">
    Share the ceremony URL with the recipient through your chosen channel (email, SMS, in-app link, etc.).
  </Step>

  <Step title="Recipient enters code">
    When the recipient opens the URL, SignatureAPI prompts them to verify their email. After they click the verification button, SignatureAPI sends them a 9-digit code by email.
  </Step>

  <Step title="Authentication complete">
    The recipient enters the code. Once verified, they can proceed with signing.
  </Step>
</Steps>

## Creating an email code ceremony

### On envelope creation (automatic)

Set the recipient's ceremony authentication to `email_code` when creating the envelope. The ceremony URL is returned in the response.

```json Email code ceremony on envelope creation theme={null}
// POST https://api.signatureapi.com/v1/envelopes
// X-API-Key: key_test_...
// Content-Type: application/json

{
    "title": "Service Agreement",
    "recipients": [
        {
            "type": "signer",
            "key": "client",
            "name": "John Doe",
            "email": "john.doe@example.com",
            "ceremony": {
                "authentication": [
                    {
                        "type": "email_code"
                    }
                ]
            }
        }
    ],
    "documents": [ /* ... */ ]
}
```

The response includes `ceremony.url` for each recipient:

```json Response (excerpt) theme={null}
{
    "id": "abcdef12-3456-7890-1234-abcdef123456",
    "title": "Service Agreement",
    "recipients": [
        {
            "type": "signer",
            "key": "client",
            "name": "John Doe",
            "email": "john.doe@example.com",
            "ceremony": {
                "authentication": [
                    {
                        "type": "email_code"
                    }
                ],
                "url": "https://sign.signatureapi.com/en/start?token=eyJhbGcNiIsInR..."
            }
        }
    ]
}
```

### Create Ceremony endpoint (manual)

Use the [Create Ceremony](/docs/api/resources/ceremonies/create) endpoint to create an email code ceremony after the envelope is created.

<Note>
  Creating a new ceremony automatically revokes any previous ceremony for that recipient. Only the most recent ceremony remains active.
</Note>

```json Create email code ceremony theme={null}
// POST https://api.signatureapi.com/v1/recipients/{recipient_id}/ceremonies
// X-API-Key: key_test_...
// Content-Type: application/json

{
  "authentication": [
    {
      "type": "email_code"
    }
  ]
}
```

The `url` property in the response is the ceremony URL to deliver to the recipient.

```json Response theme={null}
// HTTP Status Code 201

{
  "authentication": [
    {
      "type": "email_code"
    }
  ],
  "embeddable_in": [],
  "redirect_url": null,
  "redirect_delay": 3,
  "url_variant": "standard",
  "url": "https://sign.signatureapi.com/en/start?token=eyJhbGcNiIsInR..."
}
```

## Recipient experience

<Steps>
  <Step title="Email verification prompt">
    The recipient opens the ceremony URL and is asked to verify their email address.

    <Frame>
      <img src="https://mintcdn.com/signatureapi-daf4ee54/to2kcqhpCDnABjF5/docs/api/resources/ceremonies/authentication/email-code/email-code-1.png?fit=max&auto=format&n=to2kcqhpCDnABjF5&q=85&s=5f9fd18c8b17492dffa740a5c7376cf0" alt="Email verification prompt" width="2000" height="1130" data-path="docs/api/resources/ceremonies/authentication/email-code/email-code-1.png" />
    </Frame>
  </Step>

  <Step title="Code sent by email">
    After the recipient clicks to verify, SignatureAPI sends them an email with the 9-digit code.

    <Frame>
      <img src="https://mintcdn.com/signatureapi-daf4ee54/to2kcqhpCDnABjF5/docs/api/resources/ceremonies/authentication/email-code/email-code-2.png?fit=max&auto=format&n=to2kcqhpCDnABjF5&q=85&s=8c0404adb5154124174891982367f302" alt="Email with code" width="2000" height="762" data-path="docs/api/resources/ceremonies/authentication/email-code/email-code-2.png" />
    </Frame>

    <Tip>
      In test mode, no emails are sent. You can view the verification codes that would have been sent in the SignatureAPI dashboard under ceremony details.
    </Tip>
  </Step>

  <Step title="Code entry">
    The recipient enters the code in the ceremony interface.

    <Frame>
      <img src="https://mintcdn.com/signatureapi-daf4ee54/to2kcqhpCDnABjF5/docs/api/resources/ceremonies/authentication/email-code/email-code-3.png?fit=max&auto=format&n=to2kcqhpCDnABjF5&q=85&s=6f5057b9073885889b04277df1548d8b" alt="Code entry interface" width="2000" height="1130" data-path="docs/api/resources/ceremonies/authentication/email-code/email-code-3.png" />
    </Frame>
  </Step>

  <Step title="Access granted">
    After the correct code is entered, the recipient can proceed with signing.

    <Frame>
      <img src="https://mintcdn.com/signatureapi-daf4ee54/to2kcqhpCDnABjF5/docs/api/resources/ceremonies/authentication/email-code/email-code-5.png?fit=max&auto=format&n=to2kcqhpCDnABjF5&q=85&s=dc93d80db3bfb7b5451d658a9cee5f3a" alt="Successful verification" width="2000" height="1130" data-path="docs/api/resources/ceremonies/authentication/email-code/email-code-5.png" />
    </Frame>
  </Step>
</Steps>

## Audit log

When the recipient enters the verification code, SignatureAPI records the timestamp. The audit log entry looks like this:

<div class="text-sm text-gray-500 border border-gray-200 rounded-md p-4 flex gap-8">
  <div class="flex-none">12/31/2025 11:59:59 PM</div>
  <div class="flex-1">John Doe (#7161cf07) has authenticated using a verification code sent to john⁠@example.com.</div>
</div>
