> ## Documentation Index
> Fetch the complete documentation index at: https://signatureapi-daf4ee54.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Multiple Authentication Methods

> Combine authentication methods to require recipients to complete more than one verification step.

You can combine multiple authentication methods in a single ceremony. Recipients must complete each method in sequence before accessing the ceremony.

## Rules

Not all combinations are valid. The table below shows which methods can appear at each position.

| Method                                                                 | First step | Second step and beyond |
| ---------------------------------------------------------------------- | :--------: | :--------------------: |
| [Email Link](/docs/api/resources/ceremonies/authentication/email-link) |     Yes    |           No           |
| [Email Code](/docs/api/resources/ceremonies/authentication/email-code) |     Yes    |           Yes          |
| [Custom](/docs/api/resources/ceremonies/authentication/custom)         |     Yes    |           No           |

Additional constraints:

* A ceremony supports a maximum of 5 authentication methods.
* `email_link` and `custom` can each only be used as the first step.
* `email_link` and `custom` cannot be combined together.
* You cannot use the same authentication method more than once in a ceremony.

## Common combinations

### Custom + Email Code

Your application authenticates the recipient first. SignatureAPI then independently verifies the recipient's identity by sending a code to their email.

Use this combination when you want to authenticate recipients in your own system and also require a second factor that SignatureAPI controls.

```json theme={null}
// POST https://api.signatureapi.com/v1/recipients/{recipient_id}/ceremonies
// X-API-Key: key_test_...
// Content-Type: application/json

{
  "authentication": [
    {
      "type": "custom",
      "provider": "SuperApp",
      "data": {
        "Session ID": "a4f9e8b2-7c1d-4b2d-9a4b-e0c5d6f7a1b3",
        "Authenticated At": "2026-01-15T10:30:00Z"
      }
    },
    {
      "type": "email_code"
    }
  ]
}
```

Recipient experience:

<Steps>
  <Step title="Authentication in your app">
    The recipient authenticates in your system (custom authentication).
  </Step>

  <Step title="Access the ceremony">
    You direct the recipient to the ceremony URL or embed the ceremony in your app.
  </Step>

  <Step title="Email verification">
    SignatureAPI prompts for additional email verification.
  </Step>

  <Step title="Code entry">
    The recipient enters the 9-digit code from their email.
  </Step>

  <Step title="Signing">
    The recipient proceeds to sign documents.
  </Step>
</Steps>

### Email Link + Email Code

SignatureAPI sends the invitation email automatically. When the recipient opens the ceremony, they must also enter an email verification code.

Use this combination when you want SignatureAPI to handle delivery but also need a second verification step inside the ceremony, for example to meet compliance requirements.

```json theme={null}
// POST https://api.signatureapi.com/v1/recipients/{recipient_id}/ceremonies
// X-API-Key: key_test_...
// Content-Type: application/json

{
  "authentication": [
    {
      "type": "email_link"
    },
    {
      "type": "email_code"
    }
  ]
}
```

Recipient experience:

<Steps>
  <Step title="Email link">
    The recipient clicks the ceremony link in the email sent by SignatureAPI.
  </Step>

  <Step title="Email verification">
    SignatureAPI prompts for a second verification step.
  </Step>

  <Step title="Code entry">
    The recipient enters the 9-digit code from their email.
  </Step>

  <Step title="Signing">
    The recipient proceeds to sign documents.
  </Step>
</Steps>
