Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.spitshake.io/llms.txt

Use this file to discover all available pages before exploring further.

ESIGN Consent Disclosure

Under the ESIGN Act section 101(c), consumers must consent to receiving records electronically before an electronic signature can be captured. SpitShake shows a consent disclosure modal to every signer by default. Senders can configure this modal per template: customize the copy, or disable it entirely for B2B transactions where the consumer consent requirement does not apply.

How it works

  1. A signer opens their signing link (/s/:slug).
  2. Before seeing the signing form, they see a full-screen consent disclosure modal.
  3. The modal displays the required information (paper alternative, withdrawal rights, hardware requirements, etc.).
  4. The signer clicks I Agree & Continue to proceed, or Decline to exit.
  5. Acceptance is recorded in the submitter’s encrypted metadata with a timestamp, IP address, and user agent.
  6. An immutable audit entry of type esign_disclosure.accepted is written.

Configuration

Template preferences

The consent modal is controlled by these template.preferences keys:
KeyTypeDefaultDescription
esign_disclosure_enabledbooleantrueShow the consent disclosure modal. Set to false for B2B templates.
esign_disclosure_titlestring"Consent to Electronic Records & Signatures"Custom modal title.
esign_disclosure_bodystring(federal default copy)Custom modal body. Plain text with line breaks for paragraphs. Overrides the default copy entirely.
esign_disclosure_agree_button_textstring"I Agree & Continue"Custom agree button text.
esign_disclosure_bypass_acknowledgedbooleanfalseRequired when disabling — sender attests this template is B2B only.

Customizing the modal copy

Override the title, body, or button text via the API: 
curl -X PUT "$DOCUTRUST_URL/api/templates/42" \
  -H "X-Auth-Token: $DOCUTRUST_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "preferences": {
      "esign_disclosure_title": "Electronic Signing Agreement",
      "esign_disclosure_body": "By proceeding, you agree to sign electronically.\n\nYou may request a paper copy at any time by contacting us.",
      "esign_disclosure_agree_button_text": "Accept & Sign"
    }
  }'
The body uses plain text with \n\n for paragraph breaks (rendered with whitespace-pre-line). When a custom body is set, it replaces the default federally-compliant copy entirely. The “Full disclosure” link to /legal/esignature-disclosure is always shown regardless of custom body.
If you provide custom body text, ensure it meets ESIGN Act section 101(c) disclosure requirements. Your organization’s legal counsel should review any custom copy before use.

Disabling for B2B templates

For pure B2B transactions where both parties are businesses (not consumers), the ESIGN section 101(c) consumer consent requirement does not apply. You can disable the modal: 
curl -X PUT "$DOCUTRUST_URL/api/templates/42" \
  -H "X-Auth-Token: $DOCUTRUST_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "preferences": {
      "esign_disclosure_enabled": false,
      "esign_disclosure_bypass_acknowledged": true
    }
  }'
Both flags must be set. The server requires esign_disclosure_bypass_acknowledged: true alongside esign_disclosure_enabled: false — setting the disable flag alone without the acknowledgment has no effect (the modal still shows). When the modal is disabled:
  • The signer lands directly on the start screen or first field.
  • The server auto-stamps acceptance metadata with esign_disclosure_bypassed_by_template: true and esign_disclosure_bypass_reason: "template_preference".
  • An immutable audit entry of type esign_disclosure.bypassed_by_template is written.
Only disable for B2B / non-consumer transactions. Under the ESIGN Act, consumer signers must consent to receiving records electronically. Your organization’s legal counsel should approve disabling the disclosure.

Re-enabling

Set esign_disclosure_enabled back to true (or remove it from preferences): 
curl -X PUT "$DOCUTRUST_URL/api/templates/42" \
  -H "X-Auth-Token: $DOCUTRUST_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "preferences": {
      "esign_disclosure_enabled": true
    }
  }'
New submissions created after re-enabling will show the modal. Previously-bypassed submitters retain their bypass metadata (no retroactive change).

Builder UI

The consent modal can also be configured in the template Builder:
  1. Open a template in the Builder (/templates/:id/edit).
  2. Open the template settings panel.
  3. Find the Electronic Signature Disclosure section.
  4. Toggle Show ESIGN consumer consent disclosure to enable or disable.
  5. When enabled: fill in optional custom title, body, and agree button text.
  6. When disabled: an amber warning appears with a B2B acknowledgment checkbox that must be checked.
  7. Changes auto-save after 3 seconds.

Audit trail

ESIGN consent events are recorded in the immutable audit trail:
EventDescription
esign_disclosure.acceptedSigner clicked “I Agree & Continue” on the consent modal.
esign_disclosure.bypassed_by_templateTemplate had disclosure disabled; acceptance was auto-stamped server-side.
Audit entry example (signer accepted): 
{
  "event_type": "esign_disclosure.accepted",
  "timestamp": "2026-04-20T14:22:00.000Z",
  "ip_address": "198.51.100.22",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)..."
}
Submitter metadata after acceptance: 
{
  "esign_disclosure_accepted_at": "2026-04-20T14:22:00.000Z",
  "esign_disclosure_accepted_ip": "198.51.100.22",
  "esign_disclosure_accepted_user_agent": "Mozilla/5.0..."
}
Submitter metadata when bypassed by template: 
{
  "esign_disclosure_accepted_at": "2026-04-20T14:22:00.000Z",
  "esign_disclosure_bypassed_by_template": true,
  "esign_disclosure_bypass_reason": "template_preference",
  "esign_disclosure_accepted_ip": "198.51.100.22",
  "esign_disclosure_accepted_user_agent": "Mozilla/5.0..."
}

Submission gate

The consent disclosure is enforced as a server-side gate. If a signer attempts to submit (POST /s/:slug/submit) without prior acceptance, the server returns: 
{
  "error": "Electronic signature disclosure must be accepted before submitting.",
  "code": "esign_disclosure_required"
}
This gate fires regardless of client-side state — even if the frontend modal is bypassed (e.g., by a custom integration), the server blocks submission until acceptance metadata is present.
The consent disclosure applies to all submitters on the template. If you need different consent behavior per role, create separate templates for each role.
The full statutory disclosure text is always available at /legal/esignature-disclosure, and the modal links to it regardless of custom body text. This ensures signers always have access to the complete federally-required information.