AWS Partner Network (APN) Blog

Optimize Your Business Document Storage and Signature Workflow with Dropbox Solutions

By Taylor Krusen, Developer Relations Engineer – Dropbox
By Ben Fitzpatrick, Director, Strategic Business Development – Dropbox
By Darren Rohde, Partner Account Manager – Dropbox
By Kenny Rajan, Sr. Solutions Architect; and Jagdeep Sahni, Sr. Partner Development Manager – AWS


Businesses run on agreements. In the era of always-on business, paper contracts remain common, although they are time-intensive and can dramatically affect the efficiency of other workflows—sometimes taking weeks to get a paper or scanned document signed and returned. Other documents are never signed at all; likely buried in the mountain of email many of us face daily.

Today’s business moves fast. As companies realize the need to remove unnecessary friction caused by outdated contracting and agreements, they are looking for ways to prepare, send, sign, and track eSignatures effortlessly and increase signature completion rates within document processing.

Conventional means of getting signatures through mail, fax, or email take a great deal of time, money, and paper. Lots of paper have to be printed, copied, distributed, and stored for safekeeping.

In this post, we’ll walk through how HelloSign, Dropbox’s eSignature software, empowers businesses to send and sign agreements faster through a secure and reliable approach. Digitally sign documents in PDF, Word, Excel, PowerPoint, and more with digital signatures embedded in them for security and protection.

Dropbox is an AWS Partner that helps customers store, share, collaborate manage data access, and work together on projects. The Dropbox HelloSign is available as part of the HelloSign API. Developers can subscribe for free through AWS Marketplace.


Accelerating signature workflows manually for agreements can be tedious, intensive work. When it comes to signing contracts online, removing barriers is critical to growing the bottom line for any business. Ensuring that the process of sending and collecting signed contracts is as efficient as possible is key to success.

Automation can address some of these challenges, but not all. For starters, it’s difficult to automate and enable a seamless eSignature feature which provides fast and secure technology for your sales proposals and legal contracts. The following examples are scenarios where automated signature workflows may apply:

  • Sales Contracts: Sign contracts with an automated and branded signature workflow to close sales deals in no time, where customers can approve and sign documents anywhere and on any device. In addition, you can integrate eSignature workflows with your customer relationship management (CRM) systems to request signatures, track lifecycle status, and manage contracts out for signature.
  • Human Resources: Eliminate redundant HR tasks, accelerate approval workflows with your internal team, and digitalize HR signature workflows to dedicate more time to recruiting and onboarding.

Solution Overview

Along with the central workspace storage solutions for businesses, Dropbox offers easy-to-use and free HelloSign solutions to optimize the signature workflow. With HelloSign, businesses can:

  • Get contracts signed online faster, reducing turnaround time.
  • Easily set up templates for documents that need to be signed repeatedly.
  • Access all documents in one place on

HelloSign users can also access additional key features to make online contracts more efficient and streamline the signing process, including:

  • Signer permissions: Enable two-factor authentication that requires the signer to enter a unique code before accessing the document. This is particularly useful for highly-sensitive contracts.
  • Signer order: Assign a signing order to ensure the right fields are filled out in the right order, for use cases where you need one person signing a contract online.
  • Data validation: Set rules for text fields to protect against signer typos. For example, set a “numbers only” rule for a phone number text field. A signer will receive an error if they enter characters other than a number.
  • Templates: Create a reusable template for frequently used online contracts. Format the document once, save it as a template, and access the formatting again and again.
  • Branding: Customize the signing flow with your own unique branding, colors, and logo. This gives you the power to embed a signing flow that’s indistinguishable from the rest of your site.
  • Team management: Account admins can manage document permissions and configure team settings from a centralized dashboard, keeping everything organized and secure.

Setting Up the HelloSign API Account

For developers interested in testing the HelloSign API, there is an option to do this before purchasing a plan. Current HelloSign API customers can skip this step.

  1. On the HelloSign API homepage, select Sign up.
    • Alternatively, select Test it for free. On the API pricing page, view the API features and pricing information. Select Sign up.
  2. On the sign up page, create a HelloSign account by entering a username or sign up with your Dropbox or Google account.
  3. On the API pricing page, select a plan. For API testing, select Test it for free.


Figure 1 – Dropbox free trial selection.

  1. To activate the account, follow the steps in the activation email.
  2. Create a password.
  3. Log in with your account credentials.

Test out the HelloSign API by including the boolean parameter test_mode. Test mode allows you to test all the features in the API—no calls will count against any signature quotes. To learn more, read the HelloSign documentation.

Setting Up the HelloSign API Key

Using the following steps, you will create a HelloSign API key and set up a sample application for signature workflow.

  1. On the HelloSign log in page, hover over your email address.

Figure 2 – Dropbox sign-in section.

  1. Select My Settings, API.
  2. In the API key section, select Create API Key.
  3. Once HelloSign has created your API key, select Save.
  4. To create the API app, select Create.
  5. Enter the general information and event callback URL.
    Note: For this demonstration purpose, you can revisit this API settings page to add ngrok https callback URL to test the HelloSign workflow using the local host.


Figure 3 – Update event callback URL in the HelloSign portal.

  1. Select Save and copy the HelloSign API and client key to your local clipboard. You will update these credentials when you execute the GitHub code sample.

Now that you’ve created a HelloSign API key you can begin using the HelloSign API. The following section explores a use case for using HelloSign API with Amazon Simple Storage Service (Amazon S3) integration.

Amazon S3 and HelloSign API Sample

Whether you are sending invoices, agreements, or developing a marketing plan, creating, storing, and sharing digital content is a daily business function. A dedicated cloud storage, such as Amazon S3, can make these tasks more efficient and provide options to secure your content from unauthorized access with encryption features and access management tools.

The Dropbox code sample code demonstrates the use of the HelloSign API and the Amazon S3 API to send a non-embedded signature request from a file stored in S3. The server processes events from HelloSign throughout the signing flow. Once the document has been signed, it’s downloaded from HelloSign and uploaded back into Amazon S3.


Figure 4 – High-level architecture, API flow between application and Amazon S3.

Prerequisites to Test Amazon S3 and HelloSign API Sample

  • An AWS account with the necessary permissions to configure AWS Cloud9 and Amazon S3.
  • Create an Amazon S3 bucket. With Amazon S3 default encryption, you can set the default encryption behavior for a bucket so that all new objects are encrypted when they are stored there. Review the Amazon S3 documentation to learn more about the encryption behavior.
  • A HelloSign account with an API app created (following the steps outlined in the previous section).
  • For this demonstration purpose you can also have ngrok installed on your environment of choice to test the HelloSign document flow. The following components are needed to test the sample application:
    • Ngrok: Download the free version to run locally for this sample. Ngrok is an http tunneling that exposes your local environment so webhook payloads can be sent to your localhost server.
    • Express: Lightweight Node.js web server powering this sample. Installed with node modules.
    • Multer: Middleware for the express server to help consume HelloSign webhooks that are sent as multipart/form-data. Installed with node modules.

Note: You can also create your own application to test the code sample instead of using ngrok environment.

Running samples with AWS environment

For this demonstration purpose, the sample solution can be executed in your local environment or integrated in the development environment of your choice. If you intend to run this in on an Amazon Elastic Compute Cloud (Amazon EC2) instance, you can store the HelloSign API credentials in AWS Secrets Manager and modify the code and associated AWS Identity and Access Management (IAM) role to pull from there. To learn more, see the IAM roles documentation.


Figure 5 – AWS IAM credentials to access Amazon S3 bucket.

AWS Cloud9 can also be leveraged to execute the sample code if you want to use a cloud-based integrated development environment (IDE), that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal. For more information, see the AWS Cloud9 documentation. As a best practice, ensure the developer with access to the AWS Cloud9 environment is assigned with least privilege to execute this sample code.

Since your AWS Cloud9 IDE is cloud-based, you can work on projects from your office, home, or anywhere using an internet-connected machine. There is no additional charge for AWS Cloud9.

If you use an Amazon EC2 instance for your AWS Cloud9 development environment, you pay only for the compute and storage resources—an Amazon EC2 instance or Amazon Elastic Block Store (Amazon EBS), for example—that are used to run and store your code. For more information, see the AWS Cloud9 pricing documentation.

To set up the environment variables

  1. Clone the HelloSign API sample from the Dropbox HelloSign sample.
    Disclaimer: This sample is an open source project, owned and maintained by HelloSign (a Dropbox company), that was built for education and inspiration only. For any problems with the code or feature requests, please open a GitHub issue in this repository.
  2. Access the .env-example file and add the requested parameters (created in the previous steps) in order to execute the code. 
    # Replace the information below and rename this file to .env
    # Credentials for HelloSign. Api Key and Client Id from completed as part of  prerequisites section
    HS_API_KEY = 'your_hellosign_api_key'
    HS_CLIENT_ID = 'your_hellosign_client_id'
    #  Signer info to use in HelloSign signature request. Email is used for the HelloSign signature request
    signer_name = 'Test User'
    signer_email = ''
    # Name of S3 bucket to specify upload location
    s3_bucket_name = ‘s3_bucketname'
    # Path to local file used for this demo
    local_file_path = 'files-to-sign/fake-rental-agreement.pdf'
  3. .

  4. Once filled out, rename .env-example to .env.


Figure 6 – Rename the .env-example to .env.

  1. Access the s3client.js file to verify that const REGION matches the Amazon S3 bucket created.
  2. Add a PDF file to the /files-to-sign folder. This is the document you’ll be signing in this sample flow. For this sample execution, use the fake-rental-agreement.pdf included in this /files-to-sign folder path.
    Note: The local PDF file is just an example. In production, the documents used for eSignature flows can come from anywhere. They might be scanned, built with a text editor, or generated by a third-party tool, such as apps for sales, legal, or property management.
  3. To download libraries used in this demo, run npm install.
  4. From a shell environment in the root folder of this repository, run node server to start the express server. A log will indicate that the server is running.

Document workflow when sample code is executed

  1. Index.js file from the repository has a sample code that will used to initiate a signature request.
  2. Code sample includes an express server in server.js that listens to webhooks coming from HelloSign notifying that the signature workflow is taking place.
  3. Once the HelloSign signature request is completed, signature_request_all_signed event from this sample will be triggered to complete the user e-signing activity.
  4. Next, the signed document from your local environment will uploaded to Amazon S3 storage.
  5. Amazon S3 integration and HelloSign signature flow logic is executed through aws-helpers.js and hellosign-helpers.js files of this repository.
    • Upon execution, sample file will be uploaded into your Amazon S3 bucket.
    • A pre-signed URL for the file in Amazon S3 is retrieved.
    • Event is triggered to initiate HelloSign API to send a signature request.
    • Consumes a callback event (webhook) payload from HelloSign.
    • Use the event data to download the signed document to local directory /signed-files.
    • Completes the code execution by uploading signed document to the Amazon S3 bucket.

Running this sample

  1. From a shell environment, in the root folder of this repository, run node server to start the express server. You’ll see a log indicating the server is running.
    admin:~/environment/hellosign-aws-node-sample (master) $ node server
    Server listening on port 3000...


Figure 7 – Execute the sample code. 

  1. For this demo, run ngrok http 3000 (port must match PORT in the server.js file). This creates a public https URL to your localhost which is used for webhooks. Modify the sample to use your own callback URLs to test the HelloSign workflow. Copy the forwarded https URL from ngrok.
  2. In the HelloSign API Settings page, open the settings for the API application you created earlier and paste the ngrok URL into the Event callback field. Then, append the /hellosign-events POST route defined in _server.js_.


Figure 8 – Testing the HelloSign callback URL in HelloSign portal. 

Note: this should be the same API application you set with HS_CLIENT_ID in your .env file.

  1. On the API Settings page, select Test to verify your webhook handler is working.


Figure 9 – Validating the HelloSign callback URL in the HelloSign portal.

  1. Select Update application to save the configuration in the HelloSign API settings page to save the callback URL updates.
  2. Open a new shell environment, run node index to initiate your signature flow.
  3. When node index is executed, the sample rental agreement from the code repository will be upload to Amazon S3 bucket to get a pre-signed URL to send a signature request.
  4. Switch back to the express server in the shell environment to monitor webhooks come through (for example, signature_request_sent) once the signature flow has started.
  5. Log in to the email address where the signature request was sent and complete the signing flow. If you are testing the API, acknowledge the legal disclaimer and complete the signature section by electronically signing the document.


Figure 10 – Verifying email inbox for HelloSign request.

  1. Switch back to the node server terminal screen to monitor the HelloSign events for completion status.


Figure 11 – Validating the signature flow completion in AWS Cloud9.

  1. Once signing is completed, an event payload (signature_request_all_signed) from HelloSign will be sent to your server and trigger the final steps: downloading the signed file from HelloSign and uploading it to your Amazon S3 bucket.
  2. Inspect the results by looking at the local files, files in Amazon S3, and terminal. Download and open the file from the Amazon S3 bucket to verify it is the signed version. The console logs are also helpful to better understand the overall flow.


Figure 12 – Amazon S3 console. 

Using an Amazon S3 Trigger to Invoke an AWS Lambda Function

See the AWS Lambda documentation to invoke the AWS Lambda functions in response to events from Amazon S3. You can incorporate an event-based trigger and build extensions within your signature flow applications.

Using AWS Secrets Manager to Protect Secrets

You can use AWS Secrets Manager along with AWS Lambda and Amazon S3 to securely store HelloSign API credentials. Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources.

Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. For more information, see the AWS Secrets Manager documentation.


Clean up your AWS account to avoid ongoing charges for the resources you created in this post. To delete a bucket, follow the instructions outlined in the Amazon S3 documentation. To delete an Amazon EC2 instance, follow the instructions in the Amazon EC2 documentation.


As demonstrated by the code sample in this post, integrating document approval workflows with your favorite AWS tools can create value for your end users. However, this sample only scratches the surface of what’s possible by combining the HelloSign API with AWS.

Dropbox‘s HelloSign API gives you the ability to embed robust eSignature functionality directly into client applications—allowing you to sign documents, create signature requests, and even build templates without leaving the app.

By deploying the eSignature functionality onto a serverless compute layer, like AWS Lambda, you can create modular, self-contained services that can be automated, moved around, and easily integrated with your preferred AWS technology (while keeping sensitive information secure under one roof).

To learn about other HelloSign features (such as embedded signing), review the walkthroughs section of HelloSign documentation. For a detailed description of the different endpoints available, review the API reference section.

HelloSign also has official SDKs available in NodeJS, Python, Ruby, PHP, Java, and C# .NET, to build in your programming language of choice. If you’re interested in building with an embedded feature to create an even more seamless signing experience for users, review the white labeling documentation.

In addition to HelloSign’s eSignature capabilities, the core Dropbox API has a range of functionality around digital content management and sharing. For more details, read the Dropbox developer guides. Also, pre-built components are a great way to add Dropbox interaction to your client applications with just a small snippet of code.

To subscribe to the Dropbox solutions, visit AWS Marketplace.


Dropbox – AWS Partner Spotlight

Dropbox is an AWS Partner that helps customers store, share, collaborate manage data access, and work together on projects. It enables users to accelerate innovation and efficiency by providing a simple, secure way to share content.

Contact Dropbox | Partner Overview | AWS Marketplace

*Already worked with Dropbox? Rate the Partner

*To review an AWS Partner, you must be a customer that has worked with them directly on a project.