E-Signature
Firma
API integration
Ship E-Signature features without building the integration. Full Firma API access via Proxy and 40+ MCP-ready tools for AI agents — extend models and mappings to fit your product.
Talk to usUse Cases
Why integrate with Firma
Common scenarios for SaaS companies building Firma integrations for their customers.
Embed white-labeled e-signature in your SaaS
Offer your customers a native signing experience inside your product without redirecting them to a third-party site. Use Firma's embedded JWT flows to keep contract creation and signing fully within your UI.
Automate contract workflows per customer tenant
Provision an isolated Firma workspace for every customer who signs up, keeping their templates, signing requests, and documents legally and operationally separated within your multi-tenant SaaS.
Generate and dispatch contracts from your own data
Pull template fields, inject data from your application database (tenant names, rent amounts, salary figures), and create signing requests programmatically so contracts always reflect the latest state of your records.
Reconcile signed documents back into your system of record
Subscribe to Firma webhooks to know the moment a document is signed, then pull the executed PDF and audit certificate to attach to the originating record in your CRM, ATS, or PropTech ledger.
Ship a native template builder to your customers
Let your end-users build their own contract templates inside your product using Firma's embedded template editor, authenticated with short-lived tokens you generate on demand.
What You Can Build
Ship these features with Truto + Firma
Concrete product features your team can ship faster by leveraging Truto’s Firma integration instead of building from scratch.
Per-tenant workspace provisioning
Automatically create a dedicated Firma workspace when a new customer onboards, and update its timezone, email headers, and branding to match the tenant.
Embedded template editor with JWT tokens
Generate scoped template tokens and embed Firma's drag-and-drop PDF editor in an iframe so customers design contract templates without leaving your app.
Embedded signing sessions inside your client portal
Mint signing-request JWTs to render Firma's signing UI directly within your application, so signers complete documents in your native UX.
Dynamic field-aware contract generation
List a template's fields to discover variables, then create a signing request that pre-fills values pulled from your own database before sending.
Webhook-driven document reconciliation
Register webhooks for signing-request events, rotate signing secrets on a schedule, and trigger downstream automations (S3 archival, status updates) when documents complete.
Resend and cancel controls for signing operations
Expose buttons in your UI to send, resend, cancel, or partially update signing requests, plus configure automated reminder cadences per template.
SuperAI
Firma AI agent tools
Comprehensive AI agent toolset with fine-grained control. Integrates with MCP clients like Cursor and Claude, or frameworks like LangChain.
list_all_firma_companies
Retrieve information about the authenticated firma company. Returns: id, company_name, account_owner, account_owner_email, website, icon_url, credits, date_created, date_changed, name, language, created_date, updated_date.
update_a_firma_company_by_id
Fully replace all firma company details in a single PUT operation. Returns: id, company_name, account_owner, account_owner_email, website, icon_url, credits, date_created, date_changed, name, language, created_date, updated_date. Required: name, account_owner, account_owner_email, website.
firma_companies_partial_update
Partially update specific firma company fields via PATCH; only the provided fields are changed. At least one field must be supplied. Returns: id, company_name, account_owner, account_owner_email, website, icon_url, credits, date_created, date_changed, name, language, created_date, updated_date.
list_all_firma_workspaces
List firma workspaces for the authenticated company. Returns: id, name, protected, date_created, date_changed. Supports optional filtering by name, protected status, and creation date range, and sorting by name, protected, or created_on.
create_a_firma_workspace
Create a new firma workspace for the authenticated company. Returns: id, name, protected, date_created, date_changed, api_key, created_date, updated_date. Required: name. All workspaces are created as non-protected by default.
update_a_firma_workspace_by_id
Fully replace a firma workspace by id (full replacement operation requiring the name field). Returns: id, name, protected, date_created, date_changed, api_key, created_date, updated_date. Required: id, name.
firma_workspaces_partial_update
Partially update a firma workspace by id via PATCH. Returns: id, name, protected, date_created, date_changed, api_key, created_date, updated_date, results, pagination. Required: id. Only the name field can be updated; the protected field is read-only and cannot be changed via API.
get_single_firma_workspace_by_id
Get a specific workspace in Firma using id. Returns fields including id, name, api_key, protected, created_date, updated_date, webhook_enabled, and webhook_secret details.
list_all_firma_templates
List firma templates with optional filtering by name or date range. Returns: id, name, description, document_url, document_url_expires_at, date_created, date_changed, page_count, expiration_hours, credit_cost, settings, recipients, fields, created_date, updated_date.
create_a_firma_template
Create a new firma template from a base64-encoded PDF document. Returns: id, name, description, document_url, document_url_expires_at, date_created, date_changed, page_count, expiration_hours, credit_cost, settings, recipients, fields, created_date, updated_date. Required: name, document.
get_single_firma_template_by_id
Get a single firma template by id. Returns the full template object including id, name, description, document_url, document_url_expires_at, page_count, expiration_hours, credit_cost, settings, recipients, fields, created_date, and updated_date. Required: id.
update_a_firma_template_by_id
Comprehensively update a firma template including metadata, users, fields, and reminders. Returns the full updated template including id, name, description, document_url, document_url_expires_at, page_count, expiration_hours, credit_cost, settings, recipients, fields, created_date, and updated_date. Required: id. At least one body section must be provided.
delete_a_firma_template_by_id
Soft-delete a firma template by id. The template is marked as deleted but its data is retained. Returns: message, template_id. Required: id.
firma_templates_duplicate
Duplicate a firma template into a new signing request, copying all fields, recipients, reminders, and settings. Returns: message, signing_request. Required: id.
firma_templates_partial_update
Partially update a firma template by id. Supports updating template properties (name, description, document, expiration_hours, settings) OR a single user — cannot mix both in one request. Returns: message, updated_fields, user, template_id. Required: id.
list_all_firma_template_users
List all recipients/users associated with a specific firma template. Returns: id, name, email, designation, order. Required: template_id.
list_all_firma_template_fields
List all fields configured for a specific firma template. Returns each field's id, field_name, field_type, required, position_x, position_y, page_number, recipient_id, variable_name, dropdown_options, read_only, and format_rules. Required: template_id.
list_all_firma_template_reminders
List all reminders configured for a specific firma template. Returns: id, hours, subject, message, all_users, template_user_id, date_created, date_changed. Required: template_id.
list_all_firma_signing_requests
List signing requests in firma with optional filters by name, status, date range, signer email, and signer name. Returns each item including id, name, description, document_url, expiration_hours, created_date, recipients, and fields.
create_a_firma_signing_request
Create a new firma signing request from a base64-encoded PDF document or an existing template (provide either document or template_id, not both). For document-based creation, allow_editing_before_sending is automatically set to true. Returns: id, name, description, document_url, document_url_expires_at, document_page_count, status, expiration_hours, settings, template_id, date_created, date_sent,…
get_single_firma_signing_request_by_id
Get a specific firma signing request by id. Returns: id, name, description, document_url, document_url_expires_at, document_page_count, status, expiration_hours, settings, template_id, date_created, date_sent, date_finished, date_cancelled, expires_at, certificate, final_document_download_url, final_document_download_error, page_count, credit_cost, created_date, updated_date, sent_date,…
update_a_firma_signing_request_by_id
Comprehensively update a firma signing request's properties, recipients, fields, and reminders in a single call. Returns: signing_request, changes. Required: id. Cannot update after the request has been sent, completed, or cancelled.
firma_signing_requests_send
Send a firma signing request to all recipients via email, triggering email delivery and recording the sent timestamp. Returns: message, signing_request_id, recipients_notified, sent_date, expires_at. Required: id.
firma_signing_requests_cancel
Cancel a firma signing request that has been sent but not yet completed. Returns: message, signing_request_id, cancelled_on, notify_signers. Required: id. Cannot cancel requests that are already finished, cancelled, or not yet sent.
firma_signing_requests_partial_update
Partially update a firma signing request by id. Supports updating name, description, document, expiration_hours, and settings, OR a single recipient (add or update) — cannot combine both in one request, and updates are blocked after the request has been sent, completed, or cancelled. Returns the updated signing request including id, name, description, created_date, updated_date, recipients,…
list_all_firma_signing_request_users
List all recipients/users for a specific signing request in firma. Returns: id, name, email, designation, order, finished_date, signature_details. Required: signing_request_id.
list_all_firma_signing_request_fields
List all fields for a specific firma signing request, including their values and completion status. Returns: id, field_name, field_type, field_value, completed. Required: signing_request_id.
list_all_firma_signing_request_reminders
List all reminders scheduled for a specific signing request in firma. Returns: id, hours, subject, message, all_users, template_user_id, date_created, date_changed. Required: signing_request_id.
create_a_firma_signing_request_resend
Resend a firma signing request notification to one or more eligible recipients. Returns: message, signing_request_id, recipients_notified, recipients. Required: signing_request_id, recipient_ids. Cannot resend to recipients who have already signed; for requests with signing order enabled, only recipients at the current active order may be targeted.
list_all_firma_webhooks
List firma webhooks with optional filtering and sorting. Returns: id, url, events, enabled, date_created, date_changed, description, consecutive_failures, auto_disabled_at, created_at, updated_at. Supports filtering by enabled status, url, event type, and creation date range.
create_a_firma_webhook
Create a new firma webhook. Returns: id, url, events, enabled, date_created, date_changed, description, consecutive_failures, auto_disabled_at, created_at, updated_at. Required: url, events.
get_single_firma_webhook_by_id
Get a specific firma webhook by id. Returns: id, url, events, enabled, date_created, date_changed, description, consecutive_failures, auto_disabled_at, created_at, updated_at. Required: id.
update_a_firma_webhook_by_id
Update an existing firma webhook by id. Returns: id, url, events, enabled, date_created, date_changed, description, consecutive_failures, auto_disabled_at, created_at, updated_at. Required: id.
delete_a_firma_webhook_by_id
Soft-delete a firma webhook by id, retaining data but marking the webhook as deleted. Returns: message, webhook_id. Required: id.
create_a_firma_webhook_test
Send a test payload to a firma webhook URL to verify it is working correctly. Returns: message, webhook_id, test_payload, response_status, response_time_ms. Required: webhook_id.
create_a_firma_webhooks_rotate_secret
Rotate the webhook signing secret for the company in firma. Generates a new secret while keeping the old one valid for 7 days to allow graceful migration. Returns: message, new_secret, old_secret_expires_at, rotated_at. Rate limited to 1 request per hour.
list_all_firma_webhooks_secret_status
Get the current webhook secret rotation status in firma. Returns: has_secret, secret_created_at, last_rotated_at, old_secret_expires_at, old_secret_still_valid.
create_a_firma_generate_template_token
Generate a JWT token for embedding a firma template in your application. Returns: token, expires_at, jwt_record_id. Required: companies_workspaces_templates_id. Token expires after 24 hours.
create_a_firma_revoke_template_token
Revoke a previously generated JWT template token in firma, preventing it from being used for template embedding. Returns: message, jwt_id, revoked_at. Required: jwt_id.
create_a_firma_jwt_generate_signing_request
Generate a JWT token in firma for embedding a signing request editor. Returns: jwt, jwt_id, expires_at, signing_request_id. Required: companies_workspaces_signing_requests_id. The JWT expires after 7 days.
create_a_firma_jwt_revoke_signing_request
Revoke a previously generated signing request JWT token in firma, preventing it from being used for embedded editing. Returns: message, jwt_id, revoked_at. Required: jwt_id.
create_a_firma_save_embedded_signing_request
Save changes to an embedded signing request in firma. Returns a confirmation message. Required: companies_workspaces_signing_requests_id.
create_a_firma_send_embedded_signing_request
Send an embedded signing request in firma to notify recipients and trigger the signing workflow. Returns: message, signing_request_id. Required: companies_workspaces_signing_requests_id.
create_a_firma_get_embedded_signing_request
Retrieve embedded signing request data from firma for use in an embedded editor. Returns the complete signing request object including signing_request, fields, recipients, and reminders. Required: companies_workspaces_signing_requests_id.
list_all_firma_documents
List documents (signing requests) in firma via this deprecated legacy endpoint — use /signing-requests instead. Returns: id, name, description, document_url, document_url_expires_at, document_page_count, status, expiration_hours, settings, template_id, date_created, date_sent, date_finished, date_cancelled, expires_at, certificate, final_document_download_url, final_document_download_error,…
create_a_firma_document
Create a new document (signing request) in firma via this deprecated legacy endpoint — use /signing-requests instead. Returns the created signing request including id, name, description, document_url, page_count, expiration_hours, credit_cost, settings, recipients, fields, created_date, and related timestamp fields. Required: name.
list_all_firma_settings
Retrieve workspace settings for a firma workspace. Returns: workspace_id, signing_request_email_header, signing_request_email_body, team_email, timezone. Required: workspace_id.
update_a_firma_setting_by_id
Update workspace settings for a firma workspace. Returns: workspace_id, signing_request_email_header, signing_request_email_body, team_email, timezone. Required: workspace_id.
Why Truto
Why use Truto’s MCP server for Firma
Other MCP servers give you a static tool list for one app. Truto gives you a managed, multi-tenant MCP infrastructure across 550+ integrations.
Auto-generated, always up to date
Tools are dynamically generated from curated documentation — not hand-coded. As integrations evolve, tools stay current without manual maintenance.
Fine-grained access control
Scope each MCP server to read-only, write-only, specific methods, or tagged tool groups. Expose only what your AI agent needs — nothing more.
Multi-tenant by design
Each MCP server is scoped to a single connected account with its own credentials. The URL itself is the auth token — no shared secrets, no credential leaking across tenants.
Works with every MCP client
Standard JSON-RPC 2.0 protocol. Paste the URL into Claude, ChatGPT, Cursor, or any MCP-compatible agent framework — tools are discovered automatically.
Built-in auth, rate limits, and error handling
Tool calls execute through Truto’s proxy layer with automatic OAuth refresh, rate-limit handling, and normalized error responses. No raw API plumbing in your agent.
Expiring and auditable servers
Create time-limited MCP servers for contractors or automated workflows. Optional dual-auth requires both the URL and a Truto API token for high-security environments.
How It Works
From zero to integrated
Go live with Firma in under an hour. No boilerplate, no maintenance burden.
Link your customer’s Firma account
Use Truto’s frontend SDK to connect your customer’s Firma account. We handle all OAuth and API key flows — you don’t need to create the OAuth app.
We handle authentication
Don’t spend time refreshing access tokens or figuring out secure storage. We handle it and inject credentials into every API request.
Call our API, we call Firma
Truto’s Proxy API is a 1-to-1 mapping of the Firma API. You call us, we call Firma, and pass the response back in the same cycle.
Unified response format
Every response follows a single format across all integrations. We translate Firma’s pagination into unified cursor-based pagination. Data is always in the result attribute.
FAQs
Common questions about Firma on Truto
Authentication, rate limits, data freshness, and everything else you need to know before you integrate.
How does authentication work for embedded signing and template editing?
Firma uses short-lived JWT tokens. You call the token-generation endpoints (template tokens for the editor, signing-request JWTs for signers) and embed the resulting URL in an iframe. Tokens can also be revoked programmatically if a session needs to be invalidated early.
Can I keep each of my customers' data isolated?
Yes. Firma is built around workspaces, and Truto exposes endpoints to create, list, update, and fetch workspaces. You can provision one workspace per tenant so templates, signing requests, and documents stay partitioned.
How do I know when a document has been signed?
Register a webhook through Truto using the webhook endpoints. You can test deliveries, rotate the signing secret, and check secret status. When events fire, your backend can fetch the signing request to retrieve the executed document and audit certificate.
Can I pre-fill contract fields with data from my own system?
Yes. Use the template fields endpoint to discover available variables and their constraints (coordinates, dropdown options, regex rules), then pass values when creating the signing request so the document is generated with your data already populated.
Does Truto handle pagination and auth quirks for Firma?
Yes. Truto normalizes pagination across list endpoints (companies, workspaces, templates, signing requests, documents, webhooks, settings) and manages credential storage and refresh, so you call a consistent interface regardless of the underlying API behavior.
Can end-users edit a contract before it's sent?
Yes. You can duplicate a template and use the partial-update endpoints to make one-off changes, or use the embedded save-and-send flow to let users adjust a signing request before dispatch.
Firma
Get Firma integrated into your app
Our team understands what it takes to make a Firma integration successful. A short, crisp 30 minute call with folks who understand the problem.