{"id":51099020,"url":"https://github.com/hellosign/dropbox-sign-api-demo","last_synced_at":"2026-06-24T09:02:27.095Z","repository":{"id":362084138,"uuid":"1253541283","full_name":"hellosign/dropbox-sign-api-demo","owner":"hellosign","description":"A demo platform for partners to explore and showcase Dropbox Sign API capabilities - from template creation to embedded signing to webhook notifications.","archived":false,"fork":false,"pushed_at":"2026-06-19T19:41:59.000Z","size":2798,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-19T21:21:47.587Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://sign.dropbox.com/form/contact-us-general","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hellosign.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-29T15:12:36.000Z","updated_at":"2026-06-19T19:42:03.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/hellosign/dropbox-sign-api-demo","commit_stats":null,"previous_names":["hellosign/dropbox-sign-api-demo"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hellosign/dropbox-sign-api-demo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellosign%2Fdropbox-sign-api-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellosign%2Fdropbox-sign-api-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellosign%2Fdropbox-sign-api-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellosign%2Fdropbox-sign-api-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hellosign","download_url":"https://codeload.github.com/hellosign/dropbox-sign-api-demo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellosign%2Fdropbox-sign-api-demo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34724743,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-24T02:00:07.484Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-24T09:02:21.319Z","updated_at":"2026-06-24T09:02:27.080Z","avatar_url":"https://github.com/hellosign.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dropbox Sign API Demo Portal\n\n**Bringing Sign APIs to Life** - A comprehensive demo platform for exploring and showcasing Dropbox Sign API capabilities.\n\n---\n\n## ⚠️ Important Notice\n\n**This software is intended for demonstration and testing purposes only.**\n\n\u003e **Do NOT use production API keys or process sensitive/confidential data with this application.** This portal has not undergone a full security compliance review and is not approved for handling production credentials or real customer data.\n\nThis demo portal is designed for use within controlled environments such as:\n- Partner demonstrations and testing\n- Proof-of-concept deployments\n- API feature exploration and integration planning\n\n**Use a dedicated test account.** Create a separate Dropbox Sign account exclusively for this demo portal. Do not use an account that contains real contracts, customer documents, or personally identifiable information. If an API key were ever compromised, a dedicated test account with only fictional data ensures zero business impact.\n\n**Security model:** API keys are stored exclusively in your browser's session storage and are **never persisted on the server**. When you close the browser tab, the key is gone. The server validates your key on login but does not retain it — similar to how the [Dropbox Sign API documentation](https://developers.hellosign.com/) \"Try It\" pages work.\n\n**⚠️ NOT RECOMMENDED for public internet deployment.** This application is not hardened for public-facing production use and should only be deployed in trusted, internal environments.\n\nFor production-grade implementations, please consult the [Dropbox Sign API documentation](https://developers.hellosign.com/) and follow security best practices for public-facing applications.\n\n---\n\n## 🎯 Purpose\n\nThis demo portal lets you experience the full power of Dropbox Sign APIs in real-time. Instead of reading documentation alone, see exactly how signature workflows integrate into applications - from template creation to embedded signing to webhook notifications.\n\n**Built for:**\n- Live demonstrations and presentations\n- Proof-of-concept development\n- API feature exploration and testing\n- Integration planning\n\n---\n\n## ✨ Key Features\n\n### Core Capabilities\n- **Template Management** - Create, edit, and manage signature templates\n- **Signature Requests** - Send documents for signature with real-time status tracking\n- **Embedded Signing** - Demonstrate in-app signing experiences\n- **Webhook Integration** - Show real-time event notifications\n- **API App Management** - View and configure API apps (test mode, webhooks)\n- **Team Collaboration** - Template sharing and team workflows\n\n### Demo-Friendly Features\n- **Custom Branding** - Apply customer colors and themes on-the-fly\n- **Multi-language Support** - English, Spanish, and Japanese\n- **Access Control** - Domain and email whitelisting for secure demos\n- **API Logging** - View all API calls and responses in real-time\n- **Workflow Visibility** - Real-time API logs and webhook events showing data flow\n\n---\n\n## 🚀 Quick Start\n\n**Choose your setup method:**\n- **🐳 [Docker Setup](#docker-setup-recommended)** (Recommended) - One command, includes Redis, works everywhere\n- **💻 [Native Setup](#native-setup)** - Run directly on your machine (Node.js + Redis required)\n\n---\n\n## Docker Setup (Recommended)\n\n**Why Docker?**\n- ✅ One command to start everything (app + Redis)\n- ✅ No Node.js or Redis installation needed\n- ✅ Works identically on Windows, Mac, and Linux\n- ✅ Easy cleanup and isolation\n\n### Prerequisites\n\n- **Docker Desktop** - [Download here](https://www.docker.com/products/docker-desktop/)\n- **Git** - [Download here](https://git-scm.com/downloads) (or download the project as a [ZIP file](https://github.com/hellosign/dropbox-sign-api-demo/archive/refs/heads/main.zip))\n- **Dropbox Sign Account** - [Sign up here](https://www.hellosign.com) (free account works)\n  \n  **⚠️ Important:** Your account must be either:\n  - A **Developer account** (has API access enabled), OR\n  - An **Administrator account** on a team\n  \n  Regular team members without admin privileges cannot access API features. If you're on a team, ask your administrator to grant you API access or create a separate free developer account for testing.\n\n\u003e **Note:** Docker setup requires NO Node.js installation! Everything runs in containers.\n\n### Quick Start with Docker\n\n#### 1. Get the Code\n\n**Option A: Clone with Git**\n```bash\ngit clone https://github.com/hellosign/dropbox-sign-api-demo.git\ncd dropbox-sign-api-demo\n```\n\n**Option B: Download ZIP** (no Git required)\n1. Download the [ZIP file](https://github.com/hellosign/dropbox-sign-api-demo/archive/refs/heads/main.zip)\n2. Extract the ZIP to a folder of your choice\n3. Open a terminal and `cd` into the extracted folder\n\n#### 2. Configure Admin Email\n\nOpen the `docker-compose.yml` file (in the project root) with any text editor:\n\n```bash\n# Using your preferred editor:\nnano docker-compose.yml\n# or\ncode docker-compose.yml\n# or\nvim docker-compose.yml\n```\n\nFind this line (around line 39):\n```yaml\n- ADMIN_EMAILS=admin@example.com\n```\n\nReplace `admin@example.com` with your Dropbox Sign account email:\n```yaml\n- ADMIN_EMAILS=your-email@example.com\n```\n\nSave and close the file.\n\n\u003e **Important:** Use the email address associated with your Dropbox Sign account.\n\n#### 3. Start with Docker Compose\n\n```bash\ndocker compose up\n```\n\nThis will:\n- Download and start Redis automatically\n- Build and start the application\n- Auto-generate security keys (SESSION_SECRET, CSRF_SECRET)\n- Use your configured admin email\n\n**First startup may take 1-2 minutes** while Docker downloads images and builds the app.\n\n#### 4. Access the Portal\n\nOpen your browser to: **http://localhost:3001**\n\n**Login** with your Dropbox Sign credentials (using the admin email you configured).\n\n#### Docker Management Commands\n\n```bash\n# Stop the application\ndocker compose down\n\n# Restart the application\ndocker compose up\n\n# Run in background (detached mode)\ndocker compose up -d\n\n# View logs\ndocker compose logs -f\n\n# Rebuild after code changes\ndocker compose up --build\n\n# Complete cleanup (removes containers and data)\ndocker compose down -v\n```\n\n#### Docker Configuration Notes\n\n**Environment Variables:**\nAll configuration is done via `docker-compose.yml`. No `.env` file needed!\n\n- **ADMIN_EMAILS** - Required. Set your Dropbox Sign account email\n- **SESSION_SECRET, CSRF_SECRET** - Auto-generated if empty\n- **ALLOWED_DOMAINS** - Optional. Restrict access by email domain\n- **ALLOWED_EMAILS** - Optional. Whitelist specific emails\n\n**Data Persistence:**\n- Redis data stored in Docker volume `redis-data`\n- Application data stored in `./data` directory\n- Both persist across container restarts\n\n---\n\n## Native Setup\n\n**Prerequisites:**\n- **Node.js 22+** and npm\n- **Redis** - Required for session and data persistence\n- **Git** - [Download here](https://git-scm.com/downloads) (or download the project as a [ZIP file](https://github.com/hellosign/dropbox-sign-api-demo/archive/refs/heads/main.zip))\n- **Dropbox Sign Account** - [Sign up here](https://www.hellosign.com) (free account works)\n  \n  **⚠️ Important:** Your account must be either:\n  - A **Developer account** (has API access enabled), OR\n  - An **Administrator account** on a team\n  \n  Regular team members without admin privileges cannot access API features. If you're on a team, ask your administrator to grant you API access or create a separate free developer account for testing.\n\n**📘 Windows Users:** See [WINDOWS_SETUP.md](./WINDOWS_SETUP.md) for complete step-by-step installation guide.\n\n### Step-by-Step Setup\n\n#### 1. Install Redis\n\n**macOS (Homebrew):**\n```bash\nbrew install redis\nbrew services start redis\n```\n\n**Ubuntu/Debian:**\n```bash\nsudo apt update\nsudo apt install redis-server\nsudo systemctl start redis-server\n```\n\n**Windows:**\n- Use [WSL2](https://docs.microsoft.com/en-us/windows/wsl/install) with Ubuntu, then follow Ubuntu instructions above\n- Or use Docker: `docker run -d -p 6379:6379 redis:alpine`\n\n**Verify Redis is running:**\n```bash\nredis-cli ping\n# Should return: PONG\n```\n\n#### 2. Get the Code\n\n**Option A: Clone with Git**\n```bash\ngit clone https://github.com/hellosign/dropbox-sign-api-demo.git\ncd dropbox-sign-api-demo\n```\n\n**Option B: Download ZIP** (no Git required)\n1. Download the [ZIP file](https://github.com/hellosign/dropbox-sign-api-demo/archive/refs/heads/main.zip)\n2. Extract the ZIP to a folder of your choice\n3. Open a terminal and `cd` into the extracted folder\n\n#### 3. Install Dependencies\n\n```bash\nnpm install\n```\n\n#### 4. Start the Application\n\n```bash\nnpm start\n```\n\n**First-time setup:** When you run `npm start` for the first time, an interactive setup wizard will guide you through:\n\n1. ✅ **Automatic .env creation** - Creates configuration file from template\n2. ✅ **Security key generation** - Generates SESSION_SECRET and CSRF_SECRET\n3. ✅ **Admin email configuration** - Sets up your admin access\n4. ✅ **Redis configuration** - Optional, for session persistence across restarts\n\nThe setup takes less than 30 seconds and ensures secure defaults.\n\n**Example setup flow:**\n```\n╔════════════════════════════════════════════════════════╗\n║        Welcome to Dropbox Sign API Demo Portal!       ║\n╚════════════════════════════════════════════════════════╝\n\n⚠️  No .env file detected - first-time setup required\n\nThis setup will:\n  1. Create your .env configuration file\n  2. Generate secure session and CSRF keys\n  3. Configure your admin email for login access\n  4. Configure Redis connection\n\nRun automatic setup? (yes/no): yes\n\n📋 Step 1: Creating .env file...\n  ✓ Template loaded\n\n🔐 Step 2: Generating security keys...\n  ✓ SESSION_SECRET generated\n  ✓ CSRF_SECRET generated\n\n👤 Step 3: Configure admin access...\n\nℹ️  Enter the email address that will have admin access.\n   This should match your Dropbox Sign account email.\n\nAdmin email address: demo@example.com\n  ✓ Admin email set: demo@example.com\n\n💾 Step 4: Redis configuration (required)...\n\n   Redis is required for session persistence, API log history,\n   and theme-to-template mappings. Make sure Redis is running\n   before continuing (see Step 1 above).\n\nRedis URL (default: redis://127.0.0.1:6379): \n  ✓ Redis URL set: redis://127.0.0.1:6379\n\n╔════════════════════════════════════════════════════════╗\n║            ✅ Setup Complete!                          ║\n╚════════════════════════════════════════════════════════╝\n\nStarting the application...\n```\n\n#### 4. Access the Portal\n\nOpen your browser and navigate to:\n```\nhttp://localhost:3001\n```\n\nYou should see the Dropbox Sign Demo Portal login page!\n\n**Login** with your Dropbox Sign account credentials using the email you configured as admin.\n\n### Post-Setup Configuration\n\nAfter your first login, you can add optional features:\n\n1. **Add API Key** (required for API features):\n   - Go to [Dropbox Sign API Settings](https://app.hellosign.com/api/createApiKey)\n   - Click **\"Reveal\"** to see your API key\n   - Add it to your `.env` file as `DROPBOX_SIGN_API_KEY=your_key_here`\n   - Restart the application: `npm start`\n\n2. **Additional Configuration** (all optional):\n   - **Access Control** - Add more admin emails or restrict by domain in `.env`:\n     ```bash\n     ADMIN_EMAILS=admin1@example.com,admin2@example.com\n     ALLOWED_DOMAINS=example.com,company.com\n     ```\n   - **Redis** (for production) - See [Redis Setup](#redis-setup-optional) below\n   - **Webhooks** - Use ngrok for local webhook testing (see docs)\n\n3. **Customize in the UI**:\n   - **Themes** - Settings → Themes (custom colors and logo)\n   - **API Apps** - View and configure existing API apps\n   - **Translations** - Settings → Translations (English, Spanish, Japanese)\n\n### Manual Setup (Alternative)\n\nIf you prefer manual configuration or the automatic setup fails:\n\n```bash\n# 1. Copy the example file\ncp .env.example .env\n\n# 2. Generate secrets\nnode -e \"console.log(require('crypto').randomBytes(32).toString('hex'))\"\n\n# 3. Edit .env and add:\n#    - SESSION_SECRET (use generated value)\n#    - CSRF_SECRET (use generated value)\n#    - ADMIN_EMAILS (your email address)\n\n# 4. Start the application\nnpm start\n```\n\n**Note:** Once your `.env` file exists, the setup wizard won't run again. To reconfigure, delete `.env` and run `npm start` to trigger the wizard, or manually edit the `.env` file.\n\n### What You Can Do Next\n\n- ✅ **Create Templates** - Build reusable signature templates\n- ✅ **Send Signature Requests** - Send documents for signature\n- ✅ **View API Logs** - See all API calls in real-time\n- ✅ **Test Webhooks** - Configure webhook endpoints (use ngrok for local testing)\n- ✅ **Customize Branding** - Apply custom themes for demos\n\nSee [Demo Script](./docs/DEMO_SCRIPT.md) for a complete walkthrough!\n\n---\n\n## ⚙️ Advanced Configuration\n\n### Redis Setup (For Native Installation Only)\n\n\u003e **📝 Note:** If you're using Docker, Redis is already included and configured automatically. This section is only for native installations.\n\n#### Do I Need Redis?\n\n**Use in-memory storage (no Redis) if:**\n- ✅ Quick testing or demo (5-10 minutes)\n- ✅ Single-user exploration\n- ✅ Don't mind re-logging in after server restarts\n- ✅ Don't need to keep API logs history\n\n**Install Redis if:**\n- ✅ Multi-user environment or production deployment\n- ✅ Want to preserve sessions across server restarts\n- ✅ Want to keep API logs history permanently\n- ✅ Need to scale to multiple server instances\n\n#### What You Lose Without Redis\n\nBy default, the application uses **in-memory storage** which works fine for development and testing. However, in-memory storage means:\n- ⚠️ **Sessions are lost when the server restarts** (need to log in again)\n- ⚠️ **API logs are lost when the server restarts**\n- ⚠️ **Theme-to-template mappings are reset** (need to reassign templates to themes after each restart)\n- ⚠️ **Cannot scale to multiple server instances**\n\n\u003e **💡 Tip:** If you find yourself reassigning templates to themes after every restart, it's time to install Redis!\n\n#### Installing Redis (Native Setup)\n\nChoose the method that works best for your platform:\n\n**Option 1: Docker (Easiest for Windows)**\n\n```bash\n# Start Redis in Docker\ndocker run -d --name redis -p 6379:6379 redis:7-alpine\n\n# Verify it's running\ndocker ps | grep redis\n\n# To start after system restart\ndocker start redis\n```\n\n**Option 2: Native Install (Mac/Linux)**\n\n```bash\n# Mac (using Homebrew)\nbrew install redis\nbrew services start redis\n\n# Ubuntu/Debian\nsudo apt install redis-server\nsudo systemctl enable redis-server\nsudo systemctl start redis-server\n```\n\n**Option 3: Windows Native**\n\nInstall Redis using one of these methods:\n\n- **Chocolatey:** `choco install redis-64` (then start with `redis-server`)\n- **Scoop:** `scoop install redis` (then start with `redis-server`)\n- **Manual download:** Get the latest `.msi` or `.zip` from [github.com/tporadowski/redis/releases](https://github.com/tporadowski/redis/releases)\n\nAfter installing, start the Redis server:\n```powershell\n# If installed via MSI, Redis runs as a Windows service automatically.\n# Otherwise, start it manually:\nredis-server\n```\n\n\u003e **Note:** On Windows, `redis-cli` may not be in your PATH by default. You can find it in the Redis installation folder (e.g., `C:\\Program Files\\Redis\\redis-cli.exe`) or verify the connection directly by starting the application — it will confirm Redis connectivity in the console output.\n\n#### Configure Redis\n\n**Step 1: Verify Redis is Running**\n\n```bash\n# Mac/Linux\nredis-cli ping\n# Should return: PONG\n\n# Windows (if redis-cli is not in PATH, use the full path or skip this step)\n# The application will confirm Redis connectivity on startup.\n```\n\n**Step 2: Add Redis URL to `.env`**\n\n```bash\n# Add this line to your .env file\nREDIS_URL=redis://localhost:6379\n```\n\n**Step 3: Restart the Application**\n\n```bash\n# Stop the server (Ctrl+C if running)\nnpm start\n```\n\n**Step 4: Verify It's Working**\n\nAfter restarting, check the server logs for:\n```\n✓ Redis connected for session persistence\n```\n\nThat's it! Your sessions, API logs, and theme settings will now persist across restarts.\n\n### API App Configuration (Optional)\n\nTo associate signature requests with a specific API app for webhook callbacks:\n\n1. **Create API App** at [Dropbox Sign API Apps](https://app.hellosign.com/api/apiAppManagement)\n2. **Get the Client ID** from your API app settings\n3. **Add to `.env`:**\n   ```bash\n   CLIENT_ID=your_api_app_client_id_here\n   ```\n\nThis allows you to configure webhook URLs and receive callback notifications for signature events.\n\n### Custom Branding (Optional)\n\nCustomize the portal appearance in `.env`:\n\n```bash\n# Custom Branding\nCUSTOM_LOGO_URL=https://your-domain.com/logo.png\nCUSTOM_PRIMARY_COLOR=#1E40AF\nCUSTOM_COMPANY_NAME=Your Company Name\n```\n\n### Environment Variables Reference\n\n| Variable | Required | Default | Description |\n|----------|----------|---------|-------------|\n| `API_KEY` | ❌ No | - | Your Dropbox Sign API key (needed for API calls) |\n| `SESSION_SECRET` | ⚠️ Recommended | Auto-generated | Session signing secret (min 32 chars recommended) |\n| `CSRF_SECRET` | ❌ No | Auto-generated | CSRF protection secret |\n| `PORT` | ❌ No | `3001` | Server port |\n| `NODE_ENV` | ❌ No | `development` | Environment mode |\n| `CLIENT_ID` | ❌ No | - | API app client ID (for webhook callbacks) |\n| `REDIS_URL` | ❌ No | - | Redis connection URL |\n| `REDIS_DB` | ❌ No | `0` | Redis database number |\n| `CUSTOM_LOGO_URL` | ❌ No | - | Custom logo URL |\n| `CUSTOM_PRIMARY_COLOR` | ❌ No | `#1E40AF` | Custom theme color |\n\n---\n\n## 📚 Documentation\n\n### Getting Started\n- **[Demo Script](./docs/DEMO_SCRIPT.md)** - Presenter guide for live demos\n- **[Complete Documentation](./docs/README.md)** - Full documentation index\n\n### Documentation by Topic\n- **[Architecture \u0026 Design](./docs/architecture/)** - System design, data isolation, and database structure\n- **[Authentication \u0026 Security](./docs/authentication/)** - Access control and security configuration\n- **[Deployment \u0026 Environment](./docs/deployment/)** - Environment configuration, deployment guides\n- **[Features \u0026 Guides](./docs/features/)** - Template sharing, troubleshooting, feature docs\n- **[Security \u0026 Compliance](./docs/security/)** - Security reviews, compliance documentation\n\n### Quick Links\n- [Release Notes](./docs/RELEASE_NOTES.md) - Latest features and updates\n- [Access Control](./docs/authentication/ACCESS_CONTROL.md) - Whitelist domains/emails\n- [Template Sharing](./docs/features/TEMPLATE_SHARING.md) - Share templates with teams\n- [Security Documentation](./docs/security/SECURITY.md) - Security best practices\n\n---\n\n## 🛠️ Tech Stack\n\n### Backend\n- **Node.js** - Server runtime\n- **Express** - Web framework\n- **Handlebars** - Template engine\n- **Redis** - Session storage and caching (optional)\n\n### Frontend\n- **Vanilla JavaScript** - Interactive UI\n- **Bootstrap** - Responsive design\n- **i18next** - Internationalization\n\n### APIs \u0026 Services\n- **Dropbox Sign API** - Signature and document workflows\n- **ngrok** - Local development webhooks\n\n### Infrastructure\n- **PM2** - Process management (optional for production)\n- Standard server or cloud hosting (AWS, Azure, GCP, etc.)\n\n---\n\n## 🎬 Demo Workflow\n\n1. **Setup** - Configure branding and access control for the prospect\n2. **Templates** - Show how to create reusable signature templates\n3. **Sending** - Demonstrate signature request workflow\n4. **Signing** - Walk through embedded signing experience\n5. **Webhooks** - Show real-time event notifications\n6. **API Logs** - Review API calls and responses together\n\nSee [DEMO_SCRIPT.md](./docs/DEMO_SCRIPT.md) for the complete presenter script.\n\n---\n\n## 🔐 Security\n\n- **Browser-Only API Key Storage** - API keys are stored in browser `sessionStorage` only, never persisted on the server. Closing the tab erases the key.\n- **Domain Whitelisting** - Restrict access by email domain\n- **Session Isolation** - Multi-tenant data separation\n- **CSRF Protection** - Built-in CSRF token validation\n- **Rate Limiting** - Protect against abuse\n\n\u003e **Important:** This application has NOT passed a full security compliance review. Do not use production API keys or process sensitive data. It is designed for demonstration and testing only.\n\nFor details, see [Security Documentation](./docs/security/SECURITY.md).\n\n---\n\n## 📝 Development\n\n### Running the Application\n\n```bash\nnpm start\n```\n\nThe application will be available at `http://localhost:3001`\n\n### Contributing\n\nSee [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines on contributing to this project.\n\n---\n\n## 🆘 Troubleshooting\n\n### Common Setup Issues\n\n**Problem: \"API_KEY is not set\" error**\n- Solution: Make sure you created `.env` file and added your API key\n- Check: Open `.env` and verify `API_KEY=your_actual_key_here`\n\n**Problem: \"Invalid API key\" error**\n- Solution: Verify your API key is correct at [Dropbox Sign API Settings](https://app.hellosign.com/api/createApiKey)\n- Check: Make sure you copied the entire key (no extra spaces)\n\n**Problem: Application won't start or crashes**\n- Check: All required environment variables are set in `.env`\n- Check: Port 3001 is not already in use (`lsof -i :3001` on Mac/Linux)\n- Solution: Change `PORT=3002` in `.env` to use a different port\n\n**Problem: \"Session secret must be at least 32 characters\" warning**\n- Solution: Generate a longer random string for `SESSION_SECRET`\n- Run: `node -e \"console.log(require('crypto').randomBytes(32).toString('hex'))\"`\n\n**Problem: npm install fails**\n- Solution: Make sure you have Node.js 18+ installed\n- Check version: `node --version`\n- Update Node.js if needed: [nodejs.org](https://nodejs.org)\n\n### Getting Help\n\nFor additional support:\n- **API Issues:** [Dropbox Sign API Documentation](https://developers.hellosign.com/)\n- **Account Help:** [Dropbox Sign Support](https://help.hellosign.com/)\n- **Bug Reports:** [GitHub Issues](https://github.com/hellosign/dropbox-sign-api-demo/issues)\n- **Feature Requests:** [GitHub Issues](https://github.com/hellosign/dropbox-sign-api-demo/issues)\n\n---\n\n## 📄 License\n\n```\nCopyright (c) 2026 Dropbox, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n---\n\n**Ready to demo?** Start with the [Demo Script](./docs/DEMO_SCRIPT.md) and show prospects how easy it is to integrate e-signatures into their applications.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhellosign%2Fdropbox-sign-api-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhellosign%2Fdropbox-sign-api-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhellosign%2Fdropbox-sign-api-demo/lists"}