What is a Skill (and why does eSignature need one)?
A Skill is a structured set of reference files you add to your Code Studio workspace and include in the AI context. When you prompt Claude in Code Studio, the model can use those files to generate code that follows the API’s patterns, naming conventions, and best practices. No hallucinated endpoints. No outdated SDKs.
eSignature APIs are particularly tricky to integrate from scratch. There’s the asynchronous nature of document sending, the webhook choreography for tracking status, HMAC verification, form-field coordinate math, and multi-signer ordering. Without a Skill, Claude might get the broad strokes right but miss the details that break things in production, such as assuming SendDocument is synchronous or forgetting to verify webhook signatures.
The BoldSign eSignature Skill encodes all of this knowledge into a package Claude can reference every time you ask for help. Think of it as giving Claude the entire senior developer onboarding guide before it writes a single line of code.
Anatomy of the BoldSign Skill
The Skill ships as a folder containing a root SKILL.md and a set of reference files organized by stack and workflow:
BoldSign/
├── SKILL.md ← Main entry point Claude reads first
├── references/
│ ├── stacks/
│ │ ├── nodejs.md ← Node.js / TypeScript SDK
│ │ ├── python.md ← Python SDK
│ │ ├── dotnet.md ← .NET / C# SDK — our focus today
│ │ └── php.md ← PHP SDK
│ └── workflows/
│ ├── embedded-saas.md ← Embedded send + sign in iframes
│ └── multi-signer.md ← Sequential, parallel, bulk signing
The root SKILL.md covers the universal concepts: authentication models, rate limits, sandbox vs live environments, webhook events, form field types, text tags, and the critical “document sending is asynchronous” warning. It then directs Claude to load the right stack file, in our case, references/stacks/dotnet.md, based on your request.
This layered structure means Claude loads only what’s relevant. Asking for a C# webhook handler won’t pull in the Node.js or Python references, keeping the context window lean.
Installing the Skill
Using the BoldSign Skill in Code Studio is straightforward. Here’s the process:
1. Get the Skill folder
Download or clone the BoldSign folder containing SKILL.md and the references/ directory.
**2. **Upload to Code studio’s Skill directory****
Place the folder in /.codestudio/skills/. The Skill is automatically triggered when working on BoldSign or document‑signing related tasks.
3. Select your AI model
Open the model selector at the bottom of Code Studio and choose the model you want to use.
4. Start prompting
Just ask AI to integrate eSignature. Once the BoldSign/ folder is added to the AI context, you can prompt normally without any special commands.
Popular AI coding agents that support Skill
Many modern AI coding agents allow developers to load external context folders such as the BoldSign Skill, so the agent can generate accurate, SDK aligned integration code.
- Syncfusion Code Studio — AI code editor / IDE for enterprise app development.
- Claude Code — Anthropic’s AI coding agent for terminal, IDE, desktop, and browser.
- Cursor — AI-first code editor.
- GitHub Copilot Coding Agent — GitHub’s coding agent for project tasks and fixes.
- OpenAI Codex — OpenAI’s AI coding partner / agent platform.
Quickstart: Generate your first eSignature using the Skill
Once the Skill is installed, getting a working eSignature flow is remarkably fast. Here’s a real conversation flow targeting .NET / C#:
Prompt
"Send a PDF for signature using BoldSign in .NET C# with API Key authentication.
Then add a webhook handler for this flow in ASP.NET Core.
Finally, generate an embedded signing link so signers can sign inside my app instead of through email, with each part implemented independently."
Send a document
Claude uses the BoldSign reference files added to context, systematically pulls in references/stacks/dotnet.md, and generates an implementation-ready example with the NuGet SDK, form field placement, signer configuration, and the critical reminder that sending is async:
C#
using BoldSign.Api;
using BoldSign.Model;
public async Task<string> SendDocumentAsync()
{
var apiClient = new ApiClient(
"https://api.boldsign.com",
Environment.GetEnvironmentVariable("BOLDSIGN_API_KEY")
);
var documentClient = new DocumentClient(apiClient);
using var fileStream = File.OpenRead("contract.pdf");
var documentFile = new DocumentFileStream
{
ContentType = "application/pdf",
FileData = fileStream,
FileName = "contract.pdf"
};
// Define where the signature field appears on the PDF
var bounds = new Rectangle
{ X = 100, Y = 200, Width = 200, Height = 50 };
var signatureField = new FormField
{
FieldType = FieldType.Signature,
PageNumber = 1,
Bounds = bounds,
IsRequired = true
};
var signer = new DocumentSigner(
name: "John Doe",
emailAddress: "john@example.com",
signerType: SignerType.Signer,
formFields: new List<FormField> { signatureField }
);
var sendRequest = new SendForSign
{
Title = "Service Agreement",
Message = "Please sign this agreement.",
Signers = new List<DocumentSigner> { signer },
Files = new List<IDocumentFile> { documentFile }
};
var result = documentClient.SendDocument(sendRequest);
Console.WriteLine($"Document ID: {result.DocumentId}");
// ⚠️ Async — use webhooks to confirm Sent status
return result.DocumentId;
}
Add a webhook handler
Claude generates an ASP.NET Core controller with raw body reading (required for HMAC), X-BoldSign-Signature verification, and handlers for Completed, Declined, and SendFailed — including the signed PDF download step that many developers forget:
C#
[ApiController]
[Route("webhooks")]
public class BoldSignWebhookController : ControllerBase
{
[HttpPost("boldsign")]
public async Task<IActionResult> HandleWebhook()
{
// 1. Read raw body for HMAC verification
using var reader = new StreamReader(Request.Body);
var body = await reader.ReadToEndAsync();
// 2. Verify HMAC SHA-256 signature
var signature = Request.Headers["X-BoldSign-Signature"].ToString();
var secret = Environment.GetEnvironmentVariable("BOLDSIGN_WEBHOOK_SECRET");
var expectedSig = ComputeHmac(body, secret);
if (signature != expectedSig)
return Unauthorized();
// 3. Parse and route event
var payload = JsonSerializer.Deserialize<JsonElement>(body);
var eventType = payload
.GetProperty("event")
.GetProperty("eventType").GetString();
var documentId = payload
.GetProperty("document")
.GetProperty("documentId").GetString();
switch (eventType)
{
case "Completed":
await HandleCompleted(documentId);
break;
case "SendFailed":
// Alert ops — don't silently swallow failures
break;
case "Declined":
// Notify relevant parties
break;
}
return Ok();
}
private async Task HandleCompleted(string documentId)
{
// Download signed PDF + audit trail
var pdf = documentClient.DownloadDocument(documentId);
await File.WriteAllBytesAsync(
$"signed/{documentId}.pdf", pdf);
var audit = documentClient.DownloadAuditLog(documentId);
await File.WriteAllBytesAsync(
$"signed/{documentId}-audit.pdf", audit);
}
private string ComputeHmac(string message, string secret)
{
var keyBytes = Encoding.UTF8.GetBytes(secret);
var msgBytes = Encoding.UTF8.GetBytes(message);
using var hmac = new HMACSHA256(keyBytes);
var hash = hmac.ComputeHash(msgBytes);
return Convert.ToHexString(hash).ToLower();
}
}
Embed signing in the frontend
Claude produces the C# backend method that generates a short-lived sign link, ready to be loaded in an <iframe> on your frontend:
C#
public string GetEmbeddedSignLink(
string documentId,
string signerEmail)
{
var signLinkExpiry = DateTime.UtcNow.AddHours(24);
var result = documentClient.GetEmbeddedSignLink(
documentId: documentId,
signerEmail: signerEmail,
signLinkValidTill: signLinkExpiry,
redirectUrl: "https://yourapp.com/signing-complete"
);
return result.SignLink; // load in <iframe>
}
Supported workflows & prompts
Here’s a quick reference of what you can ask for and which parts of the Skill Claude will use:
| What you want | Example prompt | Skill files used |
|---|---|---|
| Basic document send | “Send a PDF for signature using .NET C#” |
SKILL.md + dotnet.md
|
| Template-based send | “Send from a BoldSign template in C#” |
SKILL.md + dotnet.md
|
| Embedded signing | “Embed signing in my ASP.NET app via iframe” |
SKILL.md + dotnet.md
|
| Embedded sending | “Let users prepare and send docs without leaving my app” |
SKILL.md + embedded-saas.md
|
| Multi-signer / sequential | “Set up a 3-party NDA with sequential signing in C#” |
SKILL.md + multi-signer.md
|
| Webhook setup | “Add BoldSign webhooks to my ASP.NET Core API” |
SKILL.md + dotnet.md
|
| Download signed PDF | “Download the completed document and audit trail in C#” |
SKILL.md + dotnet.md
|
Getting webhooks right
BoldSign’s document operations are asynchronous. The API returns a DocumentId immediately, but the document isn’t “sent” yet. The Skill makes sure Claude never generates code that treats SendDocument as synchronous. Instead, it always pairs document sending with a webhook handler.
The key webhook events you need to handle:
| Event | When it fires | What to do |
|---|---|---|
Sent |
Document processing complete | Update status to “sent” in your DB |
SendFailed |
Processing failed | Alert your ops team; do not swallow this |
Signed |
One signer completes | Track progress; for sequential flows, next signer is auto-notified |
Completed |
All signers done | Download signed PDF + audit trail → store permanently |
Declined |
A signer declined | Notify relevant parties; the entire doc halts |
Expired |
Document passed its expiry date | Clean up and optionally resend |
BoldSign retries webhook delivery for up to 8 hours if your server is down, so you have a generous buffer. But always respond with a 200 OK quickly, and do heavy processing (like PDF downloads) in a background task.
Common pitfalls the Skill prevents
One of the biggest advantages of a Skill over raw LLM code generation is that it encodes hard-won lessons. Here are mistakes the BoldSign Skill prevents Claude from making:
Polling instead of webhooks
Polling burns through your rate limit (50/hr in sandbox, 2,000/hr in prod). The Skill always generates webhook-based status tracking.
Using JSON for file uploads
File uploads must use multipart/form-data, not application/json. The .NET SDK handles this via DocumentFileStream, but the Skill ensures Claude uses it correctly.
Assuming SendDocument is synchronous
The API returns a DocumentId immediately, but the document is still processing. The Skill adds a comment warning and webhook handler every time.
Skipping HMAC verification
Without signature verification, anyone can POST fake events to your webhook endpoint. The Skill never generates a controller without HMACSHA256 validation.
Hardcoding API keys
By Design, every code sample the Skill produces reads credentials securely via Environment.GetEnvironmentVariable or appsettings.json, never inline strings.
Forgetting to set the region base URL
EU, AU, and CA accounts require a different base URL. The Skill reminds Claude to configure eu-api.boldsign.com (or the correct regional endpoint) when the user specifies a non-US region.
Advanced: Embedded send + sign architecture
For apps that want the full white-label experience, where neither the sender nor the signer ever leaves your application, the Skill helps generate an embedded send-and-sign architecture. Here’s the flow:
Your .NET Application
Step 1: Sender prepares document
POST /v1/document/createEmbeddedRequest → Returns sendUrl → Load in : sender drags fields, clicks Send
Step 2: Signer signs inside your app
GET /v1/document/getEmbeddedSignLink → Returns signLink → Load in : signer reviews and signs
Step 3: Webhook events
Sent → Signed → Completed → DownloadDocument + DownloadAuditLog → store
The Skill’s embedded-saas.md and dotnet.md references give Claude everything it needs to generate: the EmbeddedDocumentRequest with ShowToolbar, ShowSaveButton, and ShowSendButton configuration; the sign link generation with expiry and redirect URL; and the ASP.NET Core webhook controller that downloads the signed PDF on Completed.
Tip — Template-Based Sending: If your documents follow a repeatable structure (contracts, NDAs, offer letters), use BoldSign Templates. Create the template once in the BoldSign web app with pre-placed fields, then send via TemplateClient.SendUsingTemplate. No coordinate math required. The Skill generates the SendForSignFromTemplate code with role mapping automatically.
What’s next
With the BoldSign Skill added to Code Studio, you can seamlessly start generating implementation‑ready eSignature workflows directly from prompts. Begin by building and testing a basic document‑send flow in the Sandbox environment, then extend it with webhooks, embedded signing, templates, or multi‑signer workflows as your requirements evolve.
To get started, sign up for a free BoldSign Sandbox account and explore the available APIs and SDKs in the BoldSign Developer Documentation. Use the Skill alongside Code Studio to iterate quickly on your integration.
If you need help during setup or testing, visit the BoldSign support portal to connect with the team.
Related blogs
- Google Sheets to Signature: No-Code Automation with Zapier – Webinar
- Integrating eSignature Solution into your ASP.NET Core app using BoldSign APIs
- Exploring the Latest Updates to Identity API Endpoints in .NET 8
Note: This blog was originally published at boldsign.com
Top comments (0)