E-Signature, No Backend, No Problem

The phrase “add e-signatures” sounds like a project. Most indie developers picture a database of documents, a signing UI, certificate handling, and an audit log they have to keep tamper-evident. That is real work, and it is exactly the work you should not be doing on a side project or an MVP.

The shortcut: use a hosted e-signature API. With TurboDocx, signing, delivery, audit trails, and compliance run on TurboDocx infrastructure. Your job shrinks to one thing, which is making an API call from somewhere safe. That “somewhere” does not have to be a backend you own.

You still need a place to make the call, because your API key must never live in client-side code. But that place can be tiny and serverless. Any of these is enough:

The fastest path is to let your AI coding agent write the integration. Install the TurboDocx Quickstart Skill, then describe what you want. The skill detects whether you are on Next.js, Express, a serverless function, or plain Node, and writes a call that fits.

Then, in your agent: “Add a serverless function that sends a PDF for signature with TurboSign.” Step-by-step versions live in the Claude Code guide and the Cursor guide. If you would rather see the raw SDK call, the JavaScript guide has it.

“No backend” does not mean “call the API from the browser.” Your API key grants access to your account, so it has to stay server-side, even if that server is a function that runs for 200 milliseconds. Read it from an environment variable, never bake it into your frontend bundle, and let the serverless layer be the only thing that talks to the signing API. The Quickstart Skill follows this rule by default, reading your key from .env rather than hardcoding it.

Everything else that makes signatures legally defensible, including tamper-evident audit trails and ESIGN, UETA, and eIDAS alignment, is handled on the API side. You can read more on the US compliance and European compliance guides.