1. Merchant Central
  2. CRM Administration
  3. E-Signature

Secure E-Signature Applications

 

Overview

After a client signs an E-Signature Agreement, a confirmation email is sent with a copy of the signed PDF document.

By default, the PDF is not password protected, meaning anyone with access to the file can open it. Enabling password protection adds an extra layer of security for sensitive merchant information (for example, Federal Tax IDs or SSNs).

In this article, you’ll learn how to secure both the signed PDF and the E-Signature signing page with a password, and how those settings behave when E-Signature documents are created from Leads, Web Forms, or the Merchant Central Open API.

Prerequisites

  • Access to Merchant Central with permission to manage E-Signature applications
  • An existing E-Signature PDF uploaded under Manage → E-Signature → Import PDFs
  • A secure text field available on the Lead (e.g., Federal Tax ID, SSN)

How Does E-Signature Password Protection Work?

E-Signature password protection allows you to control access at different stages of the signing process and after the document has been completed.

What gets protected

Depending on your settings, you can:

  • Protect the E-Signature signing page (the link the signer opens in their browser)
  • Protect the completed/signed PDF that is emailed to the client and saved to the Lead
  • In Web Form scenarios, optionally protect the Web Form page itself (before the E-Sign flow begins)

How documents are created

E-Signature documents can be created in several ways, including:

  • Generating the document from the lead page (E-Sign tab)
  • Generating the document from a Merchant Central Web Form (either via a public URL or a unique lead-generated URL)
  • Generating the document via the Merchant Central Open API

The password protection settings for documents created via the lead E-Sign tab and the Open API are identical. However, Web Forms have their own password protection settings, which can override some of the E-Sign application password settings.

We’ll explain how Web Form password protection works and when it overrides E-Sign settings in more detail later in this article.

Enabling Password Protection on E-Sign Documents

Follow the steps below to configure password protection for your E-Sign application.

  1. Navigate to Manage → E-Signature → Import PDFs.

  2. Locate the application you want to secure and click Edit.

    008 App.png

  3. In the application settings popup, select a Lead field to use as the password.

    009.png

  4. After you select the password field, three additional options appear.

    010.png
  5. Select the appropriate password option and save your changes.

ℹ️ The Password Field dropdown only displays secure text fields (for example, Federal Tax ID, SSN), not all text fields.

ℹ️ You can select Enable Signing Password or Signed PDF Password, but not both.

Password options

Here is what the password options do:

  • Allow Sending If No Password: Allows sales reps to send documents as unsecured PDFs (for example, when the password field is empty because the client’s SSN isn’t available yet). If you want all PDFs secured, leave this unchecked.
  • Enable Signing Password: Adds password protection to both the E-Signature signing page and the signed PDF document.
  • Signed PDF Password: Adds password protection to the signed PDF document only, but not the E-Signature signing page.

Enabling Password Protection on Web Forms

To enable password protection on a Web Form, select the Enable Password Protection option in the Web Form settings, choose a secure field to use as the password, and save your changes.

03.png

How find the password

The password for opening secured PDF files is the last 4 characters of the value saved in the selected password field on the lead where the E-Sign originates.

For example, if you selected the Federal Tax ID field as the password field and the lead’s tax ID is 123456789, then the PDF password is 6789.

How to send an unsecured PDF (if allowed)

If Allow Sending If No Password is enabled and the password field is blank (or has fewer than 4 characters), a confirmation popup appears when sending a new E-Sign application:

06.png 

Click Okay to send the application as an unsecured PDF, or click Cancel to update the Lead field first.

How to update the E-Signature email template

After enabling password protection, update your E-Signature confirmation email template so the client knows how to open the PDF.

For example, if you selected Federal Tax ID as the password field, instruct the client to open the attached PDF by entering the last four digits of their Federal Tax ID.

07.png
 For more information on managing email templates, see our guide on Email Templates

How to open the E-Signature page

If the E-Signature page is password protected, the recipient must enter the password before they can view and sign the document. The E-Signature document is automatically canceled if a signer enters an incorrect password in 5 consecutive attempts.

03.png

How to open a secure PDF from the Lead

After the client signs the agreement, a secured copy of the PDF is also saved on the lead.

Secured files on the E-Sign tab and the Attachments tab display a lock icon. To view the password for opening the PDF file, hover your mouse over the lock icon.

04.png

To preview a secured file on the Lead, you must enter the document password first:

002.png

The password is also required if the PDF is downloaded and opened in Adobe (or other PDF software):

003.png 

Password Protection Cheat Sheets

E-Signature documents can be created in several ways, and Web Forms may apply their own password settings.

Because of the different combinations of E-Sign application and Web Form password settings, configuring password protection can sometimes be confusing.

To help you validate your configuration, the cheat sheets below show how password protection is applied to:

  • The E-Sign page (browser signing experience)
  • The completed PDF document (email attachment and saved Lead copy)
  • The Web Form page (when applicable)

The cheat sheets cover two use cases:

  1. Generating an E-Sign app from the Lead E-Sign tab in Merchant Central
  2. Generating an E-Sign app from the lead-generated Web Form

ℹ️ E-Sign apps created using the Open API follow the same password rules as when the app is generated from the lead page (use case #1 below).

☝️E-Sign apps created from a Merchant Central Web Form shared via a Public URL currently do not include password protection options.

Use Case #1: Generating an E-Sign app from the Lead E-Sign tab in Merchant Central

This cheat sheet shows how password protection is applied on the E-Signature page in the browser and the completed PDF document when the E-Sign app is generated from the lead’s E-Sign tab.

There are two settings that control this behavior, and you can only select one of them:

01.png

Here’s what the two settings do:

Selected E-Sign Password Setting Password protection applied on E-Sign page? Password protection applied on PDF document?
Enable Signing Password

YES

YES
Signed PDF Password

NO

YES

Use Case #2: Generating an E-Sign app from the lead-generated Web Form

This cheat sheet shows how password protection is applied on the E-Signature page in the browser, the completed PDF document, and the Web Form when the process is initiated by generating a Web Form from the lead’s Web Form tab .

In addition to the two password settings discussed in the previous section, this use case includes an additional password setting that can be enabled or disabled directly on the Web Form.

02.png

The combinations of the E-Sign and Web Form password settings, and their outcomes, are shown below:

Selected E-Sign Password Setting Web Form Password Enabled Password protection applied on Web Form page? Password protection applied on E-Sign page? Password protection applied on PDF document?

Enable Signing Password

YES

YES

YES

YES

Enable Signing Password

NO

NO

YES

YES

Signed PDF Password

YES

YES

NO

YES

Signed PDF Password

NO

NO

NO

YES

Disabled (Unchecked)

YES

YES

NO

YES

Frequently Asked Questions

  • Why don’t I see all Lead fields in the password dropdown? Only secure text fields (for example, Federal Tax ID, SSN) are available for password selection.
  • How is the password calculated? The password is the last 4 characters of the value saved in the selected secure Lead field.
  • What happens if the password field is blank or too short? If Allow Sending If No Password is enabled, a confirmation prompt appears and you can choose to send the application unsecured. If it’s not enabled, populate the field to ensure the PDF is secured.
  • What happens if I enter the incorrect password on the signing page? The E-Signature document is automatically canceled after 5 consecutive incorrect attempts.
  • Do public Web Form URLs support password protection? No. E-Sign apps created from a Merchant Central Web Form shared via a Public URL do not include password protection options. The Web Form can be password protected only when the form’s URL is generated from the Lead page.
Didn't find what you were looking for? Submit a Ticket
or Email Support

Articles in this section

 See more

Related articles

Powered by Zendesk