Widget Authorization
Legalesign widgets are authenticated components. They make Legalesign API calls internally, so your application must pass a token to the widget before it can operate.
Your backend mints the token. The browser only receives the short-lived token the widget needs.
Token Approaches
There are four ways to provide a token to a widget:
| Approach | How it works | Best for |
|---|---|---|
| SRP JWT directly | Your server authenticates with SRP and passes the JWT access token directly to the widget token attribute | Integrations that already use SRP and don't need a scoped token |
| GraphQL component token (API key) | Your server calls generateComponentToken with an API key, then passes the returned short-lived token to the widget | Widget-only integrations that don't use SRP |
| GraphQL component token (SRP) | Your server calls generateComponentToken with an SRP JWT, then passes the returned short-lived token to the widget | SRP integrations that want a scoped, short-lived widget token |
| REST API | Your server calls the REST component-token endpoint with an API key | REST-only integrations that don't use GraphQL |
The GraphQL generateComponentToken mutation supports both API-key and SRP authentication. The REST endpoints are API-key-only.
Never expose API keys or SRP credentials in browser code. Token minting must happen server-side.
Token Options by Widget
| Widget | GraphQL | REST | Returns |
|---|---|---|---|
| Document Viewer | generateComponentToken(input: { component: LS_DOCUMENT_VIEWER }) | GET /templatepdf/{pdfId}/component-token/ | token, expiresIn, expiresAt |
| Signer | generateComponentToken(input: { component: LS_SIGNER, signer: { recipientId } }) | GET /signer/{signerId}/component-token/ | token, sessionId, expiresIn, expiresAt |
The token is expected to last about one hour. Use expiresIn or expiresAt from the response to decide when to refresh — don't hard-code the duration.
Related
- Document Viewer — includes inline token examples (GraphQL and REST)
- Signer — includes inline token examples (GraphQL and REST)
- generateComponentToken
- REST: Get PDF template component token
- REST: Get signer component token
- ComponentToken
- Authenticate with the GraphQL API