Audit Trail & Certificate
Audit Trail & Certificate
Every signed document in BookYourPTO carries a complete, tamper-evident record of who signed, when, and from where. This is what makes an electronic signature defensible.
What's captured per signature
For each signature, the system records:
| Captured value | Why it's recorded |
|---|---|
| Consent timestamp | Proves the signer consented at a specific moment |
| IP address | Network origin of the signing session |
| User agent | Device/browser used to sign |
| Signature integrity hash | A cryptographic integrity hash of the signature |
| Signature image | The drawn signature itself |
| Signer timezone | So timestamps display in the signer's local time |
| Geolocation (lat/long) | Physical location at the time of signing |
Beyond signatures, every sign, decline, upload, and reminder writes an audit log entry — the full lifecycle of the document is on record.
The certificate page
When a document is completed, a certificate page is appended to the PDF, one entry per signer, containing:
- The signer's name and email
- An "acknowledged on" timestamp shown in the signer's own timezone
- The embedded signature image
Optional cryptographic PDF signing
Organizations can go a step further and apply cryptographic PDF signing using an organization certificate (P12). This seals the finished PDF so any later modification is detectable by standard PDF readers — not just by BookYourPTO.
Downloading the certified copy
To download a completed document with its certificate page appended, use the with certificate option, which maps to:
GET /api/documents/:id/download?withCertificate=true
A plain download (without the flag) returns the document without the appended certificate.
Who can view the audit trail
The audit trail is sensitive — it contains IP addresses and locations — so visibility is restricted:
GET /api/documents/:id/audit-trail → ADMINISTRATOR / EXECUTIVE only
Roles & permissions
| Role | View audit trail | Download with certificate |
|---|---|---|
| EMPLOYEE | No | Their own completed documents |
| DEPARTMENT_HEAD | No | As scoped |
| ADMINISTRATOR | Yes | Yes |
| EXECUTIVE | Yes | Yes |
Troubleshooting
| Error / symptom | Cause | Fix |
|---|---|---|
| 403 when opening the audit trail | Audit trail is admin/exec only | Ask an administrator or executive to retrieve it |
| Downloaded PDF has no certificate page | Downloaded without the certificate flag | Use the download with certificate option (?withCertificate=true) |
| Certificate timestamp looks "wrong" | It's shown in the signer's timezone, not yours | This is by design — the certificate pins to the signer's local time |
| Verification code (DOC-XXXXXX) not present | Document isn't fully completed yet | The code and certificate are generated only once all signers finish |
E-Signatures
The full send-for-signature flow — recipients, parallel vs sequential signing, drag-and-drop field placement, the signer experience, and how a document is completed and certified.
Templates & Bulk Send
Reusable signing templates with signer roles, CSV-driven bulk send to up to 500 recipients, plan template limits, and how per-recipient signing copies are materialized.