API · Auth
Legal basis for signatures
How agent-signed and human-signed actions become legally binding under E-SIGN and UETA. Two signing rails, one customer who bears the risk.
Last updated
TL;DR
Matter executes binding actions on two signing rails. Rail 1 is a human signature — either a Shape 1 magic link or a Shape 2 signing session bearer exchanged for a fresh OAuth check. Rail 2 is an agent signature under the UETA §14 electronic-agent doctrine, gated by a three-part chain (account ToS + scoped token + per-action acknowledgements). Matter is a software platform, not a law firm. The customer bears all legal and tax risk for every action either rail commits.
After reading this page you'll know which rail your call traverses, which acknowledgements have to be on file before a binding mutation succeeds, why Matter is never the incorporator-of-record on the cert, and which 4xx errors fire when the legal basis is incomplete.
Why this exists
A signed Certificate of Incorporation, an issued stock grant, a dissolution filing — each one is a binding legal act. When the act is taken by software, on behalf of a human principal, every party downstream (the secretary of state, the IRS, an acquirer in due diligence, a court) needs to be able to trace the act back to a defensible legal theory.
The two rails below are that theory. They cite two federal statutes (E-SIGN Act, 15 U.S.C. §7001) and a state-level uniform act (UETA §14). They are US-only. eIDAS for EU jurisdictions is deferred until the international expansion lands.
The two signing rails
| Rail | Who signs | Legal basis | Used for |
|---|---|---|---|
| Rail 1 | A natural-person stakeholder | E-SIGN §101(c) electronic-record consent + recorded affirmative action | Wet-signature-equivalent acts: founder consents to formation, cap-table-affecting grants over the HITL floor, dissolution authorizations, board resolutions |
| Rail 2 | An agent acting as the principal's electronic agent | UETA §14 (operations of electronic agents) + per-action acknowledgements bound to a natural-person stakeholder | Routine agent-driven mutations under a tier-3 or tier-4 token: formation submission, annual reports, qualifications, mail acknowledgement |
Both rails write to the same Document.signatures[] shape. The difference
is the value of legal_basis on each signature entry.
{
"signatures": [
{
"signer_stakeholder_id": "stk_7Hpx9WxY",
"signed_at": 1745539180,
"legal_basis": "esra_consent",
"signing_session_id": "sgs_8sQp4LbR",
"intent_text": "I, Alice Founder, agree to be bound by this Action of Incorporator.",
"ip": "203.0.113.42",
"user_agent": "Mozilla/5.0…"
}
]
}legal_basis is one of three values:
| Value | Meaning |
|---|---|
wet_signature | Captured ink signature from a paper artifact, scanned and bound to the Document. Rare; used only when a state office requires wet ink. |
esra_consent | Rail 1 — human signed electronically after E-SIGN §101(c) disclosure was presented and accepted. |
ueta_electronic_agent | Rail 2 — an electronic agent committed the act under UETA §14 with all required acknowledgements on file. |
Rail 1 — Human signature (E-SIGN §101(c))
The human is in front of a screen. They sign by clicking a button that captures their affirmative intent.
There are two shapes for getting the human in front of the screen:
Matter sends the stakeholder an email with a one-time link. They click,
they read the document, they type their name, they click "Sign". The session
issued behind the link is short-lived (15 minutes) and bound to the
stakeholder's usr_* identity via Clerk OAuth.
# Server kicks off the email
curl -X POST https://api.mattermode.com/v1/signing_sessions \
-H "Authorization: Bearer $MATTER_KEY" \
-H "Matter-Version: 2026-05-01" \
-H "Idempotency-Key: $(uuidgen)" \
-d '{
"document_id": "doc_PwQ7MmLk",
"signer_stakeholder_id": "stk_7Hpx9WxY",
"delivery": "magic_link",
"intent_text": "I agree to be bound by the Action of Incorporator dated 2026-04-25."
}'The response includes a signing_url you can either email yourself or let
Matter email. Either way, the stakeholder must complete the session within
the 15-minute window.
The stakeholder is already authenticated in your product. You ask Matter for a bearer token bound to that stakeholder, hand it to your front-end, and let your front-end render the signing UI directly.
curl -X POST https://api.mattermode.com/v1/signing_sessions \
-H "Authorization: Bearer $MATTER_KEY" \
-H "Matter-Version: 2026-05-01" \
-H "Idempotency-Key: $(uuidgen)" \
-d '{
"document_id": "doc_PwQ7MmLk",
"signer_stakeholder_id": "stk_7Hpx9WxY",
"delivery": "bearer",
"intent_text": "I agree to be bound by the Action of Incorporator dated 2026-04-25.",
"bound_clerk_user_id": "user_2nA9PqLt"
}'The bearer is rejected unless the front-end's Clerk OAuth check is fresh
within the last 5 minutes. A stale Clerk session forces a re-auth, which
returns 403 reauthentication_required. The freshness window is non-
configurable.
Both shapes require an ESRA disclosure. Before the signer's first electronic
record, Matter presents the E-SIGN §101(c) disclosure (right to a paper
copy, hardware/software requirements, withdrawal of consent, scope of the
consent). The signer must affirmatively accept it via
POST /v1/consents/esra. The acceptance is recorded once per
signer_stakeholder_id and remains valid for 12 months unless withdrawn.
The captured intent_text is the what the signer agreed to — a plain-
English sentence describing the act, generated server-side from the
document's canonical metadata. It is stored verbatim alongside the signature
and reproduced on every audit dump.
Rail 2 — Agent signature under UETA §14
UETA §14 ("Operation of electronic agents") provides that a contract may be formed by the interaction of electronic agents, even if no individual human reviewed each action, if the principal has authorised the agent to act on their behalf within a defined scope. Matter satisfies this authorisation requirement with a three-part chain:
Account-level Terms of Service. The account owner, signing as a natural person, agrees that Matter's platform (and any tokens minted by the account) may operate as their electronic agent under UETA §14 for actions covered by the scope policy.
Scoped token (tok_…). Each token names a principal.human_id —
the natural person on whose behalf the token will act. The token's
allow[] and resources[] bound the agent's authority. Without a
token, there is no electronic agent; with a token, the agent's
authority is exactly what the policy says it is.
Per-action acknowledgements. Every binding mutation declares the
acknowledgements it requires via x-matter-required-acknowledgements.
The caller satisfies them either by (a) presenting them to a natural
person and capturing their affirmative click via the
acknowledgements[] body field on the request, or (b) having a
matching standing acknowledgement on the token via
AgentPolicy.standing_acknowledgements[].
The chain produces a legal_basis: "ueta_electronic_agent" signature on
the resulting Document, with signed_by_agent_id populated alongside
signer_stakeholder_id (the natural-person principal whose acknowledgement
authorised the act). Both halves are on the receipt — that is what makes
the signature defensible.
Acknowledgement slugs (the catalog)
The 12 AcknowledgementSlug enum values are the only slugs that exist.
Each binds a specific class of action:
| Slug | Bound to |
|---|---|
not_legal_advice | Standing — applies to every binding mutation. |
not_tax_advice | Standing — applies to every mutation with tax consequence. |
agent_action_binds_principal | Token creation — confirms the principal accepts that agent actions are their actions. |
tier_4_standing_authority_acknowledged | Token creation when tier: 4. |
incorporator_signature_authorized | Token creation when allow[] includes entities.submit. |
formation_is_legally_binding | Per-action — POST /v1/entities/{id}/submit. |
formation_creates_tax_obligations | Per-action — POST /v1/entities/{id}/submit. |
83b_election_strict_30_day_deadline | Per-action — POST /v1/grants for restricted-stock grants. |
equity_grant_is_securities_issuance | Per-action — POST /v1/grants. |
dissolution_is_irreversible | Per-action — POST /v1/entities/{id}/dissolve. |
service_of_process_must_reach_human | Per-action — POST /v1/mail/{id}/acknowledge for service_of_process mail. |
late_filing_penalty_accepted | Per-action — late annual reports, late franchise tax. |
See acknowledgements for the full
request shape, expiry semantics, and the GET /v1/acknowledgements
catalog endpoint.
incorporator_signature_authorized — the keystone ack
Formation is the most consequential agent-driven mutation Matter offers. It is also the one that has to happen for an agent-led "form a company" flow to work without round-tripping through a human signing session.
incorporator_signature_authorized is the standing UETA §14 ack required
at token creation when the token's allow[] permits entities.submit.
Once on file, the agent may call POST /v1/entities/{id}/submit without
a per-call human signature — the standing ack is the human's
authorization for the agent to operate as their electronic agent on
formation submissions.
POST /v1/entities/{id}/submit is not on the always-HITL list. This
is deliberate: agent-led formation is the whole point.
Founder-as-incorporator
Matter never signs the certificate of incorporation as the named
incorporator. The customer's natural-person stakeholder named at
entity.incorporator_stakeholder_id does, either:
- Directly via Rail 1 — the founder clicks through a magic-link or signing-session flow.
- Through their UETA §14 electronic agent via Rail 2 — the agent
invokes
POST /v1/entities/{id}/submitcarrying theincorporator_signature_authorizedstanding ack on the token, which the founder agreed to at token creation.
The legal substance is identical. The certificate names the founder as
incorporator. The IncorporatorReceipt's signature_authorized_via field
records which rail was used (esra_consent or ueta_electronic_agent).
This is not a Limited Power of Attorney. There is no separate POA
document, no notary, no apostille. The standing ack — captured at token
creation, with the founder's signer_stakeholder_id, IP, user-agent,
and ESRA consent on file — is the authorization, and it is governed by
UETA §14, not by the law of agency.
See incorporator protocol for how the receipt chains the founder's signature into the cryptographic proof of birth.
Where customer risk attaches
Three things are true on every binding mutation, regardless of rail:
- Per-action acknowledgements bind specific natural-person stakeholders.
accepted_by_stakeholder_idis a required field on every Acknowledgement record. The acknowledgement is the natural person's affirmative acceptance of the consequences of this specific action — not a generic ToS agreement. - The audit trail captures consent. Every binding mutation writes an
immutable
AuditEntrywith the resolvedacknowledgements[], thelegal_basisof the resulting signature, theintent_text, the IP and user-agent of the natural-person signer (Rail 1) or the acknowledgement capture (Rail 2), and theauthorized_byenvelope (human_principal_id+agent_id+via). - Matter is a software platform, not a law firm. Every binding response carries the Disclaimer envelope. The customer is solely responsible for the legal and tax consequences of the action and should consult qualified professionals before proceeding.
The platform's role is to capture the right artifacts to defend the act later. The customer's role is to make sure the act is the right one to take.
Hard-floor HITL operations
A subset of operations have x-matter-hitl: { required: true } on the
OpenAPI operation. This is a hard floor:
AgentPolicy.require_human_signature_for[] and
AgentPolicy.standing_acknowledgements[] cannot opt out of it. Even a
tier-4 token with every standing ack on file gets a 403 human_signature_required and must escalate to a human via Rail 1.
The hard-floor list:
| Operation | Why hard-floor |
|---|---|
POST /v1/entities/{id}/dissolve | Dissolution is irreversible. |
POST /v1/corporate_transactions/{id}/close | Closing an M&A deal binds both parties to the definitive agreement. |
POST /v1/grants over $250k | Large equity issuances trigger §409A and disclosure obligations. |
POST /v1/qualifications for regulated industries | Healthcare, financial services, and energy filings carry industry-specific signatory requirements. |
POST /v1/mail/{id}/acknowledge for service_of_process mail | A human must read service of process — UETA §14 explicitly does not cover service of process. |
POST /v1/entities/{id}/submit (formation) is not on this list. The
standing incorporator_signature_authorized ack at token creation is
sufficient — that is the whole point of agent-led formation.
Errors
| Status | Code | When | Recovery |
|---|---|---|---|
422 | acknowledgement_required | One or more required acknowledgements were missing on a binding mutation. | Fetch canonical text from GET /v1/acknowledgements, present to the natural-person stakeholder, capture affirmative acceptance, retry with acknowledgements[] populated. See the error page. |
403 | human_signature_required | The operation has x-matter-hitl: { required: true } and standing acks cannot opt out. | Switch to Rail 1 — open a signing_session and route the human to sign. |
403 | reauthentication_required | Shape 2 signing-session bearer was presented with a stale Clerk OAuth check (>5 minutes). | Force the user to re-authenticate via Clerk, then retry. |
403 | human_oauth_required | The principal on the token has no fresh Clerk OAuth session and the operation requires one. | Walk the human through Clerk login. |
All errors follow RFC 7807. See errors for the common envelope.
Related
- Acknowledgements — the per-action ack catalog, request shape, and 90-day expiry semantics.
- Disclaimers — the disclaimer envelope on every binding response and the DisclosurePacket on dry-run.
- Incorporator protocol — how the receipt chains the founder's signature into the cryptographic proof of birth.
- Sign with a human — Rail 1 walkthrough, both Shape 1 and Shape 2.
- Sign with Claude — Rail 2 walkthrough for a tier-3 OAuth client.
- Sign as tier 4 — standing-ack flow for routine autonomous mutations.