Getting started

Sign up, create your first tenant, and make your first authenticated API call in under 10 minutes.

Welcome to Signward. This guide walks you through signing up, creating a tenant, and making your first authenticated API call. If you already have a tenant, skip to Make your first request.

Create an account

  1. Go to signward.com and click Get started.
  2. Choose a plan — the Starter plan covers most small apps.
  3. Fill in your company name and domain. A subdomain is automatically generated (e.g. acme.signward.com).
  4. Complete checkout. You'll be redirected to your tenant onboarding.

Once onboarding finishes, your tenant is live at https://{subdomain}.signward.com and the admin Portal at https://portal.signward.com.

Create an OIDC client

Every application that signs in users needs an OIDC client registered with Signward.

  1. Open the Portal and go to Settings → OIDC Clients.
  2. Click New client and fill in:
    • Name — human-readable label
    • Client type — confidential (has a secret) or public (PKCE only)
    • Redirect URIs — exact match, no wildcards (e.g. https://myapp.com/signin-oidc)
  3. Copy the generated Client ID and, if confidential, the Client Secret. The secret is shown only once.

Make your first request

With the client registered, you can call the OIDC discovery document to verify everything is wired up:

curl https://api.signward.com/.well-known/openid-configuration

The response contains all the URLs your SDK needs: authorization_endpoint, token_endpoint, userinfo_endpoint, jwks_uri, and so on.

Exchange an authorization code

After a user signs in and is redirected back to your redirect URI with a code query parameter, exchange it for tokens:

curl -X POST https://api.signward.com/connect/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code=AUTH_CODE_HERE" \
  -d "redirect_uri=https://myapp.com/signin-oidc" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "code_verifier=PKCE_VERIFIER"

You'll get back an access_token, id_token, and refresh_token. Use the access_token as a Bearer header on subsequent API calls.

Next steps

  • Protect a Web API — validate Signward tokens in your backend
  • SDKs — skip the raw HTTP and use the .NET, Python, or JavaScript client library