E-Sign Architecture: OAuth3-Backed Electronic Signatures
A deep dive into how Solace builds electronic signatures with OAuth3 tokens, SHA-256 hash chains, and ALCOA+ compliance, making Part 11 Architected storage accessible from $0.
The $15K compliance gap
FDA Part 11 Architected document storage starts at $15,000 per year from the cheapest dedicated vendor. For startups and small teams, that price puts compliance behind an enterprise gate.
Solace takes a different approach. Every e-signature is backed by an OAuth3 token with specific scope, TTL, and user binding. The signature links into a SHA-256 hash chain where tampering with any record breaks the chain.
CRIO heritage, OAuth3 future
The signing flow comes from CRIO, a clinical trial platform that handles 10,000 signatures per day in FDA-regulated environments. Solace builds on that proven workflow and adds modern security layers: bcrypt password hashing, OAuth3 scoped tokens, and SHA-256 hash-chained evidence.
Two signature modes are supported: password re-authentication and Fabric.js canvas drawing. Both produce the same evidence hash chain.
- UUID tokens with configurable TTL (60 seconds to 2 hours)
- Five built-in attestation statements plus custom text
- Bulk signing: one token, multiple documents, individual evidence per document
- Public verification endpoint: anyone with the hash can verify
- ALCOA+ compliant: Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, Available
Self-service pricing for compliance
Every Solace tier includes e-signatures. Free users get 3 per month. The $28 Pro tier includes 100 signatures with 90-day Part 11 Architected retention. Enterprise at $188 per month gets unlimited everything with regulatory export formats.
At $188 per month, Solace Enterprise costs $2,256 per year. That is 85 percent cheaper than SimplerQMS, the cheapest dedicated Part 11 vendor, and the evidence quality is higher because it uses hash chains rather than timestamps.