I work for a young startup in Europe who offers a SaaS for doctors for managing their patients via web app.
Among other features, our customers (the doctors) can create documents directly in our web app which can then be signed by their patients and converted to PDF. We did this through the implementation of the signature-pad and the dompdf libraries, and it works pretty well.
But since the signature-pad script simply adds an image of the signature at the bottom of the server-generated PDF document, this kind of electronic signature has poor, or none, legally binding features.
Now our question is: how can we take e-signatures to the next level and implement a 100% legally binding signature in our platform for our customers? Do you suggest to take a look at some third party API service, or we'd better develop our own solution (we guess certificate-based)?
We've been also considering switching to some other solution, such as the Remote Digital Signature which could allow our customers' patients to sign with a simple link sent to their smartphone... We are pretty confused so any help/suggestion/explication is greatly appreciated, especially if you have experience!
Thank you in advance and do not hesitate to ask if you need further details.
PS: Our code is vanilla PHP, no frameworks.