We are currently integrating with the DocuSign click API. We are are using JSON Web Token Bearer (JWT) grant and the following calls are working fine.
GET /clickapi/v1/accounts/{accountId}/clickwraps?status=active
GET /clickapi/v1/accounts/{accountId}/clickwraps/{clickwrapId}/users?client_user_id=<clientUserID>
To hide {accountId} and {clickwrapId} from the UI, I was trying to follow this approach React Docusign Clickwrap Credentials
But I am getting response 401-Unauthorized when I tried to call api POST /clickapi/v1/accounts/{accountId}/clickwraps/{clickwrapId}/agreements with body
{
"clientUserId": "..."
}
These are the authentication scopes set: impersonation,signature and click.manage.
In API Documentation there is nothing related with that POST api. Is that a valid API? why I am getting 401?
It appears you also need the click.send scope for this Click API endpoint.
I'll request we update the documentation to reflect that. Sorry about the confusion.
+1 to above. Thank for reporting this issue as well. We're aware that the endpoint you callout above (/clickapi/v1/accounts/{accountId}/clickwraps/{clickwrapId}/agreements) isn't listed under the Clickwrap documentation. We're working on resolving that asap.
Related
I am developing against DocuSign's docusign-esign-java 2.8 SDK and am encountering an error attempting to create an Envelope using the EnvelopesApi.
Here's the specific error I am hitting:
com.docusign.esign.client.ApiException: Error while requesting server, received a non successful HTTP code 400 with response Body: '{
"errorCode": "USER_LACKS_PERMISSIONS",
"message": "This user lacks sufficient permissions to access this resource."
}'
at com.docusign.esign.client.ApiClient.invokeAPI(ApiClient.java:1036) ~[docusign-esign-java-2.8.0.jar:na]
at com.docusign.esign.api.EnvelopesApi.createEnvelope(EnvelopesApi.java:702) ~[docusign-esign-java-2.8.0.jar:na]
at com.docusign.esign.api.EnvelopesApi.createEnvelope(EnvelopesApi.java:652) ~[docusign-esign-java-2.8.0.jar:na]
The client went through DocuSign OAuth Code Flow and granted our Application scope=signature+extended.
Does anyone have any ideas or suggestions on what I could look into?
I feel like this is somehow a DocuSign account configuration issue more than a code issue or an OAuth authorization issue, but I'm not sure where to look.
This can happen because:
There's a mismatch between the accountId in the URL that you are making API calls for (you pass accountId to the API call from the Java SDK) to the account that you used to authenticate (which may be different) when you implemented OAuth.
There's a mismatch between developer and production env. Make sure you use the same env for both authentication and API Call.
The user you authenticated with actually don't have permission to create envelopes. Some users cannot do that.
Account has an option to only allow creation of envelopes from templates.
I would try a new developer account and make sure that you are using the correct account in both the authentication piece and the API calls.
I am trying to fetch ticket using azure api, but it's showing "Unable to complete authentication for user due to looping logins" while making an api call, i have passed proper Authorization header and provided correct personal access token in base64 encoded.(see fig)
I am using GET https://dev.azure.com/{organization}/{project}/_apis/wit/workitems/{id}?api-version=1.0 for making an api call.
link: https://learn.microsoft.com/en-us/rest/api/azure/devops/wit/work-items/get-work-item?view=azure-devops-rest-6.0
am i missing something? Looking for suggestion.
On Postman, to execute RESI API using PAT (Personal Access Token) as the authentication, you should set on Authorization tab, instead of directly on the Headers tab.
I am trying to integrate Azure's AD in my spring-boot app. I have pushed the project onto github (https://github.com/praveenk007/azure-ad).
The authorization code is generated and redirected to below redirect URI:
https://localhost:8081/login?code=OAQABAAIAAAAm-06blBE1TpVMil8KPQ41GNiib9Q4VuBeBjtPhyypfg50XD6swPFt4jE4G1sEaG0zuxgPdGnS43ygiZ2dZB7nxuaXSnbqMzEtdEbMiKmTlYb343BpHOD2xL0dpkkTZQk8kesIwjzzE7B3aHG7xFEhITzuBsctrbBadsUuykNdVq8CCRIYQHuxwSA2g59LDoRrJPbGncKtfDgoMNUxPk0gpJwxCf4KttbA3qe8BTXweYdYaZ5mJs2x2blY3hTVId9PDEFGS_XULvHMAMR3Q6af_B2T2TwLlOKufVYcX6R5nQTaYtpSQXqrCd2TYbBZ8Oj-B4lKpw1Ds6OC6R-wvFR6TpWRNlqzItaE0I3KlKTN5EFDso74A2Ky1B52waG5FCwWSwD4-kchKl-IEBRgPUd5UzHOlHECs_TZQpvwvMtek-4IYe0ErgvP1b3S8_qDh9ALsyNYLtdRJXaBfaXi7wGZKoiPIu3PTLExAMdYscHCJ5YaK5jx-bgkX1FrHdOjxXrgjnoo6tE-jCrRBVi9xGpK23PLOpSkj38Rm2-SpjAhpzKpZZSnKFkIWUZ9ZzRX4PFrTo3Zp7BE_VcFqxU1F5AEFyj8KpH0I6QOvtjLHLIHMSAA&state=CvSY3DNRqCWUYPA6V51nJa3cpvzxCUu_JKfMgsOInFA%3d&session_state=442a62c2-8534-4412-8368-e87a4afbd88d
But I see this login page again:
I didn't see any calls to fetch token in the debug logs. Ideally the framework should have handled that flow.
I have another project which is non reactive and that works without any additional code.
Tried searching online, but there are no documents on integrating azure in reactive environment.
Kindly help me fix this.
You are trying to implement Code Grant flow. This flow needs to implement two requests in order to get the token. The first request is to get the code and the second request is to get the token with the help of code we got from the first request.
So, You have successfully completed the first request. You need to pass the code you have got in the above image you have shared as a post request to the Authentication Server to get token. Please go through Microsoft Document for more details.
The second request which helps you to get token looks like below
POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh
Ok. I figured this out. The redirect-uri was incorrect. Changed to https://localhost:8081/login/oauth2/code/azure and it worked.
Thanks.
I'm using developer sandbox to make all my api calls.
It's website build with laravel 5.2
All api calls are made with guzzle/guzzle.
I'm trying automate sending pdf contracts (creating envelopes) using docusign api.
I followed steps from Using the Authorization Code Grant
I had no problem with:
Starting the Authentication Code Grant
Handling the Response
Exchanging the Code for a Token
Getting the User’s Account and Base URI Information
After I get userinfo, there is only one account, so I used that accounts base_uri for all subsequent api calls
{base_uri} + "/restapi/v2/accounts/" + {account_id}
In all my subsequent api calls I'm also adding header
Authorization: Bearer eyJ0eX...MrhIddzBAQ
where I'm using access_token that I've got in step Exchanging the Code for a Token
When doing a create envelope api call, or any other api call, using access_token, base_uri and account_id I get
POST https://demo.docusign.net/restapi/v2/accounts/<account_id>/envelopes resulted in a 401 Unauthorized response
What I tried
Test using the access_token in docusign API explorer:
I went to API EXPLORER - create envelope
I used Authenticate using Sandbox Account to authenticate with the access_token that I've got in previous calls to docusign. Same for the account_id.
When I click on SEND REQUEST, I get 401 Unauthorized response again.
When I use Authenticate using Sandbox Account, but this time I click on Get OAuth2 token (that generates new token), and I click on SEND REQUEST, I get success message.
Then I copied this access_token (from Request) into my website to test the api call, and this time it worked. It also worked for all other api calls that I was making to docusign.
So, using access_token that I get after Exchanging the Code for a Token, I get 401 Unauthorized for api calls
When I use access_token that I generated in API explorer, all api calls to docusign work in my website.
What I also tried
Use refresh_token to get new access_token. Still 401
Xdebug, going step by step to make sure that all params/headers are set before api call. They are, and they are the same as api explorer.
Guzzle option debug => true to get more information about the request, and to compare with what's sent in API EXPLORER, and they are basically the same, except the tokens.
Postman to make request to api, (just to eliminate any chance that I have errors in my code), with same behavior:
401 with token that I get from docusign
success when using API EXPLORER generated token
I'm kinda lost on what to do next and how to solve this, I'm sure it's something simple, but I can't seem to locate the problem.
Update
I used Larry K's answer and found that my problem was with the scope value in /oauth/auth call. I changed it to scope=signature%20extended, and everything works perfectly!
When you click the Get OAuth2 token in the API explorer, you are going through the complete Authorization Code Grant flow, including the new token.
Since this works, but the token your app obtained via the OAuth Authorization Code flow doesn't work, this tells me that your app has an issue.
Check:
Logout from DocuSign. Login from your app. Are you transferred to DocuSign to log in correctly? And then redirected to your app?
Are you requesting the "signature" scope in your request? Check spelling and capitalization of the scope name!
When you're redirected to your app, your app receives the authorization code as a query parameter. Do you get it ok?
When you convert your authorization code to a bearer token are you storing the complete bearer token? It is quite long.
When you send your Envelopes::create request, are you including a space between the word Bearer and the token itself?
Are you making your API call to demo.docusign.net (not .com)
If the above doesn't help, then please update your question (you can edit your question itself) with a trace of your request.
Trying to call the Docusign REST API to Delete/Close User. Passing XML as the documentation in Docusign accepts XML or JSON. But getting 400 status code. I can login using REST API fine. Have had several eyes look at Docusign documentation on the Delete in relation to what I'm passing in XML, but nothing has popped out as to why we are getting 400. Typically, that would mean your XML ... your request is not correct format. Is anyone having this issue with Delete/Close User? Any advice?
Please don't use legacy authentication as it's old and insecure.
You should be using OAuth and if you don't want to have to authenticate each user you can use JWT (JSON Web Token) which would require that you obtain consent for the app to impersonate the user (or any user) that they make API calls on their behalf.
You can find more information about how to use JWT Auth in this article on the DocuSign developer center.
Deleting a user using the REST API is done using this endpoint:
DEL
/restapi/v2.1/accounts/{accountId}/users
The body is a JSON with an array of one or more users to delete. The userId (GUID) is sufficient information to provide to delete a user.