I am integrating DocuSign with salesforce using Rest API in order to send the envelopes.
Before sending any envelopes I was working on an Implicit grant in order to generate a token but I am not sure what is the right way to get the token.
I am using the GET method but I am getting the response in HTML format.
public class SendDocumentsWithDocuSign {
public void test(){
String accountID = 'a6e74d5a-****-****-****-28f3bec67ccf';
String userName = 'f2326e06-****-****-****-a1aee682da08';
String passWord = 'password#123';
String integrationKey = 'b19b477c-****-****-a8a5-8ff88ea771cc';
String templateID = '5259faf7-****-****-a493-ba19ce5d633c';
String redirectURL='https://www.salesforce.com';
//Request the implicit grant
String TOKEN_URL = 'https://account-d.docusign.com/oauth/auth?response_type=token&scope=signature&client_id='+integrationKey+'&redirect_uri='+redirectURL;
String authenticationHeader =
'<DocuSignCredentials>' +
'<Username>' + userName+ '</Username>' +
'<Password>' + password + '</Password>' +
'<IntegratorKey>' + integrationKey + '</IntegratorKey>' +
'</DocuSignCredentials>';
HttpRequest httpreq = new HttpRequest();
HttpResponse httpres = new HttpResponse();
Http httpCall = new Http();
httpreq.setEndpoint(TOKEN_URL);
httpreq.setMethod('GET');
//httpreq.setHeader('X-DocuSign-Authentication', authenticationHeader);
httpreq.setHeader('Content-Type', 'application/json');
httpreq.setHeader('Accept', 'application/json');
httpres = httpCall.send(httpreq);
System.debug(httpres.getHeaderKeys());
System.debug(httpres.getHeader('X-DocuSign-TraceToken'));
System.debug(httpres.getHeader('Set-Cookie'));
System.debug(httpres.getBody());
}
}
I am getting the below Output.
[32]|DEBUG|(X-DocuSign-Node, X-Content-Type-Options, X-DocuSign-TraceToken, Pragma, Date, X-Frame-Options, Strict-Transport-Security, Cache-Control, Content-Security-Policy, Set-Cookie, ...)
[33]|DEBUG|4d4cac98-7cc9-4b3e-a1fe-c12e871b7065
[34]|DEBUG|__RequestVerificationToken=ARFea2sGN3iGpAjBGHGwCJcB0; path=/; secure; HttpOnly
[35]|DEBUG|
input name="__RequestVerificationToken" type="hidden" value="ARFea2sGN3iGpAjBGHGwCJcAAAAA0"
I want to fetch the access token to call the REST API as given in the DocuSign document. https://developers.docusign.com/platform/auth/implicit/implicit-get-token
To use the DocuSign APEX toolkit, you need to follow the toolkit's authentication methods since that's the only way to use the (needed) integration key from the APEX toolkit.
See the toolkit's authentication instructions.
If you're not using the APEX toolkit then you need to work within the capabilities of SalesForce. Named Credentials is one approach. Here's another.
Related
I am investigating how to possibly authenticate to a Kubernetes 1.13 cluster with OpenID Connect and Keycloak. I am new to this area.
This YouTube video ("Use Open ID Connect for Kubernetes API server") accomplishes part of what I want. An id token is initially obtained by making a HTTP request (with curl) to Keycloak citing grant type password. The resulting token is then subsequently used in further HTTP requests to the Kubernetes API. This works but has the disadvantage that clients directly handle users' permanent credentials.
Would it not be better if the token were issued by a secure web page that also required authentication via Keycloak (this time with grant type authorization code) and did nothing else but displaying a new token? Such tokens (transient credentials) could then e.g. be manually copied into kubeconfigs for further use?
Does Keycloak provide such interactive web pages (next to the REST endpoints for obtaining tokens programatically) or is this out of scope? If the second, are there other standard components for such tasks?
UPDATE This illustration from the Kubernetes documentation perhaps makes more clear what I am seeking. In step 1 a user should log into the Identity provider to obtain tokens which can then be configured into kubectl. Does Keycloak support this step, i.e. offer a web page where users could log in to obtain their tokens?
If I am able to understand your question ,so you want to get the accesstoken via Java code so here is code you can write and call
String obtainAccessToken = obtainAccessToken(username, password);
putRequest.addHeader("Authorization", "bearer " + obtainAccessToken);
putRequest.addHeader("content-type", MediaType.APPLICATION_JSON);
Here is the method you should call
public String obtainAccessToken(String UserName, String pwd)
{
AuthzClient authzClient = AuthzClient.create(configuration);
AccessTokenResponse accessTokenResponse = authzClient.obtainAccessToken(UserName, pwd);
String token = accessTokenResponse.getToken();
return token;
}
Here is the get realm method
public Response getAllRealms() {
ObjectMapper mapper = JacksonObjectMapperProvider.getObjectMapper();
CloseableHttpResponse response = null;
List<SureRealmRepresentation> realmList = new ArrayList<SureRealmRepresentation>();
int status;
try {
String urlGetAllRealms = URL + "/admin/realms";
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpGet getRequest = new HttpGet(urlGetAllRealms);
String obtainAccessToken = obtainAccessToken(username, password);
getRequest.addHeader("Authorization", "bearer " + obtainAccessToken);
getRequest.addHeader("content-type", MediaType.APPLICATION_JSON);
response = httpclient.execute(getRequest);
status = response.getStatusLine().getStatusCode();
String responseBody = EntityUtils.toString(response.getEntity());
if (status == 200) {
RealmRepresentation[] realmArray = mapper.readValue(responseBody, RealmRepresentation[].class);
}
catch (Exception e) {
if (e instanceof Exception) {
throw (Exception) e;
} else {
throw ErrorHandler.wrap(new Exception("EroorType : "+ e.toString()));
}
}
I am new to docuSign API and I followed the code sample for C# in DocuSign guide site. I failed at the step while I was trying to get AuthToken. Part of my code as below, basically the same as the DocuSign sample,
public void OAuthAuthorizationCodeFlowTest()
{
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
// Make an API call with the token
ApiClient apiClient = new ApiClient(RestApiUrl);
DocuSign.eSign.Client.Configuration.Default.ApiClient = apiClient;
// Initiate the browser session to the Authentication server
// so the user can login.
string accountServerAuthUrl =
apiClient.GetAuthorizationUri(client_id, redirect_uri, true,
stateOptional);
System.Diagnostics.Process.Start(accountServerAuthUrl);
string accessToken = apiClient.GetOAuthToken(client_id,
client_secret, true, AccessCode);
// login call is available in the authentication api
AuthenticationApi authApi = new AuthenticationApi();
LoginInformation loginInfo = authApi.Login();
// parse the first account ID that is returned (user might belong to
multiple accounts)
AccountId = loginInfo.LoginAccounts[0].AccountId;
BaseUri = loginInfo.LoginAccounts[0].BaseUrl;
Console.WriteLine("accountId: " + AccountId);
Console.WriteLine("base_uri: " + BaseUri);
The client_id is my integrator key, the client_secret is the secret key related to that integrator key, right? I checked them many times, no problem. I am confused now why am I still getting 400 error. Please shed me some light here, thanks!!!
System.Diagnostics.Process.Start(accountServerAuthUrl); will open it on a browser, and once you have done successful authentication then browser will be redirected with the query parameter code=.... in the callback url (redirect_uri)
The code in browser needs to be read by your WEBApp, and then you need to call below code to generate the AccessToken:
string accessToken = apiClient.GetOAuthToken(client_id,
client_secret, true, AccessCode);
Below code is one part, to open the browser, ideally it is for testing purpose on a Standalone system, on a WEBApp you will redirect the browser to accountServerAuthUrl
public void OAuthAuthorizationCodeFlowTest()
{
// Make an API call with the token
ApiClient apiClient = new ApiClient(RestApiUrl);
DocuSign.eSign.Client.Configuration.Default.ApiClient = apiClient;
// Initiate the browser session to the Authentication server
// so the user can login.
string accountServerAuthUrl = apiClient.GetAuthorizationUri(client_id, redirect_uri, true, stateOptional);
System.Diagnostics.Process.Start(accountServerAuthUrl);
}
Below code is run when user is authenticated by the DocuSign on the browser and browser is redirected to the redirect_uri with code=..., your Webapp will read this code and send it as AccessCode and will call below code from your controller,
string accessToken = apiClient.GetOAuthToken(client_id, client_secret, true, AccessCode);
I've certified my integrator key last week and it was confirmed to go "live" last friday.
Reading this documentation, I now need to determine which production site I am linked to. The problem is that when I follow the instructions, I can't see which site I am linked to :
*The {SERVER} value is determined by where your DocuSign Production account resides.
The easiest way to determine this is to login to your Production DocuSign account and
examine the prefix of the URL. For example, if the URL is:
https://na2.docusign.net/Member/Home.aspx, then replace {SERVER} with “na2” to find
your Production endpoints.
Any help would be appreciated
is there a way to retrieve the Production URL from an envelope ?
envelopeApi.GetEnvelope() ?
Use the Login_Information API to retrieve your BaseUrl.
Here is the code using the C# SDK
string _username = "<Add your User Name>";
string _password = "<Add your Password>";
string _integratorKey = "<Add your Integrator Key>";
string DOCUSIGN_URI = "https://www.docusign.net/restapi";
string _authHeader;
public string Init()
{
_authHeader = "{\"Username\":\"" + username + "\", \"Password\":\"" + password + "\", \"IntegratorKey\":\"" + integratorKey + "\"}";
// initialize client for desired environment (for production change to www)
ApiClient apiClient = new ApiClient(DOCUSIGN_URI);
Configuration.Default.ApiClient = apiClient;
Configuration.Default.AddDefaultHeader("X-DocuSign-Authentication", _authHeader);
// we will retrieve this from the login API call
string accountId = null;
/////////////////////////////////////////////////////////////////
// STEP 1: LOGIN API
/////////////////////////////////////////////////////////////////
// login call is available in the authentication api
AuthenticationApi authApi = new AuthenticationApi();
LoginInformation loginInfo = authApi.Login();
// parse the first account ID that is returned (user might belong to multiple accounts)
accountId = loginInfo.LoginAccounts[0].AccountId;
string baseUrl = loginInfo.LoginAccounts[0].BaseUrl;
// Update ApiClient with the new base url from login call
apiClient = new ApiClient(baseUrl);
return accountId;
}
I created an account in the Docusign Sandbox to evaluate the product. My main goal is to create a signing group but before that I would like to get the list of signing groups with RestSharp.
[EDIT]
docusign.configureApiClient("https://demo.docusign.net/restapi");
var login = docusign.LoginDocusign(USERNAME, PASSWORD);
var client = new RestClient(login.BaseUrl);
var request = new RestRequest("signing_groups", Method.GET);
string authHeader = "{\"Username\":\"" + USERNAME + "\", \"Password\":\"" + PASSWORD + "\", \"IntegratorKey\":\"" + INTEGRATOR_KEY + "\"}";
request.AddHeader("X-DocuSign-Authentication", authHeader);
IRestResponse response = client.Execute(request);
var content = response.Content;
Debug.WriteLine(content);
However the content returns
error code : "ACCOUNT_LACKS_PERMISSIONS"
message: "This Account lacks sufficient permissions."
I thought demo accounts have almost the same permissions as a premium account. Is there a setting somewhere to enable this?
I am certain that the authentication is correct when I request for list of groups, the content returns all of my groups.
var request = new RestRequest("groups", Method.GET);
I'm not familiar with RestSharp, but my suspicion is that there's a problem with the request.
To diagnose: first start with making a call to DocuSign and use the Request Log facility to see what is being sent.
If the incoming request can't be matched to your account, or fails some initial filters, then the request will not reach your account. In that case, use requestb.in (free) to see what you're sending.
Also, I don't see where you are requesting the accountId and base URL from DocuSign. (Using https://demo.docusign.net/restapi/v2/login_information)
That's the first step for an API integration since you can't predict which platform the user's account is running on.
Im tring to user the DocuSign api/sdk to send a document for someone to sign. The examples say something like:
//.NET
APIServiceSoapClient apiService = new APIServiceSoapClient();
apiService.ClientCredentials.UserName.UserName = "Your DocuSign UserName here";
apiService.ClientCredentials.UserName.Password = "Your DocuSign Password here";
Which I of course have tried but its not working.
I get the following error:
Security requirements are not satisfied because the security header is not present in the incoming message.
Ive tried
var username = "myemail";
var pass = "mypass";
var iteratorKey = "iteratorkey";
APIServiceSoapClient apiService = new APIServiceSoapClient();
apiService.ClientCredentials.UserName.UserName = username;
//also tried ...UserName = "[" + iteratorKey + "]" + username;
apiService.ClientCredentials.UserName.Password = pass;
Is this not where all security requirements are met? maybe? Using APIService not DSAPIService if that makes a difference.
I ended up having to use a different way to pass in the credentials. Which I found somewhere else. Im still not sure how to correctly use the other method I tried though so if anyone knows how to use the other method it would be great just because the code is neater and easier to follow.
string auth = #"<DocuSignCredentials>
<Username>email</Username>
<Password>pass</Password>
<IntegratorKey>key</IntegratorKey>
</DocuSignCredentials>";
DSAPIServiceSoapClient apiService = new DSAPIServiceSoapClient();
using (var scope = new System.ServiceModel.OperationContextScope(apiService.InnerChannel))
{
var httpRequestProperty = new System.ServiceModel.Channels.HttpRequestMessageProperty();
httpRequestProperty.Headers.Add("X-DocuSign-Authentication", auth);
System.ServiceModel.OperationContext.Current.OutgoingMessageProperties[System.ServiceModel.Channels.HttpRequestMessageProperty.Name] = httpRequestProperty;
EnvelopeStatus envStatus = apiService.CreateAndSendEnvelope(envelope);
return envStatus.EnvelopeID;
}
There are two ways to pass member credentials through DocuSign's SOAP API (as opposed to the newer REST API):
SOAP Header via WS-Security UsernameToken
HTTP Header via a custom field “X-DocuSign-Authentication”
The Account Management API only supports the HTTP Header authentication method, while all others can support either method.
Additionally, the DocuSign SOAP API has two API end points: API.asmx and DSAPI.asmx. The API.asmx end point requires the WS-Security UsernameToken in the SOAP header authentication. The DSAPI.asmx and AccountManagement.asmx end points require the HTTP Header authentication method.