I'm trying to make API call from Salesforce to DocuSign that creates an envelope in DocuSign. I don't find any issues there. My query is how to get the integrator key and DocuSign credentials for multiple users and store it in Salesforce to be picked up dynamically for the corresponding user. For Dev, I can use my credentials and Integrator Key to create an envelope. When it comes to multiple users, how should I proceed? Please, can anyone explain to me how this can be achieved?
Are you sure you need to? Integrator keys can be used across accounts and users without issue.
What are you trying to accomplish by using unique integrator keys per user?
Related
First of all, I apologize for eventual noob questions, we are very new to the DocuSign API and are currently trying to wrap our heads around which is the most correct way of accessing the API.
I will start with an overview of our use case. We recently purchased a DocuSign prod. Account with an Organization enabled.
We have a Partner which uses a CMS Tooling which integrates with said DocuSign Account. This Tool allows for the Backoffice to create envelopes with documents inside and a url which leads to the signin ceremony through the Templates that we create inside the DocuSign Account. This url is afterwards send to the customer for them to sign the documents in the envelope. This Part is working and is currently being used.
Now what we want to achieve on our side, we have a nextJS web-app which allows the same customers (Which are the receivers of the created envelopes in the step above, same e-mail in both steps) to sign-in our web-app. We want to show the customer in a dashboard, if there are envelopes for him open that he can sign and if this is the case we want to show him the url which leads to the signin ceremony.
We were able to see that as soon as an envelope for a certain User is created through the CMS Tooling, we can see that envelope in our DocuSign Prod Account.
Now our thought process was, to show our customer his open envelopes, we just fetch all open envelopes in our DocuSign Account which match the customers E-Mail.
Is there anything wrong with this process or are we overlooking something?
And if it is okay to proceed this way which of the OAuth Flows is the correct one to use for this case?
From my understanding, the JWT Flow seems like the most reasonable one? Since the Customers that need to sign the documents, will not have any DocuSign accounts.
What have you tried to solve the issue?
We tried using the direct API Access, which worked when set up correctly but since we didn't have a OAuth Flow in place the Access token is only valid for restricted amount of time obviously and has to be refreshed. Hence we have to think first about how to grant access correctly
I would love to hear, what the right approach would be to achieve our desired result.
Once again Apologies for this kind of question, just trying to have a better understanding before we start building :)
Best regards!
According to the use case you mentioned using JWT Grant is fine as users of your integration will use a single system account to log in, you should use JWT Grant.
I would recommend going with the below link to know more regards different use cases and check the knowledge
https://developers.docusign.com/platform/auth/choose/
https://developers.docusign.com/platform/auth/oauth2-requirements-migration/
I am trying to integrate Docusign in my Web application. The website workflow will be as follows:
Users visit my website and log in.
Users will be given the option to choose Docusign Templates.
After selection, users need to sign that document.
After a successful signing, the signed document is sent to some authority.
My problem is how can I link my users to Docusign to sign. Does every user needs to have an account for embedded signing?? I need some help in understanding the flow of authentication and signing in DocuSign REST API. I have gone through the documentation but didn't understand properly. When I try to use the auth grant GitHub code to understand the flow. After logging in, it throws a null pointer exception. Please, someone, help me.
You can find code example in different languages to do what you're asking (sign from a template). You will want to use embedded signing so that the user sign as part of the app and not remote signing (via email).
As for your authentication question, no, signers never need to be part of the account. The sender can be a single user that is "sending" envelopes that are embedded in the app. So while there's no sending technically, you can think of it this way.
Hope this makes sense, please ask additional questions if not clear
recipientID is a GUID uniquely used to identify a recipient in DocuSign. When you create an envelope, each recipient should have one.
"and If the same name+email combination comes again, will it get the same signature or generate a new one?" It will remember it if they have an account.
I have been using DocuSign SOAP Based API calls to create and send envelopes and am using legacy authentication method in which I can specify email address and password of the DocuSign user who is going to create envelopes.
One our client have multiple DocuSign account with the same user. When I setup an authentication header thru the SOAP based API call, I do not have a way to specify which account I am making API calls against.
How do I make sure that I am making API calls against the specific account?
You have two ways of accomplishing this.
1) You can make a getlogin call to retrieve a list of the logins associated with an account and use the default.
OR
2) Instead of supplying the email address for the user you can supply the API UserName in the login headers, which is a unique number for that user. This can be retrieved from the API and Keys or Users section if they're using the New DocuSign Experience, or through the user Permission section if still using Classic.
While the ApiUserName or email address is usually supplied in the authentication header, the ID for the account is in the XML body for the call. the combination of apiUserName and AccountId should be sufficient in picking a specific user, even if they have the same email address associated with multiple accounts.
Can I delete Account Signing Groups in DocuSign using API?
If yes, could someone provide me with a sample or direct me to the API that describes this?
Documentation for managing signing groups via API can be found here. As that page shows, the HTTP Request for Delete Signing Group(s) is:
DELETE /v2/accounts/{accountId}/signing_groups
For more details about that specific operation, see here.
I have couple of questions regarding the docusign api and its Integrator Key Certification
I'm using REST API calls for Docusign Integration with Salesforce;
We need Endpoint, UserId, AccountId, Password, Integrator key for Docusign REST API calls. Every value of these fields for different users are stored in Docusign managed objects of salesforce except Integrator Key.
Need of one Integrator Key is making me to either go for harcoding these credentials/use custom settings of Salesforce. Anyone suggest a better way for other than this?
So what I did For Authentication header is, (Though it may seem like not a best practice I have no other way to do)
I have accessed the user credentials from custom settings of Salesforce. But in-order to overcome the limit of 1000 API calls per
hour per account, I am thinking to use multiple user credentials which are changing one after the other for every api call.
So, Will docusign allow the multiple Integrator Keys Certification that are used in one single apex class?
For those who are thinking about baseURL parameter in authentication header, I will go with the "/login_information/" api call, (or) change the value from custom settings depending on environment where the api is called.
Using, all this logic my task is working perfectly but all of sudden I am thinking will Docusign allow to pass certification for the above Integration steps? Thanks in advance.
As Andrew has mentioned in his comments, you should reach out to DocuSign's Certification department with any certification questions you may have. However, I can still provide some info for you here:
It's really up to you and your security and business requirements how you want to store your application's Integrator Key; however I can tell you that I've seen numerous other integrations do it by hard-coding the value into a PRIVATE apex class. Private so that no other objects can access it.
No, DocuSign will not allow multiple Integrator Keys in this instance. When you go through and pass the Certification process, the result is that just ONE of your demo IKs are promoted to production environment. That one integrator key represents your entire integration.