I encountered a new issue today when I tried to send a request with my new production account and the integrator key, newly promoted to Live status.
The API login succeeded, and it returns my AccountID.
However, when I try to create an envelope with envelopesApi.CreateEnvelope API call, I received the following error.
I tested the code with my demo account and key, couple of days ago. It was working fine. I think it is related to the key, because the login request was succeed.
DocuSign.eSign.Client.ApiException: 'Error calling CreateEnvelope: {
"errorCode": "USER_AUTHENTICATION_FAILED",
"message": "One or both of Username and Password are invalid."
}
Please let me know if there is anything else I need to do.
Often when the USER_AUTHENTICATION_FAILED error is received and you are positive the correct user/pwd combo is being provided it's because of the wrong account endpoint being accessed.
You need to parse sub-domain of the baseUrl that is returned from the Login API (property is called base_uri if using OAuth2) and configure your api client with that sub-domain.
When testing in demo it's ok if you miss this step since all accounts are under the demo.docusign.net sub-domain, however in production there are multiple sub-domains (ie. www, na2, eu, etc) so you need to re-configure once right after authentication.
Example:
The response to the Authentication: login API looks like:
{
"loginAccounts": [
{
"accountId": "123456",
"baseUrl": "https://na2.docusign.net/restapi/v2/accounts/123456",
"email": "jdoe#example.com",
"isDefault": "true",
"name": "LoanCo",
"siteDescription": "",
"userId": "abcdff66-f92e-4e8e-ab81-8c46f140",
"userName": "John Doe"
}
]
}
Then instantiate a new API client using the sub-domain that was returned in the login response:
ApiClient apiClient = new ApiClient("https://na2.docusign.net");
Related
I have implemented an app that uses Stripe Oauth implementation, after following the instructions in the building extensions
Authentication is done perfectly. I'm able to retrieve access token and other details.
{
"access_token":"sk_test_51KHr6dAuxxxx",
"refresh_token":"rt_KxmgQFvxxxx",
"expires_in":1642171943,
"livemode":false,
"stripe_publishable_key":"pk_test_51KHr6dxxx",
"stripe_user_id":"acct_1KHrxxxx"
}
Now the problem comes when trying to get resources from Stripe. If an API call is made to https://api.stripe.com/v1/customers, an empty data is returned.
{
"object": "list",
"data": [],
"has_more": false,
"url": "/v1/customers"
}
At the same time, if customer "key (secret test mode API key.)" is used, that endpoint return 4 customers (all of them).
So clearly, the access token received after OAuth is missing something.
Also tried adding the Stripe-Account key and customer account id in the headers, and received the following error.
{
"error": {
"code": "platform_account_required",
"doc_url": "https://stripe.com/docs/error-codes/platform-account-required",
"message": "Only Stripe Connect platforms can work with other accounts. If you specified a client_id parameter, make sure it's correct. If you need to setup a Stripe Connect platform, you can do so at https://dashboard.stripe.com/account/applications/settings.",
"type": "invalid_request_error"
}
}
I suspect something might be wrong with the app itself, but not sure :D
EDIT
Adding a few tried items using composer require stripe/stripe-php
\Stripe\Stripe::setApiKey("sk_test_51KHxxx");
return \Stripe\Customer::all()
$stripe = new \Stripe\StripeClient('sk_test_51Kxxx');
return $stripe->customers->all(['limit' => 30]);
This error typically occurs when you try to make a request from an account that is not a platform account i.e. it has no Connected accounts.
Looking at your code snippets, I'm guessing that you're making the request with the connected account's secret key since the first few characters are the same.
When making Connect requests, you should be using the API key that belongs to the platform account and then provide the optional stripe_account parameter [0].
\Stripe\Stripe::setApiKey("PLATFORM_SECRET_KEY");
$customers = \Stripe\Customer::all([],["stripe_account" => "CONNECTED_ACCOUNT_ID"]);
[0] https://stripe.com/docs/connect/authentication
I'm setting up a document esigning process using Docusign. Since we have multiple associations, We have setup multiple accounts (around 20 APIAccountID under one organization (or you can say as one INTEGRATOR_KEY_ID)) one for each association. Can someone please let me know on how do we switch to different APIAccountID based on the request we get. Also, is it the right way to create a new DocuSignConnection every time when we get the request for different association ?
Your integration should use just one INTEGRATOR_KEY for the entire integration. When using one of the DocuSign OAuth flows such as JWT as you mention.
After the user grants access by providing their credentials and clicking Accept an access token will be sent back to your app (at the redirect URI you specify on your integrator key).
You then use that access token to call the User Info API which will return account ID for that given user.
User Info API
Request:
Authorization: Bearer eyJ0eX...MrhIddzBAQ
GET https://account-d.docusign.com/oauth/userinfo
Response:
{
"sub": "4799e5e9-1559-4915-9862-cf4713bbcacc",
"name": "Susan Smart",
"given_name": "Susan",
"family_name": "Smart",
"created": "2015-08-13T22:03:03.45",
"email": "susan.smart#example.com",
"accounts": [
{
"account_id": "a4ec37d6-04aa-4f37-86c2-143885c220e1",
"is_default": true,
"account_name": "Susan Smart",
"base_uri": "https://domain.example.com",
"organization": {
"organization_id": "9c5fb8e1-b0bf-4970-8e0e-054ff8a249bf",
"links": [
{
"rel": "self",
"href": "https://account.domain.example.com/organizations/9c5fb8e1-b0bf-4970-8e0e-054ff8a249bf"
}
]
}
}
]
}
You have one application which sends signing requests on behalf of multiple associations (organizations)?
As Ergin says, your application will have one integration key which will be used for all associations.
When a human logs into you app using OAuth Auth Code Grant, your app receives an access token. You can use that access token to look up the user's account and site (API URL).
Your application can make sending requests for any number of people and their associations. Each API request includes the user's individual access token, their account_id, and uses the site data to create the URL.
HTH.
I'm using the python SDK for Docusign API. I created an integration in the sandbox and successfully promoted the integrator key to a production account.
I retrieved the integrator key, API Acccount ID and API Username from Admin > API and Keys on Docusign.com for the production account. I successfully obtained consent and successfully get a token via configure_jwt_authorization_flow().
However, when I try to make an API call with the token I get: USER_DOES_NOT_BELONG_TO_SPECIFIED_ACCOUNT.
If I use /oauth/userinfo with my token, I get same Username and Account ID that I retrieved above from the Docusign web page.
I haven't posted any code because the code works with my Sandbox account. I just don't understand why the information from the API and Keys page on the website isn't working.
The crazy thing is that I'm logging in as the user in Docusign to obtain the account information. Why doesn't the API think the user is part of that account?
Any help will be much appreciated.
Thanks
Answering my own question in case it helps someone else...
I was using the wrong "Base URL" in production (i.e. https://www.docusign.net/restapi). You need to determine your custom endpoint based on your account. Like this:
curl -i -H "Accept: application/json" -H 'X-DocuSign-Authentication:{"Username": "yourownemail#xxx.com","Password": "yourOwnPassword", "IntegratorKey": "yourOwnIntegratorKey"}' -X GET https://www.docusign.net/restapi/v2/login_information
The result will be something like:
{ "loginAccounts": [ { "name": "John Dough", "accountId": "12345",
"baseUrl": "https://na2.docusign.net/restapi/v2/accounts/12345",
"isDefault": "true", "userName": "John Dough", "userId":
"02e6fc42-0c2e-4e8e-ade1-8ed6f140daee", "email": "john#example.com",
"siteDescription": "" } ] }
Use the returned value of baseUrl for your integration.(https://na2.docusign.net/restapi).
Currently we are in the process of developing one iPhone application that deals with google calendar. There was need of syncing calendar events to the server side. Everything works fine.
But for push notification , we are following this process
Whenever we post request to :
https://www.googleapis.com/calendar/v3/calendars/email#gmail.com/events/watch
with parameters
"id":Unique string ( channel id) ,
"type": "web_hook",
"address": "https://abc-api.herokuapp.com/user/notifications"
In the header , we are sending
Authorization : **Bearer 'Access_token'**
and content type : json
We already added domain as authorized domain in the google api console
Access_token is user's account access token .
We are getting "Unauthorized webhook call" error.
{
"error": {
"errors": [
{
"domain": "global",
"reason": "push.webhookUrlUnauthorized",
"message": "Unauthorized WebHook callback channel: https://abc-api.herokuapp.com/user/notifications"
}
],
"code": 401,
"message": "Unauthorized WebHook callback channel: https://abc-api.herokuapp.com/user/notifications"
}
}
Anyone here who can help us to solve the issue ?
You might want to check this post, providing solution like verifying if your domain have a valid (not self-signed) SSL license. Also in google-api-php-client GitHub, instead of setting https://example.com/google/push (resulted in Unauthorized WebHook callback channel) or https://www.example.com/google/push (allowed me to successfully open channel, and object has been returned, however webhook has not been fired) as address they tried https://www.example.com/google/push/index.php and worked.
One potential issue is if you're testing in Google's "try it" section of the documentation. It's not stated, but this particular request does not work there.
Otherwise, there are a few things that need to happen with the domain you are supplying in the address. First, you need to make sure its verified in the google developers console for the application you are hitting the api with. Additionally, you need to add the website property to your search console (even if its just an api) and verify ownership.
Also, once you get past the unauthorized address issue, you will get another error requiring a resourceId be supplied.
Newbie trying to figure out how to get a Node.js application to authenticate and query Google BigQuery, trying to adapt this CodeLab tutorial from Java. What step might i be missing?
First I create this Oauth2 URL using my clientid:
https://accounts.google.com/o/oauth2/auth?
client_id=1047877053699-den6kbs4v3f2bft6clonsirkj1pc7t6j.apps.googleusercontent.com
&scope=https://www.googleapis.com/auth/bigquery
&redirect_uri=http://localhost:3000/oauth2callback
&access_type=offline
&response_type=code
This successfully reaches Google, which prompts
A third party service is requesting permission to access your Google Account.
Agreeing that generates a second prompt:
Nodejs_Test is requesting permission to:
View and manage your data in Google BigQuery
Agreeing to that, the callback URL is called, with a parameter accessToken.
I think the following url should list tables in my BigQuery project/dataset:
https://www.googleapis.com/bigquery/v2/projects/1047877053699/datasets/visits&accessToken=4%2FC196NizZwlNgWSt5oNqQwendmLNW.0vgUrlGJ6kMRshQV0ieZDApig3NfcgI
But calling with or without the accessToken returns the following message that "Login Required".
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
I know you can't repeat the code because of permissions, expired tokens, etc. But I wonder what step I might be missing conceptually.
Have you tried sending the accesstoken as an authorization header rather than as a url parameter?
as in
https://www.googleapis.com/bigquery/v2/projects/1047877053699/datasets/visits
Authorization: OAuth Your-access-token-here-not-urlencoded
FYI - looks like you originally used the parameter accessToken in the URL. It should instead by access_token, which looks like it works fine. Of course, Jordan's suggestion of using a Header is better if you're able to do it though-- it's more secure as it's unlikely to get logged in access logs, proxy server logs, etc.