I know DocuSign can send signed PDF and other stuff to a public URL using the DocuSign Connect module.
I want to know whether they will send to our own server listner page. Will DocuSign will send signed information to non-public URL
DocuSign Connect and eventNotifications (same notification mechanism, different subscription process), will send the notifications to any url that is available via the public internet.
There are different meanings for "non-public url." Your server/listener's url does not have to linked to by any other page, it does not have to be in the Google database, it can use long, obscure strings in the url, etc. But it has to be reachable via the public internet.
So if your listener is accessible via the public internet, you're golden.
Other options:
Put your listener on your company's dmz where it will be accessible from the internet and also have some access to your internal systems.
Put your listener behind your firewall and open a "pinhole" in your firewall to enable the incoming connection requests. DocuSign publishes the ip ranges it uses so you can limit the size of the opening in your firewall
Create a server/listener "gateway" on the public internet that your internal servers can connect to. Eg, start up a listener using Heroku, Azure, etc. I suggest their PAAS services.
Investigate ngrok, localtunnel, and this related blog post
Also:
Remember that your listener must accept requests via https. Only https is used for notifications by the DocuSign production platforms.
See the DocuSign webhook recipe for more info.
Related
i have many application servers (cyber-ark, SIEM solution, forti gate etc') installed on azure as a IaaS.
all of them connect to an smtp server in order to send notifications via mail.
on my on Prem deployments, this was not an issue, but on azure, all smtp communication seems to be blocked.
i created a send-grid account and tried playing with it, but the send grid smtp server is getting blocked too.
what is the right way to work in this scenario ?
i need a smtp server to integrate with my applications...
what should i do ?
thanks,
david
Depends on your type of subscription, pay-as-you-go if you want the ability to send email from Azure VMs directly to external email providers (not using an authenticated SMTP relay), you can make a request to remove the restriction. Requests will be reviewed and approved at Microsoft's discretion, and they'll be granted only after additional anti-fraud checks are made. To make a request, open a support case by using the following issue type: Technical > Virtual Network > Connectivity > Cannot send email (SMTP/Port 25). Make sure that you add details about why your deployment has to send mail directly to mail providers instead of using an authenticated relay. More details
I would like to secure my servers for incoming traffic from BigCommerce.
BigCommerce allows for configuring a 3rd party email server
as well as webhooks. What are the addresses that will be used by these services?
We can't guarantee that webhooks will be sent from a specific block of IPs--those addresses can change any time and without notice. But if the purpose is to confirm that incoming webhooks are coming from BigCommerce, you can specify custom headers when creating your webhook. The headers are returned in the webhook payload, so you could set the custom header to a basic auth username/password, and check that at runtime to authenticate the POST.
We do have a list of IPs that I can send you for the SMTP server. Happy to connect by email if your contact info is still the same!
I am trying to get DocuSign Connect to make HTTP Post request to my URL.
I have done some testing with POSTMAN app on google chrome and I am able to process the DocuSign XML Messages sent through this HTTP Post Request.
Attached is my setup.
I am unable to receive any messages from DocuSign (I have tried both sending and signing) and additionally I do not see any logs under Logs or Failures.
Is there any possible reason for this?
Updates: I was using a Self-Signed Certificate on my application and hence DocuSign was unable to post the XML message to my web service.
This has been resolved after installation of a DocuSign accepted certificate.
Assuming your account is configured properly for Connect and you do not see anything in the logs or failures here's some possible reasons:
Security software or firewall on your side blocking/catching the message before it reaches your listener
You are filtering for an envelope you do not have permission to.
Your tests are invalid (i.e. you've configured for a signing event but the user is declining or taking some other action).
Also, I just realized you don't have Require Acknowledgement enabled in your Connect config- try turning that on to see if any failures start showing up. Here's the description from the docs of this option:
"Require Acknowledgment: Select this option to log posting failures. DocuSign waits 100 seconds for an acknowledgement before recording a failure. DocuSign logs a failure if the attempt to reach the external endpoint returns anything other than an HTTP 200. The acknowledgment failure messages are logged on the Failures page, which is accessed by clicking FAILURES on the Connect page. When this option is selected, DocuSign will automatically attempt to repost any failures. You can also manually repost from the Failures page."
Check that you have "Connect" enabled as one of the account's features. Do this using the admin tool (New DocuSign Experience) or Preferences in Classic.
Also, if you're trying out Connect on a production account, only some types of accounts include the Connect feature. Contact your Account Manager if it isn't enabled.
All Developer Sandbox accounts on the demo platform do include Connect.
All account types support webhook subscriptions at the envelope level using the eventNotification feature.
Are you using production account or sandbox account for docusign connect.. You must include the protocol HTTP or HTTPS in the web address for sandox account and you must include HTTPS:// in the web address for Production accounts because SSL is required in Production account. Docusign Connect sends the xml to the default ports of 443 for HTTPS: and 80 for HTTP. If you cannot use port 443 for Production contact DocuSign to review possible options. Check this link for docusign connect technical information.. Hope you have handled the server side of it (i.e, the url which you have mentioned in the URL to publish) inorder to get the response from the docusign to the desired url when some event happens..
For example:
If you are using sandbox docusign account for Connect means, URL to publish as to be something like this http://domain.com/Home/DocuConnect (Hosted application port number as to be 80). For sandbox account,docusign connect are enabled defaultly for all the users.
If you are using production account for Connect means, URL to publish as to be something like this https://domain.com/Home/DocuConnect (Hosted application port number as to be 443). In some cases docusign connect are enabled based on the respective subscription plans. To check that go to features tab see for Docusign Connect and try to tick the checkbox and if it is not checked then you got to contact the Docusign Account Manager.
I am building a webpage to be embedded as an Iframe App within Connections Cloud. It is based on the principals from this tutorial.
The webpage will be hosted on a server outside (of course) the collabserv.com domain. The purpose of the webpage is to interact (read/write) with Connections Cloud, using the SBT SDK, on behalf of the current Connections Cloud user.
The user is already authenticated with Connections Cloud, so I would not like there to be an extra login every time the Iframe App is loaded (making calls to Connections Cloud).
Since my webpage is located outside the Connections Cloud host/domain, it's not possible to reuse the user's existing authentication with the Connections Cloud server (?).
Any suggestions for solutions or workarounds?
BTW, my webpage will be hosted on a Domino server, but ideally there will be no user accounts on this server.
I was able to establish an authenticated connection with Connections Cloud using OAuth2. I more or less followed the OAuth2-steps described by Paul Bastide in this article.
All operations from start to the point where "code" is returned, are handled with XPages, reading QueryString for parameters etc. From that point (starting with "Open a Terminal Window" in the article), I programmed a Managed JavaBean that handles the rest of the OAuth-dribbeling.
When the access_token finally is received in my JavaBean, I use that to build a "Bearer authorization header" for an Apache HttpGet object. I then use the HttpGet object to query the Connections Cloud REST APIs.
I am using the rest API
GET /restapi/v2/login_information
to get the login information.
This API returns a baseUrl. For example:
{[\r][\n]"
"loginAccounts": [[\r][\n]"
{[\r][\n]"
"name": "SomeCo",[\r][\n]"
"accountId": "555555",[\r][\n]"
"baseUrl": "https://demo.docusign.net/restapi/v2/accounts/555555",[\r][\n]"
"isDefault": "true",[\r][\n]"
"userName": "Marco Altieri",[\r][\n]"
"userId": "6b011111-1111-1111-1111-bc65f9bec41e",[\r][\n]"
"email": "maltieri#someco.com",[\r][\n]"
"siteDescription": ""[\r][\n]"
}[\r][\n]"
][\r][\n]"
}"
I am using the baseUrl https://demo.docusign.net/restapi/v2/accounts/555555 for the next calls to DocuSign.
Unfortunately, the application servers for a client do not have direct access to the DocuSign servers.
I could have used an http proxy because the client API that I am using has this option, but there is not a proxy available to forward the requests from the internal network to DocuSign.
We have been able to solve this problem redirecting the traffic for example using iptables.
The application server is configured to call DocuSign using the url (for the dev server):
https://demo.docusign.net/
On the application server, the hostname demo.docusign.net is mapped in /etc/hosts with the IP address of the redirector box (the internal server).
This means that the application server sends requests to the redirector and this redirects the requests to the actual DocuSign server.
Everything works fine but I am wondering if:
1) there is a better way to do it
2) the redirector needs to be configured to forward the requests and to do so we need to know the IP address of the DocuSign server. This IP address is documented in an article published by DocuSign and so it seems ok to use it. Is this correct ?
For your second question: Yes, DocuSign publishes the IP addresses of our servers for both Demo and Production environments and it is fine to reference those IP addresses in your configuration. We also recommend adding these IP addresses to your white list to avoid any issues.
I'm not a networking expert but I'm confused why you can make the initial API call to login_information but then have issues to work around with subsequent calls. It's the same root