I just signed up with Docusign for a enterprise account. When I view my API information, I see my Account ID, password and username. From there I went to demo.docusign.com and created a completely separate account to get an integrator key. However, the account ID, password and username for the demo account are completely different from my enterprise account. Should I use my enterprise credentials with the demo integrator key? Or use demo credentials with the demo integrator key?
I've already created several templates and document brands in my enterprise account- I would like to avoid replicating them in the demo account to test them in my application.
You need to setup your workflow in Demo and then go through API Certification to get your Integrator Key promoted to Production.
See the Go Live section for information regarding API Certification: Here
Your DocuSign Account Manager is the correct person to talk to for additional information about this.
Related
For context, we are currently developing a DocuSign integration on our DMS web app product. So far what we have done is that the web app's admin (we assume this would be someone like our customer's IT) can set up the integration by entering API Account ID, Integration Key, Secret Key, Access Token & Refresh Token. All these information was taken/generated using a DocuSign admin account. With this, we see that any user using the DMS can send out signing requests (via API) without logging in to their own DocuSign account.
However, we realised this means that all signing requests will be sent using the common DocuSign admin account, i.e. the envelopes originate from the admin account and all signed documents also stored in the DocuSign admin account. This is not what we want as the DocuSign admin can see confidential signed documents.
I'm quite confused and would like to seek advise on how should we go about this? Ideally, it is that User A of the DMS can associate his DocuSign account with his DMS account. So that when User A sends out the signing request from our DMS, the signer receives the email from DocuSign showing it is from that user instead of the common admin account.
Also, it looks like the go-live process would have to take place for each customer that is using our DMS? Does it mean like each customer need to have their DocuSign developer account so that the integration key can get promoted to production environment? Or am I in the wrong direction & should look at Partner Integration as ISV?
If your DMS system is a SAAS system, then you can have 1 integration key (client id) for your integration with DocuSign. In other words, your individual customers would NOT have their own integration keys, secrets, etc.
One integration key is the best, if your application's architecture can support it. To do so, you'll want to have one or just a few Redirect URIs to enable your users (who also have DocuSign accounts) to authenticate with DocuSign.
Your app then stores the resulting access token, refresh token, and expiration date for each of your users who have authenticated with DocuSign.
This way, as you say, when your users send out an envelope for signing, it will belong to their own DocuSign account, and will show them as the sender.
When your customer wants to send via DocuSign, your app checks the expiration date for the person's access token. If the access token has expired, then use the refresh token to get a new access token and a new refresh token.
The refresh token is stored in your app's non-volatile storage (encrypted is best) so you can use it days or weeks later for the user. That way they don't have to re-authenticate with DocuSign. For this case, use scopes signature%20extended
For the account_id info, use the user's default account and enable them to switch to another account if they wish.
More information:
Getting started for ISVs
API integration guidelines
I'm experimenting with building an integration between my app and any DocuSign account.
If I create an integration key in my developer sandbox, go through the "go live" process will I be able to use that same integration key to authenticate on behalf of users of different DocuSign accounts?
That's right.
The Integration Key's account is the account that creates and manages it.
Any account in DocuSign (production accounts only after you go live) can use the IK.
Of course, users have to consent the first time they use a new IK in their account, but that's part of the OAuth process.
So no, nothing to worry about, the IK is global in the same environment and can be used by any account.
We are integrating our application with Docusign API using JWT service authentication method. Per the current docs, using the integrator key we need to generate new RSA key pair for each integrator key. Our multitenant integration to Docusign then requires us to generate RSA key pairs for each tenant and load them into our application.
In most public/private key/cert integration with other vendors we have seen that they allow using our own certs/keys. This is very convenient and simple since we only have deal with our own cert and not deal with storing many certs. Is there an option in Docusign to use/upload our own cert instead of creating new keys for every integrator id?
Unfortunately there is not an option for you to upload a public key to DocuSign for JWT authentication.
However, your question implies an incorrect understanding of DocuSign Integration Keys (client_ids). Generally speaking, one application should have one integration key.
An Integration Key can be used by any number of DocuSign users, associated with any number of DocuSign accounts.
So your application can use the same integration key for all of its clients.
Added
While a DocuSign Integration Key (client id) can be used by any user, on any account, there is often confusion about the DocuSign account that manages the Integration Key:
When an Integration Key completes the Go Live process, a DocuSign paid account is set during the process to manage the Integration Key. That account's administrators have the ability to add/change/delete the Integration Key's settings including:
The valid redirect URIs
The valid private/public key pair(s) (for JWT apps)
The key's secret(s) for Authorization Code Grant apps
For a partner / ISV, they should create the Integration Key's Management Account DocuSign account as a minimal paid account that is only used to manage the Integration Key. When their customer uses the application with the customer's DocuSign user/account, the end user will be charged for sending envelopes, not the partner.
For DocuSign Partners in the partner program, a no charge partner account on the production platform is available. It only has the ability to manage the key. Partners should request a partner production account from their DocuSign partner representative.
It's usually better is for partners to purchase the smallest size of production account from DocuSign since it will enable testing on the production system.
Note that the Integration Key management account is any DocuSign account on the production system: the account can manage multiple IKs if needed and can also be used for the ISVs own production uses.
As an update since this is 4 years old, you can import your own public key to use your own generate rsa keypair now.
I don't have demo developer account, but I have the working live account without an integrator key and I want to use DocuSign REST API. How to get an integrator key on live account or how to link the working live account with demo developer account in order to go live process?
You cannot create IntegratorKey directly in PROD environment. You need to create IntegratorKey in Demo environment only, then develop your API integration in Demo. Once you are ready to move to PROD, then go through GO Live process to promote Integrator Key to your PROD account.
I have purchase account of DocuSign.I want API interaction of DocuSign on my application but Integrator Keys generator button does not show my account.
Image Here
Thanks
You cannot directly create Integrator Key in the DocuSign PROD environment. You need to create a developer Sandbox/Demo account Developer Sandbox Account, then create an Integrator Key in this account Generate Integrator Key. And then develop your API integration application in this Sandbox account, once you are done with your development and testing then you need to go through API Go Live process API Go Live process to promote your Sandbox Integrator Key to your PROD Account