Stated in DoucSign API Reference about Modify User Profile (Link Here):
The userId specified in the uri must match the authenticated user’s userId and the user must be a member of the account.
How can an admin modifies a normal user's profile through the API?
(Note: the admin does not know the user's password.)
First, the "admin" user (i.e., authenticating user for the API request) must have these settings enabled for their member account within DocuSign:
Then, it's simply a matter of using "Send On Behalf Of" functionality when submitting the API request to modify a user's profile information. To do so, you simply provide the admin's information in the X-DocuSign-Authentication header of the API request (as you do for all other API calls), AND also specify the email address that corresponds to the user account you wish to modify (as the value of the SendOnBehalfOf property in the X-DocuSign-Authentication header).
For example, consider the following API request (including the X-Docusign-Authentication header for the request). In this example, John is the "admin" user (johnDoe#gmail.com) and Jane is the user who's profile will be updated (janeSmith#hotmail.com) -- this request will change Jane's last name to New_LastName.
PUT https://demo.docusign.net/restapi/v2/accounts/201105/users/USER_ID_OF_PROFILE_TO_UPDATE/profile
X-DocuSign-Authentication: {"Username":"johnDoe#gmail.com","Password":"johnsPassword","IntegratorKey":"ABCD-eae5f282-d9f6-47c3-b293-1c4cf78d85kj","SendOnBehalfOf":"janeSmith#hotmail.com" }
{
"userDetails":{
"lastName":"New_LastName"
}
}
Within the X-DocuSign-Authentication header:
Username represents the email address of the "admin" user account
Password represents the password corresponding to the "admin" user account
IntegratorKey represents the integrator key value that corresponds to the DocuSign account
SendOnBehalfOf represents the email address corresponding to the user account which the API request will modify. This email address should correspond to the same user account represented by the value of USER_ID_OF_PROFILE_TO_UPDATE in the API Request URI.
The DocuSign REST API Guide contains information about "Send On Behalf Of" functionality.
Related
I would like to change the sender (from : ...) email and identity for each envelope with the api in php.
Without change the account user email and identity.
Is it possible ?
If it's not possible, i have also try with creating a new admin user and change the user_id in the api client. But i can't get the access token only changing the user id. Is it normal ?
The "From" field is entirely dependant on the user that makes the API call to send the envelope - the only way to control it is to change the user that is authenticating and sending the API call.
For the Authorization Code Grant, is the Secret Key supposed to be mapped to
each individual user?
When an email is sent out, what would be the sender's email?
thanks,
J
Additional info for Larry:
This is awesome!. Stockflow is really actively monitored by Docusign! I'm using JWT.
I have a user configured.
I assume email body will be similar to following one.
My question is if secret key is used to identify application, the customer knows the email is sent from the application, but how does he know which employee using the application send the email?
Please see following email body: Test --------------> User name
maaaa#example.com ------->User's email (This indicates the user's email address sending document via docusign)
signer name,
Please DocuSign a.pdf
Thank You, Test
For Authorization Code grant, the application identifies itself via its client id (Integration Key) and its Secret.
The secret is associated with the application, not with the user.
When you say "email ... sent out" what email are you referring to?
I'm using a service account to send an envelope on behalf of another user. Using the API, I'm then creating an envelope in the "created" status for manual tab placement. Once I get the EnvelopeSummary back from the DocuSign API, I'd like to create a URL that I will send send back to the "send on behalf of" user so he/she can easily begin to place tabs.
I've looked into using the CreateSenderView/CreateConsoleView methods, however I don't know the AccountId/Password of the "send on behalf of" user nor do I want to use their information. Instead, I'd like to redirect the user to DocuSign where they can login and then after login, be redirected to the envelope.
I've also looked into creating my own URL from the envelopeId:
string envelopeId = "1ddff790-ad2d-4fb6-87c2-4b5e449898c9";
string redirectUrl = "https://appdemo.docusign.com/prepare/" + envelopeId;
This appears to redirect the user to the envelope if they are logged in, and if not, they will be prompted to login and then redirected. This is the functionality I am looking for, however, I'd like to use the API to generate this URL if possible since I'm not sure whether the referenced URL will remain static over time.
Any ideas?
If you haven't already done so, I'd suggest that you review DocuSign API documentation for the Send on Behalf Of (SOBO) feature. As the documentation describes:
The SOBO feature can only be used when both users are members of the same DocuSign account.
You (your application / UI) must collect username and password at least one time from the user whom you're sending on behalf of -- because you need their username and password in order to obtain an access token that can subsequently be used to submit API requests on their behalf. Since tokens do not expire (and are valid even if/when the SOBO user changes their password), you only need to collect username/password one time from the SOBO user, then use those credentials to generate an access token which can be used indefinitely to send on their behalf.
I would not recommend using the envelopeId to create your own URL, as this functionality is not supported by DocuSign -- even if it works today, there's no guarantee it'll continue to work in the days ahead.
Finally, issuing a Create Sender View request (using SOBO) will return a URL that can be used to launch the sender (tagging) view for the specified Envelope. Do note, however, that the URL will expire after a short period of time (5 minutes?) -- which means that you should not issue the Create Sender View request to retrieve the URL until the user (sender) is ready to tag/send the Envelope. For example, issuing the request to generate the URL and then emailing that URL to the sender would not be feasible -- since there's no guarantee that the user (sender) would open the email and click the link to launch the sender view before the link expires. Instead, you should provide the sender with a way to indicate to your application when they are ready to tag/send the Envelope, and then issue the Create Sender View request at that time and redirect the user (sender) to that URL immediately upon receiving the URL.
Update (Legacy SOBO)
#EnterTheCode -- thank you for the clarification that you provided in the comments. Your understanding of Legacy SOBO functionality is correct; that is, it does not require that you obtain an access token for the SOBO and it does not require that you obtain the SOBO user's password. You can simply include the X-DocuSign-Authentication request header to specify the username and password of your "service account", the integrator key, and the email address (or user ID) of the user whom you're issuing the API request on behalf of.
(Side Note: Although Legacy SOBO is apparently still supported, it's no longer recommended for service integrations. Instead, DocuSign now recommends this approach.)
Putting SOBO authentication technique aside though, the rest of my original answer still applies to your scenario. That is, to retrieve a URL that can be used to launch the sender (tagging) view for the specified Envelope, you'll need to use the Create Sender View operation. And, as mentioned previously, the URL that's returned by that operation will expire after a short amount of time -- so be sure to account for that in how you design your implementation.
Why you want to use SOBO, if you want someone to update the envelopes then you can add that user as first recipient in the envelope with recipienttype as "Allow To Edit" ("editors" in API term). With recipient type as "Allow to Edit", DocuSign will send an email to the recipient and then recipient has to login into his DocuSign account, after that user will be able to access the envelope and can do the editing of the envelope like doing tagging of document with DS Tabs, adding, removing recipients etc, in same way as "Sender View". In this way you don't need to create a webpage for embedded sending view.
I have been using DocuSign SOAP Based API calls to create and send envelopes and am using legacy authentication method in which I can specify email address and password of the DocuSign user who is going to create envelopes.
One our client have multiple DocuSign account with the same user. When I setup an authentication header thru the SOAP based API call, I do not have a way to specify which account I am making API calls against.
How do I make sure that I am making API calls against the specific account?
You have two ways of accomplishing this.
1) You can make a getlogin call to retrieve a list of the logins associated with an account and use the default.
OR
2) Instead of supplying the email address for the user you can supply the API UserName in the login headers, which is a unique number for that user. This can be retrieved from the API and Keys or Users section if they're using the New DocuSign Experience, or through the user Permission section if still using Classic.
While the ApiUserName or email address is usually supplied in the authentication header, the ID for the account is in the XML body for the call. the combination of apiUserName and AccountId should be sufficient in picking a specific user, even if they have the same email address associated with multiple accounts.
The DocuSign account created is by an individual, but when using the DocuSign API to generate an envelope from a template and sending to a receiver, the name and email address of the account holder shows up instead of the company the user works for.
Is there a way to show company name and official company email instead of the account user's name/email?
The name and email address corresponding to the sending DocuSign user account will always be shown on/for sent envelopes. That being said, there's an easy way to achieve what you describe:
Create another "user" (i.e., membership) within the same DocuSign account -- this will represent the "system sender" user account -- i.e., the user account that you'll specify when sending envelopes with the API.
When creating the new "user", set name and email address to the values that you want to see/use for envelopes you send via the API.
Make sure to grant the new "user" the appropriate API-related settings (under the DocuSign API heading when viewing User Permissions).
Use the "system sender user" credentials to send envelopes via the API.
Keep in mind that when using this "system sender" user to send envelopes via the API, that user will be considered the sender of each envelope sent using that account's credentials -- which means that only that user's credentials can be used via the DocuSign web console to access the DocuSign envelope for viewing/correcting/etc. Other members of that same DocuSign account won't be able to access the envelope via the DocuSign web console unless you explicitly grant 'folder sharing' rights between users.