Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How should the header X-DocuSign-Authentication be used for REST and SOAP?

What are the options in and formats for using the header "X-DocuSign-Authentication" when used for REST and SOAP?

like image 711
David W Grigsby Avatar asked Feb 14 '23 16:02

David W Grigsby


1 Answers

X-DocuSign-Authentication [HTTP HEADER]

  • Best Practice: Use an obfuscated username and password in the api authentication header
  • Definition: Send On Behalf Of Rights (API) is SOBO.

Given the following values:

  • Username == API Service User == “[email protected]” == USERID “cdcd3fc7-2b3c-40d4-98ed-ff90add317ca”
  • Password == “yourpassword” = EncryptedAPIPassword == “/A5hpPhSczID+JNEKZbg5mYf7+7=”
  • SOBOUser == “[email protected]” == USERID “eacd3fc7-2b3c-40d4-98ed-ff90add317ff“
  • Integratorkey == “YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e”

Your code needs to result in a http header value for the HTTP header X-DocuSign-Authentication of:

XML format:

NON-SOBO

<DocuSignCredentials><Username>cdcd3fc7-2b3c-40d4-98ed-ff90add317ca</Username><Password>/A5hpPhSczID+JNEKZbg5mYf7+7=</Password><IntegratorKey>YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e </IntegratorKey></DocuSignCredentials>

SOBO

<DocuSignCredentials><Username>cdcd3fc7-2b3c-40d4-98ed-ff90add317ca</Username><Password>/A5hpPhSczID+JNEKZbg5mYf7+7=</Password><IntegratorKey>YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e</IntegratorKey><SendOnBehalfOf>eacd3fc7-2b3c-40d4-98ed-ff90add317ff </SendOnBehalfOf></DocuSignCredentials>

JSON format:

NON-SOBO

{"Username":"cdcd3fc7-2b3c-40d4-98ed-ff90add317ca","Password":"/A5hpPhSczID+JNEKZbg5mYf7+7=","IntegratorKey":"YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e"}

SOBO

{"Username":"cdcd3fc7-2b3c-40d4-98ed-ff90add317ca","Password":"/A5hpPhSczID+JNEKZbg5mYf7+7=","SendOnBehalfOf":"eacd3fc7-2b3c-40d4-98ed-ff90add317ff","IntegratorKey":"YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e"}

API Service user Service Account doesn’t need to be Admin, unless you are creating users, but must have SOBO and Account Wide rights.

SOBO User SOBO User doesn’t need to be Admin, but must have the permission to send and be a user in the account of the Service Account user. You only use this userid when you are doing an action as that user like sending or voiding.

Here is a link to the full sized Infographic I created to assist with this shown below

X-DocuSign-Authentication Inforgraphic

like image 196
David W Grigsby Avatar answered Feb 26 '23 20:02

David W Grigsby