Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

DocuSign Captive Recipient - XML Signing

Tags:

docusignapi

We are creating Captive recipients using DocuSign SOAP based API call - CreateAndSendEnvelope in .net web application into our clients' DocuSign accounts.

We are able to create envelopes fine but while requesting tokens for captive recipients, we have to require our clients turn off X509 signing certificate. We have to ask them to enable two options from their DocuSign account.

  • In Session
  • Don't Enforce In Session Certificate

At times, it becomes cumbersome for us and for our clients to have these features enabled buy our/their DocuSign account representative.

In order for our captive recipients to sign document with valid X.509 signing certificate, what do we need to do? According to DocuSign's documentation, if we provide DocuSign with signing certificate common name(CN), DocuSign can validate the XML signature and our captive recipients can sign the document without enabling those two options.

If we are creating envelopes using captive recipients, do we need to provide CN for each of the DocuSign account that we are working with? Is there anything that we need to include in the request header?

Please advise..

like image 401
Juiced Tech Avatar asked Jun 20 '26 19:06

Juiced Tech


1 Answers

Juiced Tech:

As mentioned per DocuSign Documentation at link: https://www.docusign.com/p/APIGuide/Content/Embedding%20Group/Pre-DocuSign%20Operations.htm

Here is a link for signing an xml soap body with an X.509 Certificate using .NET:

https://msdn.microsoft.com/en-us/library/ms819963.aspx

As mentioned in the other StackOverflow article link, if it is acceptable you can turn off the requirement, but not advised DocuSign API: "Invalid Signature Credentials" error using Captive (Embedded) Recipients

As an alternative, you could make the REST API call for the recipient view and remove the need for the x.509 and CN all together as the two settings support needs to change are not observed by the REST API. The method is POST {vx}/accounts/{accountid}/views/{viewtype} and you can get the accountid from a REST login_information call to correlate to the accountGUID you have in SOAP. Stays the same for the account, so you only need to call on time per account and cache/persist it. https://www.docusign.net/restapi/help

like image 184
David W Grigsby Avatar answered Jun 25 '26 03:06

David W Grigsby



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!