Login/Register
How should the header X-DocuSign-Authentication be used for REST and SOAP?
Asked Answered
Solved restsoapdocusignapi
I

1

5

What are the options in and formats for using the header "X-DocuSign-Authentication" when used for REST and SOAP?

Increment answered 25/2, 2014 at 23:2 Comment(0)
I
9

X-DocuSign-Authentication [HTTP HEADER]

  • Best Practice: Use an obfuscated username and password in the api authentication header
  • Definition: Send On Behalf Of Rights (API) is SOBO.

Given the following values:

  • Username == API Service User == “[email protected]” == USERID “cdcd3fc7-2b3c-40d4-98ed-ff90add317ca”
  • Password == “yourpassword” = EncryptedAPIPassword == “/A5hpPhSczID+JNEKZbg5mYf7+7=”
  • SOBOUser == “[email protected]” == USERID “eacd3fc7-2b3c-40d4-98ed-ff90add317ff“
  • Integratorkey == “YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e”

Your code needs to result in a http header value for the HTTP header X-DocuSign-Authentication of:

XML format:

NON-SOBO

<DocuSignCredentials><Username>cdcd3fc7-2b3c-40d4-98ed-ff90add317ca</Username><Password>/A5hpPhSczID+JNEKZbg5mYf7+7=</Password><IntegratorKey>YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e </IntegratorKey></DocuSignCredentials>

SOBO

<DocuSignCredentials><Username>cdcd3fc7-2b3c-40d4-98ed-ff90add317ca</Username><Password>/A5hpPhSczID+JNEKZbg5mYf7+7=</Password><IntegratorKey>YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e</IntegratorKey><SendOnBehalfOf>eacd3fc7-2b3c-40d4-98ed-ff90add317ff </SendOnBehalfOf></DocuSignCredentials>

JSON format:

NON-SOBO

{"Username":"cdcd3fc7-2b3c-40d4-98ed-ff90add317ca","Password":"/A5hpPhSczID+JNEKZbg5mYf7+7=","IntegratorKey":"YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e"}

SOBO

{"Username":"cdcd3fc7-2b3c-40d4-98ed-ff90add317ca","Password":"/A5hpPhSczID+JNEKZbg5mYf7+7=","SendOnBehalfOf":"eacd3fc7-2b3c-40d4-98ed-ff90add317ff","IntegratorKey":"YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e"}

API Service user Service Account doesn’t need to be Admin, unless you are creating users, but must have SOBO and Account Wide rights.

SOBO User SOBO User doesn’t need to be Admin, but must have the permission to send and be a user in the account of the Service Account user. You only use this userid when you are doing an action as that user like sending or voiding.

Here is a link to the full sized Infographic I created to assist with this shown below

X-DocuSign-Authentication Inforgraphic

Increment answered 25/2, 2014 at 23:2 Comment(4)
Great detailed answer Grigs!Laellaertes
How do I generate "obfuscated username" and "encrypted password"?Tressatressia
what's the encryption I should be using?Tressatressia
make the api call /restapi/v2/login_information?api_password=true (notice the parameter for api_password=true. and look for the node at the bottom of the response "apiPassword": "encrpytedpassword"Increment

© 2022 - 2024 — McMap. All rights reserved.