Reputation: 1574
How should the header X-DocuSign-Authentication be used for REST and SOAP?
What are the options in and formats for using the header "X-DocuSign-Authentication" when used for REST and SOAP?
Upvotes: 5
Views: 6092
Answers (1)
Reputation: 1574
X-DocuSign-Authentication [HTTP HEADER]
- Best Practice: Use an obfuscated username and password in the api authentication header
- Definition: Send On Behalf Of Rights (API) is SOBO.
Given the following values:
- Username == API Service User == “[email protected]” == USERID “cdcd3fc7-2b3c-40d4-98ed-ff90add317ca”
- Password == “yourpassword” = EncryptedAPIPassword == “/A5hpPhSczID+JNEKZbg5mYf7+7=”
- SOBOUser == “[email protected]” == USERID “eacd3fc7-2b3c-40d4-98ed-ff90add317ff“
- Integratorkey == “YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e”
Your code needs to result in a http header value for the HTTP header X-DocuSign-Authentication of:
XML format:
NON-SOBO
<DocuSignCredentials><Username>cdcd3fc7-2b3c-40d4-98ed-ff90add317ca</Username><Password>/A5hpPhSczID+JNEKZbg5mYf7+7=</Password><IntegratorKey>YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e </IntegratorKey></DocuSignCredentials>
SOBO
<DocuSignCredentials><Username>cdcd3fc7-2b3c-40d4-98ed-ff90add317ca</Username><Password>/A5hpPhSczID+JNEKZbg5mYf7+7=</Password><IntegratorKey>YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e</IntegratorKey><SendOnBehalfOf>eacd3fc7-2b3c-40d4-98ed-ff90add317ff </SendOnBehalfOf></DocuSignCredentials>
JSON format:
NON-SOBO
{"Username":"cdcd3fc7-2b3c-40d4-98ed-ff90add317ca","Password":"/A5hpPhSczID+JNEKZbg5mYf7+7=","IntegratorKey":"YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e"}
SOBO
{"Username":"cdcd3fc7-2b3c-40d4-98ed-ff90add317ca","Password":"/A5hpPhSczID+JNEKZbg5mYf7+7=","SendOnBehalfOf":"eacd3fc7-2b3c-40d4-98ed-ff90add317ff","IntegratorKey":"YDMN-339fa93c-fcf0-4390-8141-2e0f071ffa2e"}
API Service user Service Account doesn’t need to be Admin, unless you are creating users, but must have SOBO and Account Wide rights.
SOBO User SOBO User doesn’t need to be Admin, but must have the permission to send and be a user in the account of the Service Account user. You only use this userid when you are doing an action as that user like sending or voiding.
Here is a link to the full sized Infographic I created to assist with this shown below
Upvotes: 9
Related Questions
- DocuSign: Is using X-DocuSign-Authentication in the header for calling API's safe?
- Docusign API Auth - which to use
- DocuSign SOAP based API with DocuSign Account ID
- Docusign Service Integration Authentication
- What type of Authentication we should use inside our DocuSign API integration
- DocusignAPI SOAP via Post, NOT using any SDKs
- DocuSign SOAP API with access tokens
- Docusign Rest api : signer authentication methods and how they would fit into request body JSON
- Set headers for Docusign Connect
- Integrate DocuSign using RestAPI