Reputation: 3818
Envelope Sender View
I would like to use the REST API to get a URL to open the sender view:
curl --request POST 'https://demo.docusign.net/restapi/v2/accounts/001122/envelopes/33fef057-1111-1111-8e81-5d93739ae4fd/views/sender' --data '{}' -H 'Accept: application/json' -H 'Authorization: bearer xxxxxxx=' -H 'Content-Length: 2' -H 'Content-Type:application/json'
Response from DocuSign:
{
"url": "https://demo.docusign.net/Member/StartInSession.aspx?StartConsole=1&t=888db3ea-1e85-4860-a8e5-e9b37f38d769&DocuEnvelope=29fae057-9213-4485-8e81-5d93739ae4fd&send=1"
}
In our application, I would like to create an envelope in the "created" status with default values and then open the sender view so that the user can complete the envelope and send it.
The end user is not supposed to know the credentials for the authenticating user that I am using to create the envelope and to open the sender view: the url returned by the API contains a token that should work for some minutes.
I have implemented this solution and everything works, but there is something that I was not expecting. I thought that the url returned could be used only to execute a single operation (to send the envelope), but it seems that the user has complete access to the account as if he/she has executed a login.
Is there a way to limit the access just to the sender view for the given envelope?
Thank you, Marco
Upvotes: 0
Views: 709
Answers (2)
Reputation: 51
I had a similar requirement while using the embedded sending and signing using Docusign APIs. If you want to customize the sender view and restrict him to access the other docusign features of his account, you can look into branding. As an admin user you can edit the branding details of a docusign account to enable and disable certain options like "Go Back" to dashboard options. Refer to below link for more details,
Upvotes: 0
Reputation: 13500
Using the embedded Sender view (or the embedded Correct view) will always grant the user (sender) the same access to that DocuSign account as they would have if they logged into the console directly with the credentials supplied in the API request header. i.e., even though they are initially taken directly into the Envelope that the API request specifies, there's nothing to prevent them from navigating outside of that Envelope to other areas of the DocuSign console, where they'll have full access to the account to view/send/delete Envelopes, etc.
Upvotes: 1
Related Questions
- Recipient view without clientUserId, opening envelopes for viewing
- Change sender on DocuSign envelope within EnvelopesAPI
- Retrieving the senders name and email from an envelope?
- Send envelope to another recipient
- Getting the recipient view with existing envelope and template
- DocuSignAPI - Retrieving Details of Envelope Sender
- Docusign Envelope ID -> email address
- Envelope Recipient not matching when requesting view
- Get current recipient for envelope
- Get recipient view not working for composite envelope