Reputation: 1456
Docusign Connect API authentication
I have two questions. How to decide which one of the following is best for me to choose as my authentication method?
- Sign Message with X509 Certificate
- Require Mutual TLS
How to implement the two authentication methods? I am using a Rails 4 app as my Connect API endpoint.
Upvotes: 0
Views: 448
Answers (1)
Reputation: 196
What's best for you will depend on your situation and priorities.
Sign Message with X509 Certificate
This can be used to verify or prove the source of the message. In this case DocuSign. This could be useful for auditing purposes.
Require Mutual TLS
With Mutual Auth TLS both the sender and the receiver verify each other using certificates. So the receiver knows the communication has been initiated by DocuSign, and the DocuSign service verifies that the certificate used by the receiver is as per configuration settings in the DocuSign console. The aim here is to prevent a Man-in-the-middle type attack where the communication could be intercepted and modified/recorded by an attacker.
This answer talks about the differences in more detail.
I think the key point is both approaches solve different problems, depending on your situation you may require one, both or neither.
Regarding implementation, TLS is typically done at a server level, so may require only configuration and no application code. XML signing on the other hand is typically done within the application itself.
Upvotes: 1
Related Questions
- Docusign Authentication
- DocuSign / Ruby - unsupported_grant_type when trying to obtain token
- Docusign Ruby API - receiving 302 when try to do something
- Docusign integration with rails 4
- Docusign Connect API : Not receiving request parameters in Rails 4 app
- How do I Implement Docusign Connect API authentication with the Include X509 Certificate option checked?
- Docusign in Rails
- Login to Docusign API through apex
- DocuSign - File or directory not found
- Rails 3 + Docusign_rest how to send signature request to docusign