DocuSign auth for REST api service integrations when moving to production

Question

I have set up Sandbox account and successfully created integrator keys for my apps REST API calls. I have docusign header (X-DocuSign-Authentication) on my code that requires username/password/integrator key for api connections. I used DocuSign ApiClient & AuthenticationApi to set it up in code. Looks good on sandbox. My question is when we go live, on production, the admin account is an individual user credential (not a generic admin account). So how can we have that set -up in every application for the REST api connections header?

Answer 1

For "User Applications" -- where an individual logs in and later sends envelopes -- it is vastly preferred that you use OAuth to authenticate the users. See the docs. See a recipe example of using OAuth.

If you want to use Legacy Authentication (the X-DocuSign header) for a user application, then your app needs to request (and securely store) the user's DocuSign email and password. These days, this is a not a good plan.

As you know, you must include the username and pw in each call to DocuSign if you use the Legacy Authentication scheme. The data is secure since it is within an https conversation. But requesting and storing the pw from your users is problematic.

These days, Legacy Auth should only be used for "Service Integrations" -- DocuSign integrations where there is no human involved, just an autonomous / batch process that sends out the signing requests.