401 Unauthorized response for access_token in the developer sandbox

Question

I'm using developer sandbox to make all my api calls. It's website build with laravel 5.2 All api calls are made with guzzle/guzzle.

I'm trying automate sending pdf contracts (creating envelopes) using docusign api.

I followed steps from Using the Authorization Code Grant

I had no problem with:

1. Starting the Authentication Code Grant
2. Handling the Response
3. Exchanging the Code for a Token
4. Getting the User’s Account and Base URI Information

After I get userinfo, there is only one account, so I used that accounts base_uri for all subsequent api calls {base_uri} + "/restapi/v2/accounts/" + {account_id}

In all my subsequent api calls I'm also adding header

Authorization: Bearer eyJ0eX...MrhIddzBAQ

where I'm using access_token that I've got in step Exchanging the Code for a Token

When doing a create envelope api call, or any other api call, using access_token, base_uri and account_id I get POST https://demo.docusign.net/restapi/v2/accounts/<account_id>/envelopes resulted in a 401 Unauthorized response

What I tried

Test using the access_token in docusign API explorer: I went to API EXPLORER - create envelope I used Authenticate using Sandbox Account to authenticate with the access_token that I've got in previous calls to docusign. Same for the account_id.

When I click on SEND REQUEST, I get 401 Unauthorized response again.

When I use Authenticate using Sandbox Account, but this time I click on Get OAuth2 token (that generates new token), and I click on SEND REQUEST, I get success message.

Then I copied this access_token (from Request) into my website to test the api call, and this time it worked. It also worked for all other api calls that I was making to docusign.

• So, using access_token that I get after Exchanging the Code for a Token, I get 401 Unauthorized for api calls
• When I use access_token that I generated in API explorer, all api calls to docusign work in my website.

What I also tried

• Use refresh_token to get new access_token. Still 401

• Xdebug, going step by step to make sure that all params/headers are set before api call. They are, and they are the same as api explorer.

• Guzzle option debug => true to get more information about the request, and to compare with what's sent in API EXPLORER, and they are basically the same, except the tokens.
• Postman to make request to api, (just to eliminate any chance that I have errors in my code), with same behavior:
  • 401 with token that I get from docusign
  • success when using API EXPLORER generated token

I'm kinda lost on what to do next and how to solve this, I'm sure it's something simple, but I can't seem to locate the problem.

Update

I used Larry K's answer and found that my problem was with the scope value in /oauth/auth call. I changed it to scope=signature%20extended, and everything works perfectly!

Answer 1

When you click the Get OAuth2 token in the API explorer, you are going through the complete Authorization Code Grant flow, including the new token.

Since this works, but the token your app obtained via the OAuth Authorization Code flow doesn't work, this tells me that your app has an issue.

Check:

1. Logout from DocuSign. Login from your app. Are you transferred to DocuSign to log in correctly? And then redirected to your app?

2. Are you requesting the "signature" scope in your request? Check spelling and capitalization of the scope name!

3. When you're redirected to your app, your app receives the authorization code as a query parameter. Do you get it ok?

4. When you convert your authorization code to a bearer token are you storing the complete bearer token? It is quite long.

5. When you send your Envelopes::create request, are you including a space between the word Bearer and the token itself?

6. Are you making your API call to demo.docusign.net (not .com)

If the above doesn't help, then please update your question (you can edit your question itself) with a trace of your request.