Reputation: 33
Authentication with Production & Demo Accounts on Single Integration Key
I am building an integration with Docusign and I am attempting to authenticate both production and demo Docusign accounts with a single production Integration Key - using Authorization Code Grant. Is this possible? Such that we can authenticate both https://account-d.docusign.com and https://account.docusign.com auth routes with a single production integration key/client. I have searched through the api docs and Stackoverflow but I haven't discovered any explicit information that suggests one way or the other.
Currently I can successfully authenticate production accounts with the production integration key. However I am receiving an invalid_grant error when attempting to authenticate a demo account using this integration key at https://account-d.docusign.com/oauth/token route.
Conversely, I am able to authenticate the demo account using the the same demo integration key (original that was created in the demo instance - they share the same instance key ID), where as prod accounts return the invalid_grant error for the https://account.docusign.com/oauth/token route. I am passing the correct account or account-d endpoints when necessary (otherwise Docusign returns an incorrect email/password or invalid client ID error before even attempting to log in). Meaning I am able to successfully set up an auth flow for both types of Docusign accounts, but I am not able to do so through a single production integrator key/client.
Ultimately I'm looking to find out if our production integrator key should be able to authenticate against both production and demo Docusign accounts. And if this is possible, any ideas what I may be doing wrong?
Upvotes: 0
Views: 593
Answers (1)
Reputation: 49114
An excellent question. Here's the scoop:
The demo (developer sandbox) and production platforms have completely separate authentication systems (account-d.docusign.com and account.docusign.com).
When an integration key (also known as a client id, that's the OAuth term) is approved for production use, what really happens is that an entirely new client id is created on the production authentication system.
Not coincidentally, both the demo and production client ids are the same sequence of letters/numbers. But they are not the same thing.
So while your app can use the "same" client id on demo and production, the client id secret (Authorization Code Grant) and/or private key (JWT Grant) will be different.
You will obtain the secret and/or private key for the demo system from the system admin tool on demo. And you get the production secrets from the system admin tool on a production system.
So the direct answer to your question is Yes, the same integration key (client id) can be used on demo and production. But the secret and/or private key will be different for demo and production.
(And you also need to set the return Uri values via both a demo and production admin tool.)
Upvotes: 2
Related Questions
- how to create integration key on production mode in docusign
- API Integration across multiple accounts within same organization
- Docusign Service Integration Authentication
- DocuSign Integration with Multiple Prod Accounts
- Docusign share integration key for multiple accounts
- DocuSign Standard account - Integration key
- Docusign production integrator key returning 0 login accounts
- DocuSign API integrator & private key, with multiple users
- getting authentication failed when switching from demo to production
- Can I access production accounts with iodocs or SDK applications with a non-certified integrator key in the X-DocuSign-Authentication header?