DocuSign demo account envelopes list_status_changes returning USER_AUTHENTICATION_FAILED

Question

Using DocuSign python SDK to get an application JWT token on a sandbox environment and then list status changes of envelopes. API call response is 400 Bad Request: USER_AUTHENTICATION_FAILED.

I've done the one-time access grant for first-time JWT token request (using APIClient.get_authorization_uri).

APIClient.request_jwt_application_token produces valid token (checked with jwt.io and Public/Private keys)

Config/parameters:

• oauth_host_name: account-d.docusign.com
• Redirect URI: https://www.docusign.com/api

I've searched through similar questions. When they refer to production environments, the solution is to adjust the sub-domain of the baseURL (na, eu, etc). However, this shouldn't be an issue for demo environments.

API client:

api_client = ds.ApiClient(oauth_host_name='account-d.docusign.com')

OAuth URL:

oauth_login_url = api_client.get_authorization_uri(dict_secrets['DSIntegratorKey'],
                                                   scopes=['signature impersonation'],
                                                   redirect_uri='https://www.docusign.com/api',
                                                   response_type='code')

JWT token request:

api_client.request_jwt_application_token(client_id=dict_secrets['DSIntegratorKey'], expires_in=3600,
                                         oauth_host_name=api_client.get_oauth_host_name(),
                                         private_key_bytes=dict_secrets['DSPrivateKey'].encode('utf-8'))
ds.configuration.api_client = api_client

Troublesome line:

envelopes_api = ds.EnvelopesApi()
envelopes_information = envelopes_api.list_status_changes(dict_secrets['DSAccountID'],
                                                          from_date=last_run_str, status='completed')

Error:

Traceback (most recent call last):
  File "<input>", line 1, in <module>
  File "AppData\Local\Programs\Python\Python36\lib\site-packages\docusign_esign\apis\envelopes_api.py", line 6884, in list_status_changes
    (data) = self.list_status_changes_with_http_info(account_id, **kwargs)
  File "AppData\Local\Programs\Python\Python36\lib\site-packages\docusign_esign\apis\envelopes_api.py", line 7001, in list_status_changes_with_http_info
    collection_formats=collection_formats)
  File "AppData\Local\Programs\Python\Python36\lib\site-packages\docusign_esign\client\api_client.py", line 354, in call_api
    _return_http_data_only, collection_formats, _preload_content, _request_timeout)
  File "AppData\Local\Programs\Python\Python36\lib\site-packages\docusign_esign\client\api_client.py", line 170, in __call_api
    _request_timeout=_request_timeout)
  File "AppData\Local\Programs\Python\Python36\lib\site-packages\docusign_esign\client\api_client.py", line 377, in request
    headers=headers)
  File "AppData\Local\Programs\Python\Python36\lib\site-packages\docusign_esign\client\api_response.py", line 200, in GET
    query_params=query_params)
  File "AppData\Local\Programs\Python\Python36\lib\site-packages\docusign_esign\client\api_response.py", line 191, in request
    raise ApiException(http_resp=r)
docusign_esign.client.api_exception.ApiException: (400)
Reason: Bad Request
HTTP response headers: HTTPHeaderDict({'Cache-Control': 'no-cache', 'Content-Length': '132', 'Content-Type': 'application/json; charset=utf-8', 'X-DocuSign-TraceToken': '27b02745-8b7a-49e5-8657-f12a8eca6efe', 'Date': 'Tue, 06 Aug 2019 14:42:50 GMT', 'Vary': 'Accept-Encoding'})
HTTP response body: b'{\r\n  "errorCode": "USER_AUTHENTICATION_FAILED",\r\n  "message": "One or both of Username and Password are invalid. invalid_request"\r\n}'

Answer 1

Following a support call with DocuSign, it turned out that some attributes of the api_client and the envelopes_api weren't being set properly. Solution was to set them explicitly:

• api_client.set_base_path('https://demo.docusign.net/restapi')
• envelopes_api = ds.EnvelopesApi(api_client)
• envelopes_api.api_client.host = 'https://demo.docusign.net/restapi' - this wasn't being passed from api_client to envelopes_api, therefore the calls were going to prod instead of demo
• alternatively, set host when instantiating api_client: api_client = ds.ApiClient(host='https://demo.docusign.net/restapi')

Answer 2

your redirect url does not look correct. For one thing, redirect url should be your own app url, not DocuSign. That url that you have there (https://www.docusign.com/api) doesn't look valid to me either. Please check this again.