Reputation: 121
DocuSign: Is using X-DocuSign-Authentication in the header for calling API's safe?
I am using Docusign for embedded signing in my web application. In my case
I am not expecting users to have Docusign account and that's why i am using X-DocuSign-Authentication in the header for calling the API's and generating the url for e-signing.
Is this process safe to use on production?
Upvotes: 1
Views: 576
Answers (3)
Reputation: 49114
TL;DR:
X-DocuSign-Authentication is no longer supported or allowed for new DocuSign REST API applications. And if you're using it for an existing application then you must upgrade to OAuth.
X-DocuSign-Authentication is no longer supported or allowed for new DocuSign REST API applications.
There is a depreciation schedule for existing API applications that use this authentication type.
Upvotes: 0
Reputation: 494
Passing 'X-DocuSign-Authentication' wouldn't be considered safe, therefore we recommend to use oauth in production accounts: https://developers.docusign.com/platform/auth/jwt
Upvotes: 3
Reputation: 5029
X-DocuSign-Authentication is not 'safe' because it requires your application to handle plaintext credentials directly.
For a 'service' application that accountless users interact with, JWT authentication is likely an appropriate replacement: https://developers.docusign.com/platform/auth/jwt/jwt-get-token/
Upvotes: 1
Related Questions
- DocuSign JWT/Signing Security
- Docusign API Auth - which to use
- What type of Authentication we should use inside our DocuSign API integration
- DocuSign SOAP API with access tokens
- How should the header X-DocuSign-Authentication be used for REST and SOAP?
- Docusign Rest api : signer authentication methods and how they would fit into request body JSON
- Does DocuSign Connect work with basic HTTP auth details?
- Docusign Callback authentication
- Security Issues with Docusign API
- Docusign: Do I need to call 'login' for every signing request?