Why does Docusign not see my redirect URI?

Question

I have built an integration using a developer sandbox account. I have recently had my application promoted to live, and I have configured my production environment to use the new integration id and secret, and live Docusign url.

However when I attempt to create an oauth connection in my application's account, my server acquires a code, redirects the client to Docusign to authenticate, but the Docusign login screen shows an error "There are no redirect URIs registered with DocuSign". This is not the case - my developer account shows the app as Live, with a single redirect uri configured. The redirect URI I am using in my connect flow matches that which is configured on the app. All settings otherwise are the same across my development app and production app.

How can I make sure Docusign is seeing my redirect uri in a newly promoted app?

Answer 1

Happens to me all the time with new apps.

After your integration is promoted to the production systems after the go-live process, you then have two integration keys to manage:

1. The original integration key for the developer system. Manage this integration key via your developer account's eSig admin tool.

   IdP: https://account-d.docusign.com

2. The new integration key for the production systems worldwide. Manage this integration key via your production account that you used during the go-live process. While the production integration key is managed through that specific production account, it is available and usable by any production account user, on any production server worldwide.

   IdP: https://account.docusign.com

You can continue to use the demo version of your integration key for on-going regression testing. The two integration keys have the same guid value but are, in fact, two completely different objects within the DocuSign systems.

Solution

The problem is that you updated the settings on the demo version of your integration key. Instead, use the eSig Admin tool of the production account that you chose to be the management account for the integration key during go-live.

You will also need to switch your app to use the production IdP, https://account.docusign.com. And determine the production API base URL for the logged in user via the /oauth/userinfo call.

Also

Pro-tips when registering and using a redirect URI

1. Check that the redirect URL in your OAuth Authorization Code grant URL (the one you send to DocuSign) is EXACTLY the same as the one you registered for your client_id (integration key) via the esig admin tool. Eg http vs https, trailing slashes, etc.
2. The redirect URL in your OAuth Authorization Code grant URL cannot include any query parameters, fragment ids (#xyz), etc. (You can pass state via the state parameter of the overall URL, not within the redirect URL.)
3. If there are any interesting characters in the redirect URL, properly URL encode them when you make the redirect to DocuSign's IdP. (Don't encode them when you enter the URL into the eSig Admin tool.)
4. After making any changes in the eSig Admin tool, you may need to wait up to 5 minutes for the changes to propagate throughout the DocuSign (many) servers.
5. If you get the error shown in your screenshot, restart the entire OAuth flow, don't just refresh the page that you're seeing. There may be redirects between the start of the flow and the login form.

Answer 2

When you created the new integration key, did you set the "Redirect URIs" correctly?