docusignapi

DocuSign JWT Grant how to get GUID userId of the user to impersonate?


I am doing service integration with DocuSign platform using JWT Grant auth type. DocuSign account has multiple users setup.

My service is SendEnvelopService and one of the important request param to the service is user email. SendEnvelopService need to impersonate user with given email-id when calling DocuSign and send envelope in behalf of that user. Note that every request to SendEnvelopService will have different value of email request param.

I have following questions around it -

Question#1) Since I need to impersonate different user every time (based on email id in my request), I assume I need to get new JWT auth token every time, before making actual api call. Is that right? Is it usual and ok to request new JWT auth token so frequently before every api call? Does it raise any integration concerns with DocuSign?

Question#2) In my request, I have email id of the user to impersonate. I don't have user's GUID which I need, to get JWT auth token and impersonate it. Is there any api that I can use to get user GUID by email id? I wonder what kind of authentication will be needed for such api because I don't have JWT auth token yet.

enter image description here

One idea I have is may be I need to setup one admin user in DocuSign and keep admin userId (GUID) in application config. Now I have 2 users, one is admin user and another is request user which I have email from the service request. I can following steps -

  1. Do requestJWTUserToken impersonating admin user. We get oAuthTokenAdmin

  2. Using oAuthTokenAdmin make https://developers.docusign.com/esign-rest-api/reference/Users/Users/list api call to get userId (GUID) of request user email.

  3. Now do another requestJWTUserToken impersonating request userId. We get oAuthTokenUser

  4. Now make actual api call using oAuthTokenUser and to send envelope


Solution

  • Go to: https://admindemo.docusign.com/ Log in with your demo (sandbox) credentials. Then you have two options:

    If it is only for you, simple thing is to click "API and Keys" page under Integrations on the left nav. You will see this:

    enter image description here

    You can also click on "Users" on the left and select the user you want, any user really, doesn't have to be you. then you'll see it under this:

    enter image description here

    For your first question, no, you don't have to do that. You can use the same user for all API calls. Especially if this user is an admin, then you can do all API calls under that context.