I am trying to authenticate with docusign-esign, however it is not clear from the documentation how to do it.
The use case is that I do not to do actions on behalf of users, I want to use my service to create envelopes and fetch envelope information.
From the documentation I believe JWT token is the best way to go.
So far I have:
const apiClient = new ApiClient();
apiClient.setOAuthBasePath('https://demo.docusign.net/restapi');
apiClient.setBasePath('account-d.docusign.com');
// integrationKey and privateKey come from https://admindemo.docusign.com/apps-and-keys
const token = await apiClient.requestJWTApplicationToken(integrationKey, ['signature'], Buffer.from(privateKey), 600);
The response from the above call is:
body: {
access_token: 'eyJ0eX...',
token_type: 'Application',
expires_in: 28800
}
Now my understanding is that I should exchange this Application token for an Access (Bearer) token, which I have to use in the Authorization header when making requests to the API. I have noticed that the docusign-esign package has a function generateAccessToken but it seems that this is only for the Authorization Code Grant.
Is what I explained before the right way to proceed and how do I get an access token from the Application token above? If not what is the correct way to authenticate my app properly with docusign so I can call .getEnvelope(accountId, envelopeId). Is there also anything else I should do in terms of setup in the DocuSign dashboard?
You are correct that JWT Authentication fits better for your use case.
You have however requested a JWT Application Token which is only useful for certain endpoints.
You are looking for the requestJWTUserToken() function as that authenticates on behalf of a user. You can find documentation on how to use this function here
I also noticed you're only requesting the 'signature' scope. For JWT, the 'impersonation' scope is also required as it does impersonate a user to perform actions on their behalf. See documentation for authenticating with JWT here