node.jsdocusignapidocusign-sdk

How to authenticate with docusign-esign in nodejs


I am trying to authenticate with docusign-esign, however it is not clear from the documentation how to do it.

The use case is that I do not to do actions on behalf of users, I want to use my service to create envelopes and fetch envelope information.

From the documentation I believe JWT token is the best way to go.

So far I have:

const apiClient = new ApiClient();
apiClient.setOAuthBasePath('https://demo.docusign.net/restapi');
apiClient.setBasePath('account-d.docusign.com');

// integrationKey and privateKey come from https://admindemo.docusign.com/apps-and-keys
const token = await apiClient.requestJWTApplicationToken(integrationKey, ['signature'], Buffer.from(privateKey), 600);

The response from the above call is:

body: {
    access_token: 'eyJ0eX...',
    token_type: 'Application',
    expires_in: 28800
}

Now my understanding is that I should exchange this Application token for an Access (Bearer) token, which I have to use in the Authorization header when making requests to the API. I have noticed that the docusign-esign package has a function generateAccessToken but it seems that this is only for the Authorization Code Grant.

Is what I explained before the right way to proceed and how do I get an access token from the Application token above? If not what is the correct way to authenticate my app properly with docusign so I can call .getEnvelope(accountId, envelopeId). Is there also anything else I should do in terms of setup in the DocuSign dashboard?


Solution

  • You are correct that JWT Authentication fits better for your use case.

    You have however requested a JWT Application Token which is only useful for certain endpoints.

    You are looking for the requestJWTUserToken() function as that authenticates on behalf of a user. You can find documentation on how to use this function here

    I also noticed you're only requesting the 'signature' scope. For JWT, the 'impersonation' scope is also required as it does impersonate a user to perform actions on their behalf. See documentation for authenticating with JWT here