docusignapidocusign-sdk

Facing Issues while calling esignature API/SDK methods in Production Environment

I have created one python application which is using Docusign integration. First i developed it on Docusign Developer Account it works fine with its integration key.

Now i have done with "Go-Live" Process for production usage and that integration key i can see in my production account as well.

Also done with creating RSA Keypair ID, Redirect URI.

Also Provided the consent using the url

https://account.docusign.com/oauth/auth?response_type=code&scope=signature&client_id={INTEGRATION_KEY}&redirect_uri=http://localhost/

Also i have maintained my production account

user_id account_id client_id/integration_key host

in .env file

And when i am running my application for accessing access token using esignature SDK method

`api_client = ApiClient()
   
      api_client.host = os.environ.get('HOST')
      api_client.oauth_host_name = os.environ.get('OAUTH_HOST_NAME')

      SCOPES = ["signature"]

      access_token = api_client.request_jwt_user_token(
            client_id=os.environ.get('CLIENT_ID'),
            user_id=os.environ.get('USER_ID'),
            oauth_host_name=os.environ.get('OAUTH_HOST_NAME'),
            private_key_bytes=private_key,
            expires_in=3688,
            scopes=SCOPES
        )`

it is throwing the Error:

(400)
Reason: Bad Request
Trace-Token: 587ff3c6-da1a-4907-9ac7-cff0cc069f62
Timestamp: Wed, 13 Dec 2023 05:33:53 GMT
HTTP response headers: HTTPHeaderDict({'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Content-Type': 'application/json; charset=utf-8', 'Expires': '-1', 'X-DocuSign-TraceToken': '587ff3c6-da1a-4907-9ac7-cff0cc069f62', 'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block; report=/client-errors/xss', 'X-DocuSign-Node': 'AM2FE21', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'Referrer-Policy': 'no-referrer,strict-origin-when-cross-origin', 'X-Content-Type-Options': 'nosniff', 'Date': 'Wed, 13 Dec 2023 05:33:53 GMT', 'Content-Length': '28', 'Vary': 'Accept-Encoding'})

HTTP response body: b'{"error":"consent_required"}'

Even if I have given consent same Error Persists. In Connected Apps section I can see the consent for my App

I Tried to resolve but did not find any solution.

Solution

  • @lbo is correct--you only obtained consent for scope signature. But you need consent for both signature and impersonation.

    So try:

    https://account.docusign.com/oauth/auth?response_type=code&
scope=signature%20impersonation&
client_id={INTEGRATION_KEY}&redirect_uri=http://localhost/

    Note that your SDK request for an access token via the JWT grant only needs to specify signature scope (as you are doing) since the impersonation scope is implied due to your use of the JWT (impersonation) OAuth flow