6

I've been pulling my hair out trying to get DocuSign to work with my website.

The basic idea is:

  1. Anonymous user lands on page with form
  2. User fills out form
  3. Before submit generate PDF from details
  4. Ask user to sign by clicking button
  5. Takes user details and document and redirects to DocuSign for user to sign
  6. Redirects back to my site with thank you / success

I'm a PHP dev, worked with plenty of API's, I can handle most of that. The problem is that getting an oAuth Token in order to use the API. When I use the oauth/auth endpoint, it returns a HTML DocuSign login form.

I do not want the user to sign in. I want them to be able to just click a button, sign with docusign and come back. They shouldn't have to have a DocuSine account. I want the website to be the logged in user in that makes sense?

Am I missing something obvious?

Many thanks, Jon

REF: https://developers.docusign.com/docs/esign-rest-api/how-to/request-signature-in-app-embedded/

FYI:

  • I've changed the login settings in the integration key settings, it's set so user does not have to be logged in to sign.
  • I've installed the PHP Code example locally and that also requires a user to login. https://github.com/docusign/code-examples-php
Jonathan P
  • 418
  • 5
  • 14

1 Answers1

2

Two options:

  1. You can use PowerForms. PowerForms are created from eSignature templates and a URL is generated to allow anyone to sign them without having to have an account or sign-in or anything at all.
  2. Use JWT with a system account and use embedded signing. This way the "sender" is always the same user that was used to authenticate for JWT but anyone can sign without signing in.
Inbar Gazit
  • 12,566
  • 1
  • 16
  • 23
  • Thanks very much for your reply Inbar, I was looking at JWT but that still asks users permission for the application to act on behalf of them right? – Jonathan P Oct 22 '20 at 17:48
  • Yes, consent must happen at some point. The idea is that with JWT, you provide consent for the integration to act as a generic system user so that the person interacting with your application doesn't need to authenticate themselves. – Drew Oct 22 '20 at 18:00
  • So could I just note down the code returned in the response and use that for all other requests from then on? Does the code expire? – Jonathan P Oct 22 '20 at 18:12
  • Do you see what I'm getting at? How can I make this invisible to the end user who will be signing the documents? – Jonathan P Oct 22 '20 at 18:12
  • the token does expire after 8 hours if that's what you mean – Inbar Gazit Oct 22 '20 at 18:13
  • consent is only required once. If it's the same IK/user - you won't need to obtain consent again – Inbar Gazit Oct 22 '20 at 18:13
  • the end user won't be the one consenting, it's your system account, your account or whoever that would be doing the consent. Once. And done. – Inbar Gazit Oct 22 '20 at 18:13
  • Okay, I understand it's the system who needs to get consent but how do I practically do that? Just run the oAuth route once on my server? Then DocuSIne will have my server authorised? How does that work – Jonathan P Oct 22 '20 at 18:16
  • it's not your server, it's the IK and userId that are authorized. And yes, you can do it once however you want and you're done. – Inbar Gazit Oct 22 '20 at 18:18
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/223475/discussion-between-jonathan-port-and-inbar-gazit). – Jonathan P Oct 22 '20 at 18:20
  • Hi, i have the same situation above how did it go ? – Blesson Christy Nov 25 '20 at 04:44
  • not clear what problem you have Blesson. Maybe you need to post a separate thread – Inbar Gazit Nov 25 '20 at 16:36