DocuSign Captive Recipient - XML Signing

3
votes

We are creating Captive recipients using DocuSign SOAP based API call - CreateAndSendEnvelope in .net web application into our clients' DocuSign accounts.

We are able to create envelopes fine but while requesting tokens for captive recipients, we have to require our clients turn off X509 signing certificate. We have to ask them to enable two options from their DocuSign account.

  • In Session
  • Don't Enforce In Session Certificate

At times, it becomes cumbersome for us and for our clients to have these features enabled buy our/their DocuSign account representative.

In order for our captive recipients to sign document with valid X.509 signing certificate, what do we need to do? According to DocuSign's documentation, if we provide DocuSign with signing certificate common name(CN), DocuSign can validate the XML signature and our captive recipients can sign the document without enabling those two options.

If we are creating envelopes using captive recipients, do we need to provide CN for each of the DocuSign account that we are working with? Is there anything that we need to include in the request header?

Please advise..

1
docusignapi
Looking into this...Ergin
I think the last part of David's answer below is the easiest solution, your integration is free to make the call using SOAP or REST and as he mentioned if you make this call in REST then the certificate check is omitted...Ergin

1 Answers

4
votes

Juiced Tech:

As mentioned per DocuSign Documentation at link: https://www.docusign.com/p/APIGuide/Content/Embedding%20Group/Pre-DocuSign%20Operations.htm

Here is a link for signing an xml soap body with an X.509 Certificate using .NET:

https://msdn.microsoft.com/en-us/library/ms819963.aspx

As mentioned in the other StackOverflow article link, if it is acceptable you can turn off the requirement, but not advised DocuSign API: "Invalid Signature Credentials" error using Captive (Embedded) Recipients

As an alternative, you could make the REST API call for the recipient view and remove the need for the x.509 and CN all together as the two settings support needs to change are not observed by the REST API. The method is POST {vx}/accounts/{accountid}/views/{viewtype} and you can get the accountid from a REST login_information call to correlate to the accountGUID you have in SOAP. Stays the same for the account, so you only need to call on time per account and cache/persist it. https://www.docusign.net/restapi/help