DocuSign Rest API returning blank response after moving into production environment (same code works fine in Sandbox)

0
votes

We have all code working in the Sandbox. We have completing all the steps to move to production successfully at Docusign. Docusign Rest API is returning a blank response after moving into production environment (same code works fine in Sandbox)

After Purchasing 'Basic API' Plan with Docusign we are attempting to use same curl scripts that were working fine in Sandbox environment in Production. Used GetUserInfo to determine the base URI (ca.docusign.net), tried restapi/v2/ , restapi/v2.1/ and also tried without specifying a version, always get a blank response (unless we send an invalid bearer token, see #3 below). Production Token string seems to be fine as GetUserInfo works in production and no authorization errors.

1) Sandbox (works fine, API returns an Envelope ID): curl --header "Authorization: Bearer [TokenTextString]" --header "Content-Type: application/json" --data-binary @JsonReq.txt --request POST https://demo.docusign.net/restapi/v2/accounts/[account_id]/envelopes -k { "envelopeId": "6e1aa70d-cc9e-4a57-a371-1deed8e49424", "uri": "/envelopes/6e1aa70d-cc9e-4a57-a371-1deed8e49424", "statusDateTime": "2020-01-14T15:32:38.9230000Z", "status": "sent" }

2) Production Environment (Get Blank Response): curl --header "Authorization: Bearer [TokenTextString]" --header "Content-Type: application/json" --data-binary @T:\at\oct2017!docusign\JsonReq.txt --request POST https://ca.docusign.net/restapi/v2/accounts/[account_id]/envelopes -k

3) Interestingly If I change the bearer token to something invalid (ie remove the leading 'e') I get a response "USER_AUTHENTICATION_FAILED":

curl --header "Authorization: Bearer [TokenTextString_e_removed]" --header "Content-Type: application/json" --data-binary @T:\at\oct2017!docusign\JsonReq.txt --request POST https://ca.docusign.net/restapi/v2/accounts/[account_id]/envelopes -k { "errorCode": "USER_AUTHENTICATION_FAILED", "message": "One or both of Username and Password are invalid. Invalid access token" }

Note: used the userinfo request to get the Base URI for the Production RestAPI (ca.docusign.net)

curl --header "Authorization: Bearer [TokenTextString]" --request GET https://account.docusign.com/oauth/userinfo -k {"sub":"21219113-31d7-427d-bdad-16dab4654485","name":"XXXX XXXX","given_name":"XXXX","family_name":"xxxx","created":"2019-12-10T22:18:51.623","email": "[email protected]","accounts":[{"account_id":"[account_id]","is_default":true,"account_name":"XXXXXX Inc","base_uri":"https://ca.docusign.net"}]}

1
curldocusignapi
how do you obtain the production token? do you use Auth Code Grant? JWT? - Inbar Gazit
The Production Token is obtained using script below: curl --data "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=[Encoded_JWT]" --request POST account.docusign.com/oauth/token -k {"access_token":"[TokenText]","token_type":"Bearer","expires_in":3600} - DaveD
you do need an IK and RSA Keypair for production, do you have all of that? you also need the userId for the user in prod. - Inbar Gazit
Yes I have a production Integration Key and Created the RSA keypair in Admin>'API & Keys' > Authentication > Service Integration and followed the steps to get the bearer token. The API seems to be accepting the token, because if I use an expired token with same RestAPI request (that was previously returning blank) I get error { "errorCode": "USER_AUTHENTICATION_FAILED", "message": "One or both of Username and Password are invalid. Invalid access token" } - DaveD
so it's the call to ca.docusign.net that gets you the blank response? - Inbar Gazit

1 Answers

0
votes

Compared all the settings on every screen between my Sandbox and Live Accounts side-by-side, Found that when the Integration key was copied to the live account, the Authentication must have got defaulted to 'Authorization Code Grant' (Docusign GO-live Process) After updating to 'Implicit Grant' and going through the steps again (RSA Keys / JWT gen etc) was able to get a successful Envelope request through.
What threw everything off is the docusign API was returning no response instead of on error (unless the bearer token was invalid or expired then would get an error response) had an error been returned would have clued in earlier that need to go through the settings with fine toothed comb.