Configuring the DocuSign authentication
Securely call the DocuSign digital signature capabilities through the OAuth 2.0 authentication method that is based on the JSON Web Token (JWT) grant.
The following articles explain how to configure your Pega application to create a JWT with your application's authentication credentials and user details. Upon request, DocuSign validates the JWT and application permissions, and then issues an access token that allows use of DocuSign services.
Creating a keystore by using OpenSSL
Create a container for the public key certificate that your application uses to authenticate calls to DocuSign.
- In your preferred terminal tool, generate
.csr
,.crt
, and.p12
files by entering the following commands:- For
.csr
, enter:openssl req -out CSR.csr -key DS_PrivateKey.key -new
- For
.crt
, enter:openssl x509 -signkey DS_PrivateKey.key -in CSR.csr -req -days 365 -out mycustom.crt
- For
.p12
, enter:openssl pkcs12 -export -out certificate.pfx -inkey DS_PrivateKey.key -in mycustom.crt
- For
- In your Pega application, create a keystore
instance:For more information, see Configuring a keystore by uploading a file.
- In the Keystore location list, select Upload file.
- In the Keystore file name field, upload the
.p12
file that you created in step 1.c. - In the Keystore type field, enter PKCS12.
The following figure shows a sample DocuSign keystore:
Creating a JWT generation profile
Specify how your application generates the JWTs that it uses to access DocuSign digital signature capabilities by creating a JWT generation profile.
- In your Pega application, create an instance of
a generation JSON Web Token profile.For more information, see Creating a generation JSON Web Token profile.
- In the Registered claims section, configure parameters for
the following claims:
Name Map from Map from key Issuer (iss) Constant Enter the integration key of your DocuSign app. Audience (aud) Constant Perform one of the following actions: - For a developer account, enter account-d.docusign.com.
- For a production account, enter account.docusign.com
Subject (sub) Constant Enter the DocuSign user ID that your application impersonates. - In the Custom claims section, configure parameters for
the following claim:
Name Map from Map from key scope Constant Enter signature impersonation
This authentication scope is required for applications that impersonate users to perform API calls.
- In the Security section, configure the token security
settings:
- In the Security configuration list, select Signature.
- In the Signature type list, select Asymmetric.
- In the Signature algorithm field, enter RS256.
- In the Keystore field, enter or select the keystore instance that you created in Creating a keystore by using OpenSSL.
- In the Alias field, enter or select the alias name of the private key from the keystore that you provided in Creating a keystore by using OpenSSL.
- In the Password field, enter the keystore password that you provided in Creating a keystore by using OpenSSL.
- Select the Suppress generation of Key ID (kid) header check box.
See the following figure for reference: - Confirm your settings by clicking Save.
Creating an authentication profile
Enable your application to securely exchange messages with DocuSign through OAuth 2.0 by creating an authentication profile.
- In your Pega application, create an instance of
an OAuth 2.0 authentication profile.For more information, see Creating an authentication profile.
- In the Client configuration section, in the Grant type list, select JWT bearer.
- In the Client Identifier field, enter your DocuSign integration key.
- In the Client secret field enter any value, for example, 1234567890.
- In the Scope field, enter signature impersonation
- Ensure that the Use refresh token if available checkbox is cleared.
- In the JWT Assertion section, select Use JWT generation profile.
- In the JWT generation template field, select the profile that you created in Creating a JWT generation profile.
- In the Endpoint configuration section, in the
Access token endpoint field, enter one of the
following values:
- For a developer account, enter https://account-d.docusign.com/oauth/token.
- For a production account, enter https://account.docusign.com/oauth/token.
- Expand the Advanced configuration section.
- In the Client authentication section, in the Authentication scheme list, select Private Key JSON Web Token (JWT).
- Select the JWT generation profile checkbox.
- In the JWT generation profile field, select the profile that you created in Creating a JWT generation profile.
- In the Send access token as section, select Authorization header.
- Confirm your settings by clicking Save.
Configuring the client profile
Configuring the JWT assertion
Configuring the client authentication
Updating the DocuSign connection details
Configure your application with the DocuSign connection parameters to successfully authenticate requests to DocuSign during case processing.
- Find and open the pyDocuSignAuthProfile application setting.
- In the Value per production level section, for the
intended production level, enter the name of the DocuSign OAuth 2.0
authentication profile.For more information, see Creating an authentication profile.
- Confirm your settings by clicking Save.
- Open the pyDocuSignAccountID application setting.
- In the Value per production level section, for the intended production level, enter your DocuSign Account ID.
- Confirm your settings by clicking Save.
- Open the pyDocusignBaseURL application setting.
- In the Value per production level section, update the
production level settings:
- If you use a development environment, in the Development field, enter https://demo.docusign.net
- If you are a licensed DocuSign customer, in the Production field, enter https://www.docusign.net
- Confirm your settings by clicking Save.
- Open the pyDocuSignAuthenticationBaseURL application setting.
- In the Value per production level section, update the
production level settings:
- If you use a development environment, in the Development field, enter https://account-d.docusign.com
- If you are a licensed DocuSign customer, in the Production field, enter https://account.docusign.com
- Confirm your settings by clicking Save.For more information, see Defining values for an application setting and the DocuSign Developer documentation.
Updating the sender authentication profile
Updating the DocuSign account ID
Updating the DocuSign base URL
Updating the DocuSign authentication base URL
Previous topic Installing the DocuSign component Next topic Monitoring the DocuSign connection status