I'm having issue using DocuSign API. when I send a PDF via SOAP API. (I am using the method CreateEnvelopeFromTemplates, the templates are on your server) When the user received the envelope (PDF) the fields are not there. But when I send via the WEB they do have the fields.
I was not adding the Role to the API, now I'm but still not showing the fields.
Should I use the method CreateEnvelopeFromTemplatesAndForms instead the other one?
I believe you're using the right method (CreateEnvelopeFromTemplates). The most likely reason that the fields (tabs) are not being displayed when you create the Envelope via the API is that the recipient Role Name(s) being specified by the API request does not exactly match the Role Name(s) specified by the Template itself (with which the tabs are associated). Make sure spelling, spacing, and case of Role Name(s) specified by your API request matches exactly with what's specified by the Template.
Related
I am using the DocuSign REST API to send documents and we are trying to take advantage of the webhook capabilities.
Our problem is that we have basic auth set up on our webhook listener which it doesn't appear is supported in the REST API. I am enquiring whether or not this is an accurate understanding. I know it is possible on the Connect product, which the basic auth can be set up via the portal, however I am looking specifically for API REST calls.
How can I secure the EventNotification event?
Many thanks,
Mitch.
As of now, according to docusign offical post:
Individual Envelope Connect configurations created with the eventNotifications API option do not support Basic Authentication at this time.
A WORKAROUND SOLUTION:
Docusign has an official blog post to answer this question. Securing Your Connect Webhook Listener
For us, we use the Use a Pre-shared Secret method to secure our webhook. We are using the python sdk. During the process we create the EventNotification, we add a secret parameter to the webhook listener url. When the docusign post the request to your listener server, it will include the secret. You could check the parameter to make sure the request is valid.
event_notification = EventNotification()
event_notification.url ='your webhook_url' + '?secret=' + 'your_secret')
The text below is quoted from the blog post.
This defense acts both as access control and authentication. The
listener URL you provide to DocuSign can include one or more query
parameters. DocuSign will include them during its POST request to your
listener.
For access control, your listener will first check that the request
includes the expected query parameter and reject all requests that
don’t. For authentication, your listener will additionally check the
value of the query parameter. Remember that you can encode any values
for the name and value of the query parameter. For this example, we’re
using “pw” as the name of the query parameter.
To use a pre-shared secret, just set the URL accordingly in the
Connect configuration. For example,
https://listener_url.example.com/listener?pw=secret
Remember that the complete URL, including its query parameters, is
encrypted before it is sent across the internet. The URL and its query
parameters are visible in various logs and configuration screens,
including the Connect webhook configuration page.
I have created an envelope, added recipients and documents to the envelope through REST API call in apex code. Now I want to view my envelope in docusign user interface before ot it sent to the signers. Can I connect to the docusign from REST API call in apex and view the envelope?
There are different type of views you can use, based on the Envelope status, details are available at https://docs.docusign.com/esign/restapi/Envelopes/EnvelopeViews/ You might be interested in seeing https://docs.docusign.com/esign/restapi/Envelopes/EnvelopeViews/createCorrect/ or https://docs.docusign.com/esign/restapi/Envelopes/EnvelopeViews/createEdit/ or if sender wants to see it then https://docs.docusign.com/esign/restapi/Envelopes/EnvelopeViews/createSender/
You can use the EnvelopeViews: createSender API (also called Embedded Sending) to open the "tag and send" view of the envelope and let your users send it through the DocuSign Console. This also allows them to make changes to envelope before sending, given that they have the correct permissions.
This is what the API request typically looks like:
POST /v2/accounts/{accountId}/envelopes/{envelopeId}/views/sender
{
"returnUrl": "https://your.app.com/callback"
}
Once the user is done sending the envelope they will be redirected to the URL that's provided in the returnUrl parameter.
I am trying to get the list of all users with their email addresses from a confluence cloud instance using their REST API. There is nothing in their documentation regarding users. Also the email address is never embedded in any of the response containing user objects. Is there a way to retrieve email address of the user based on the username.
You will have to use their older APIs -- the methods are there.
I'm struggling with coming up with the "right" way to capture audit information via a REST service. Let's say I've got an internal REST API for an Employee resource. I want to capture things when an Employee is added/modified/removed such as the user who did the change, the application the user was using, when it was done (assume this could be asynchronous so the user's action may have taken place at a different time than the REST call), etc. Also, the user that initiated the change may not be the authenticated user making the REST call.
My thoughts are that those properties do not belong in the body of the request - meaning that they are not attributes of the Employee object. They are not something that would be retrieved and returned on a GET, so they shouldn't be in the POST/PUT. They also do not belong as a parameter because parameters should be for specifying additional things about Employees or a search/filter critiera on GET requests for Employees.
My current thoughts are to have the client specify this information in the HTTP headers. That keeps the URL parameters & body pure for the Employee resource. Is that an appropriate use of the headers? Are there other options that I'm not seeing?
I'm working on a project with a very similar problem, and we did end up using HTTP headers to track auditing information. Actually, this was a byproduct of requiring an Authorization header which specifies the client user and application, and we use this information inside the REST service to store details in an audit log.
In your case, I don't think it's "wrong" to add custom X headers to specify the original user/application/time the request was made and storing these to an audit history in the service somewhere. Basically proxying on information via extra request headers. I also agree that these should not be part of the request body or URL parameters.
I'm creating restful api that is used by angular web page. I'm using token based authentication. Server side determines which user sent request based on token value, so I don't have to pass user id on URI. For example, request that returns all orders for logged (with token) user looks like this:
/api/orders
instead of:
/api/users/123/orders
Api is still stateless, but the same URI returns different data depending on headers. Is it consistent with Restful principles?
I think that this suggested API violates the address-ability feature of REST. The address of a resource should be in a form that is visible and readable (and some other things not related to your question...). One of the nice things of nice URIs is that one can link to it easily. Headers are actually hiding the real address of the resource hence making it impossible to link to it. So bottom line I would not go for such an API.