App Password required for new SOAP integrations

As of April 21, 2022, DocuSign has started blocking all new SOAP integrations from go-live using legacy authentication. As hackers continue to get smarter, our login security standard continues to evolve as well. DocuSign’s legacy authentication and OAuth 1.0 do not meet current information security standards for SOAP and will no longer be supported for net new integrations. 

Enforcement schedule

To enforce the new requirements, the automatic go-live process has been updated to require SOAP applications to use App Password authentication. 

By October 2022, all DocuSign customer, ISV, and partner SOAP API applications must use App Password. Applications already in production must be upgraded to use App Password by then.

Are there any exceptions?

Since this is needed for application security, we do not foresee any exceptions to the new policy. Our Developer Support and Professional Services groups are ready to help you. We also have an extensive set of App Password documentation that can be used. 

Send-on-behalf-of

Account admins can also use an App Password to make SOBO calls, sending on behalf of an account user without getting their explicit permission.

I’m an ISV. I need new integration keys for SOAP APIs that don’t require App Password for my new customers.

If you’re a member of a DocuSign partner program, please send an email to partners@docusign.com and we will work with you on this issue. At the same time, please plan now to update your application to use App Password for DocuSign authentication per the schedule. 

If you’re not yet a member of a DocuSign partner program, please join us (no charge) via this form. Then contact us about your application’s integration keys. DocuSign recommends that ISVs should use a single integration key for all of their customers whenever possible. See this document.

Do you have resources to help my developers upgrade to App Password?

Yes, see the following resources:

• Developer Center App Password guidelines
• App Password Release blog post
• Legacy Auth Deprecation Project Overview Dev Center page

Additional resources

• DocuSign Developer Center
• DocuSign for Developers on YouTube
• @DocuSignAPI on Twitter
• DocuSign on Twitch
• DocuSign for Developers on LinkedIn
• DocuSign Developer Newsletter