App Password required for new SOAP integrations

•

Summary•3 min read

See how this requirement affects your existing eSignature SOAP API integrations as well as any new ones you may want to create.

Enforcement schedule
Are there any exceptions?
Send-on-behalf-of
I’m an ISV. I need new integration keys for SOAP APIs that don’t require App Password for my new customers.
Do you have resources to help my developers upgrade to App Password?
Additional resources

Enforcement schedule
Are there any exceptions?
Send-on-behalf-of
I’m an ISV. I need new integration keys for SOAP APIs that don’t require App Password for my new customers.
Do you have resources to help my developers upgrade to App Password?

Additional resources

As of April 21, 2022, Docusign has started blocking all new SOAP integrations from go-live using legacy authentication. As hackers continue to get smarter, our login security standard continues to evolve as well. Docusign’s legacy authentication and OAuth 1.0 do not meet current information security standards for SOAP and will no longer be supported for net new integrations.

Enforcement schedule

To enforce the new requirements, the automatic go-live process has been updated to require SOAP applications to use App Password authentication.

By October 2022, all Docusign customer, ISV, and partner SOAP API applications must use App Password. Applications already in production must be upgraded to use App Password by then.

Are there any exceptions?

Since this is needed for application security, we do not foresee any exceptions to the new policy. Our Developer Support and Professional Services groups are ready to help you. We also have an extensive set of App Password documentation that can be used.

Send-on-behalf-of

Account admins can also use an App Password to make SOBO calls, sending on behalf of an account user without getting their explicit permission.

I’m an ISV. I need new integration keys for SOAP APIs that don’t require App Password for my new customers.

If you’re a member of a Docusign partner program, please send an email to partners@docusign.com and we will work with you on this issue. At the same time, please plan now to update your application to use App Password for Docusign authentication per the schedule.

If you’re not yet a member of a Docusign partner program, please join us (no charge) via this form. Then contact us about your application’s integration keys. Docusign recommends that ISVs should use a single integration key for all of their customers whenever possible. See this document.

Do you have resources to help my developers upgrade to App Password?

Yes, see the following resources:

Developer Center App Password guidelines
App Password Release blog post
Legacy Auth Deprecation Project Overview Dev Center page

Additional resources

Sarah ZouSr. Platform Product Manager

Sarah Zou is a Senior Platform PM at Docusign. Empowering users to protect their credentials and fighting identity stuffing attacks are her passions. Her work focuses on enabling customers to deploy Docusign in a way that matches their Identity Access Management strategy (i.e. SSO, OAuth, TFA, etc). You can find her on LinkedIn.