Skip to main content
Blog
Home/

App Password required for new SOAP integrations

Author Sarah Zou
Sarah ZouSr. Platform Product Manager
Summary3 min read

See how this requirement affects your existing eSignature SOAP API integrations as well as any new ones you may want to create.

Table of contents

As of April 21, 2022, Docusign has started blocking all new SOAP integrations from go-live using legacy authentication. As hackers continue to get smarter, our login security standard continues to evolve as well. Docusign’s legacy authentication and OAuth 1.0 do not meet current information security standards for SOAP and will no longer be supported for net new integrations. 

Enforcement schedule

To enforce the new requirements, the automatic go-live process has been updated to require SOAP applications to use App Password authentication. 

By October 2022, all Docusign customer, ISV, and partner SOAP API applications must use App Password. Applications already in production must be upgraded to use App Password by then.

Are there any exceptions?

Since this is needed for application security, we do not foresee any exceptions to the new policy. Our Developer Support and Professional Services groups are ready to help you. We also have an extensive set of App Password documentation that can be used. 

Send-on-behalf-of

Account admins can also use an App Password to make SOBO calls, sending on behalf of an account user without getting their explicit permission.

I’m an ISV. I need new integration keys for SOAP APIs that don’t require App Password for my new customers.

If you’re a member of a Docusign partner program, please send an email to partners@docusign.com and we will work with you on this issue. At the same time, please plan now to update your application to use App Password for Docusign authentication per the schedule. 

If you’re not yet a member of a Docusign partner program, please join us (no charge) via this form. Then contact us about your application’s integration keys. Docusign recommends that ISVs should use a single integration key for all of their customers whenever possible. See this document.

Do you have resources to help my developers upgrade to App Password?

Yes, see the following resources:

Additional resources

Author Sarah Zou
Sarah ZouSr. Platform Product Manager

Sarah Zou is a Senior Platform PM at Docusign. Empowering users to protect their credentials and fighting identity stuffing attacks are her passions. Her work focuses on enabling customers to deploy Docusign in a way that matches their Identity Access Management strategy (i.e. SSO, OAuth, TFA, etc). You can find her on LinkedIn.

More posts from this author

Related posts

  • Docusign 2024 Release 3: Capture the Critical Business Value Hidden in Your Agreements
    Intelligent Agreement Management

    Docusign 2024 Release 3: Capture the Critical Business Value Hidden in Your Agreements

  • How to improve your app’s UX while users wait for API calls to complete

    How to improve your app’s UX while users wait for API calls to complete

    Author Larry Kluger
    Larry Kluger
  • Trending Topics: Latest from our forums (November 2024)
    Author Paige Rossi
    Paige Rossi
How to improve your app’s UX while users wait for API calls to complete

How to improve your app’s UX while users wait for API calls to complete

Author Larry Kluger
Larry Kluger
Trending Topics: Latest from our forums (November 2024)
Author Paige Rossi
Paige Rossi

Discover what's new with Docusign IAM or start with eSignature for free

Explore Docusign IAMTry eSignature for Free
Person smiling while presenting