Blog
Home/

Server template API access restricted to active membership

Author Ahmed Shorim
Ahmed ShorimSr. Developer Support Advisory Engineer
Summary3 min read

Server templates are accessible only from accounts in which the API user is an active member.

      • What’s changing?
      • Why is Docusign restricting access to templates?
      • Next steps
          • Timelines
            • Additional resources

            Table of contents

            As you might already know, one of the most common ways to create an envelope is through the usage of server templates. This makes creating an envelope a simpler task to do through the APIs, especially if you frequently use a specific set of documents as a baseline to your envelopes.

            Previously, when a user created an envelope based on a template ID, Docusign verified that the user had a membership on the template's account and that they had access to the template through that membership. However, it was not verified that said membership is in an active state.

            You were able to use templates belonging to:

            • Accounts where the authenticated user's membership is closed, pending state

            • Closed accounts

            What’s changing?

            Docusign has strengthened restrictions on access to server templates via composite template envelope creation API calls. Only templates from active accounts with which the authenticated user has an active membership are now available. This guarantees that only authorized people have access to templates.

            If the authenticated user doesn’t have an active membership on the account that owns the template, they receive the following error:

            "errorCode": "USER_LACKS_MEMBERSHIP",

            "message": "The UserID does not have a valid membership in this Account. User is not an active member of the template's account."

            This affects both eSignature REST and SOAP APIs.

            Why is Docusign restricting access to templates?

            As part of continuous efforts to improve the security of our product and services, a vulnerability was found when creating envelopes from templates that are specified by template ID via Docusign API (such as composite templates/CreateEnvelopeFromTemplatesAndForms calls).&

            Next steps

            If the authenticated user has no active membership on the template account?

            You have two options:

            • Work with the admin of the account that owns the template to create an active membership for the authenticated user. Once the membership has been activated, creating envelopes based on a template ID will work as expected. Their administrator can review more details in the Docusign Admin Basic Guide: User Management.

            • Download the template from the template account, upload it to an account to which the authenticated user has an active membership, and use that account moving forward. See documentation below:

            If the template account is closed?

            Download the template from the template account, upload it to an account to which the authenticated user has an active membership, and use that account moving forward. See documentation below:

            Timelines

            This change has taken effect for all envelope creation calls based on a template ID as per the rollout schedule below:

            • April 14: Demo

            • April 18 - May 13: Production

            The change has been rolled out in production one site at a time, hence the schedule.

            Additional resources

            Author Ahmed Shorim
            Ahmed ShorimSr. Developer Support Advisory Engineer

            Ahmed Shorim has been with Docusign since 2021 as a Senior Developer Support Advisory Engineer. His work is focused on advising developers on how to integrate with Docusign APIs and SDKs by consulting on best practices and providing code examples. Experienced in developing web, mobile, and desktop applications along with building automation flows, he can be reached at LinkedIn.

            More posts from this author

            Related posts

            • Streamline End-to-End Agreement Management with Docusign: A Developer Overview
              Developers

              Streamline End-to-End Agreement Management with Docusign: A Developer Overview

              Author Larry Jin
              Larry Jin
            • Fast-Track Your Extension Apps with Reference Implementations

              Fast-Track Your Extension Apps with Reference Implementations

              Author Karissa Jacobsen
              Karissa Jacobsen
            Streamline End-to-End Agreement Management with Docusign: A Developer Overview

            Streamline End-to-End Agreement Management with Docusign: A Developer Overview

            Author Larry Jin
            Larry Jin
            Fast-Track Your Extension Apps with Reference Implementations

            Fast-Track Your Extension Apps with Reference Implementations

            Author Karissa Jacobsen
            Karissa Jacobsen

            Discover what's new with Docusign IAM or start with eSignature for free

            Explore Docusign IAMTry eSignature for Free
            Person smiling while presenting