Trending Topics: Latest from our forums (August 2020)

Trending Topics

Here are some of the latest popular questions that the DocuSign developers community asked on Stack Overflow in the month of August 2020. You too can ask questions by using the tag docusignapi in Stack Overflow.

Thread: DocuSign OAuth Token Generator Broken?

Summary: The developer was trying to use the token generator that we used to have in the Developer Center. They were getting an error.

Answer: the token generator was an old tool that was used to generate OAuth tokens so that developers can make API calls. We decided to remove this tool in favor of a more robust approach to teaching developers how to use authentication correctly and providing them with tools (like QuickStart) to help them with their REST API development. In this particular case, clearing cookies helped the developer proceed with their issue.

Thread: Docusign Authentication API Configuration in PostMan

Summary: The developer is attempting to use Postman to make API calls into the DocuSign eSignature REST API, and having issues with authentication to obtain a token.

Answer: The newly released eSignature Postman collection supports authentication from both JWT as well as Auth Code Grant. However, JWT authentication cannot be used without first obtaining consent and, in any event, to use Postman, the developer would have to log in at least once into DocuSign from outside Postman. 

Thread: PHP / Docusign - Verify HMAC signature on completed event

Summary: The developer is trying to receive information from DocuSign via a Connect webhook. They are further securing the communication using an HMAC signature, but consistently getting an error validating the HMAC. 

Answer: Getting the page body of a web request in PHP code is not as straightforward as one would expect. The developer was trying to use the file_get_contents('php://input') method to do so, but there’s another way showed in the Symphony APIs:

use Symfony\Component\HttpFoundation\Request; 
use Symfony\Component\HttpFoundation\ParameterBag; 
$app->before(function (Request $request) { $payload = $request->getContent(); hmac_verify($payload, $secret); }); 

This code would ensure that the payload containing the HMAC signature is indeed the one to compare, and would resolve the problem.

Additional resources

Inbar Gazit
Inbar Gazit
Sr. Manager, Developer Content