In Docusing I am obtained access token with demo account successfully and create envelope also, when I move to production account, I can't get access token and got error as "The remote server returned an error: (400) Bad Request." I did 20 API calls successfully and reviewed and make Go to live from developer account, API key details reflects on production login also.
Old Code This is the code I used to obtain access token.
Dim PrivateKey As String = odjDTRep.Rows(0)("PrivateKey").ToString().Trim.Replace(vbLf, "").Replace(vbCr, "")
'This section to generate jwt Header
Dim ar1 As JObject = New JObject()
ar1.Add("typ", "JWT")
ar1.Add("alg", "RS256")
Dim header As String = Base64UrlEncoder.Encode(ar1.ToString)
'This section to generate jwt Body
Dim ar2 As JObject = New JObject()
ar2.Add("iss", odjDTRep.Rows(0)("iss_Int_Key").ToString())
ar2.Add("sub", odjDTRep.Rows(0)("sub1_Api_UserName").ToString())
ar2.Add("iat", DateDiff(DateInterval.Second, New Date(1970, 1, 1), Now().ToUniversalTime))
ar2.Add("exp", DateDiff(DateInterval.Second, New Date(1970, 1, 1), DateAdd(DateInterval.Hour, 1, Now().ToUniversalTime)))
ar2.Add("aud", odjDTRep.Rows(0)("aud").ToString())' aud i pass account.docusign.com
ar2.Add("scope", odjDTRep.Rows(0)("scope").ToString())
Dim body As String = Base64UrlEncoder.Encode(ar2.ToString)
Dim stringToSign As String = header & "." & body
Dim bytesToSign() As Byte = Encoding.UTF8.GetBytes(stringToSign)
Dim keyBytes() As Byte = Convert.FromBase64String(PrivateKey)
Dim privKeyObj = Asn1Object.FromByteArray(keyBytes)
Dim privStruct = RsaPrivateKeyStructure.GetInstance(privKeyObj)
'This section to generate jwt Signature
Dim sig As ISigner = SignerUtilities.GetSigner("SHA256withRSA")
sig.Init(True, New RsaKeyParameters(True, privStruct.Modulus, privStruct.PrivateExponent))
sig.BlockUpdate(bytesToSign, 0, bytesToSign.Length)
Dim signature() As Byte = sig.GenerateSignature()
Dim sign As String = Base64UrlEncoder.Encode(signature)
Dim a As String = header & "." & body & "." & sign
ServicePointManager.Expect100Continue = True
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
ServicePointManager.SecurityProtocol = DirectCast(3072, SecurityProtocolType)
ServicePointManager.Expect100Continue = True
Dim request As WebRequest = WebRequest.Create("https://account.docusign.com/oauth/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=" & a & "")
request.Method = "POST"
request.ContentType = "application/x-www-form-urlencoded"
request.ContentLength = 0
request.Headers.Add("X-DocuSign-Authentication", "{ ""Username"":""" & odjDTRep.Rows(0)("UserName").ToString() & """, ""Password"":""" & odjDTRep.Rows(0)("Password").ToString() & """, ""IntegratorKey"":""" & odjDTRep.Rows(0)("iss_Int_Key").ToString() & """ }")
Dim response As WebResponse = request.GetResponse()
Console.WriteLine((CType(response, HttpWebResponse)).StatusCode)
If (CType(response, HttpWebResponse)).StatusCode <> HttpStatusCode.OK Then
Return "002:Fail"
End If
Dim dataStream As Stream = response.GetResponseStream()
Dim reader As New StreamReader(dataStream)
Dim responseFromServer As String = reader.ReadToEnd()
reader.Close()
response.Close()
All details I read from SQL table and store in DataTable, from DataTable I pass all details in that code. Any other URL I need change above I mention for production environment?
New code to obtain Access token
var apiCent = new ApiClient("https://demo.docusign.net/restapi");
string ik = "xxxx-6a8b-4a7d-ba0f-xxxx";
string userId = "xxxxx-db97-xxx-a398-0e5986fadf49";
string accountId = "xxxxx-3e10-42af-xxxxx-xxxx";
string envId = "";
string authserver = "account.docusign.com";
string rsaKey = "xxxxxxxxxi7 b8i7SmfRdx8sExxxxxxxKmwIbLFOv1LtmUk/KRP8wPmMeNpq10kAzizzAeqnuBgW9ECHjV/gUA984dzk128UPmIRqTW 69e1dSknGA nJWshyZEqJXmvFB8Ueie5EiCW6FIlXpdLVWwmJwUGiQQsV r8hpmbhSImr5A40HQPPpasYAnKPNDgRbKwxrOONrCdUUre34Up2sk8gcAcMQRwKosPBn6/dAXadYP0sKEGSVKogguNSCyoHOLh74MPepDLnEVs9VAiyk zQEmZxYaXhrV4pvO2C5WNXdnqHUdcC/McZOBVGwRdG0xOaC8t4lplJHjiis 8YQEWQIDAQABAoIBACTzxYJBBWGtVXRyqo jzqmSOKJrBumvtHlC6k7IvYYInJI3IVPV44pC eROAdDiYgQE9LZvag2MW7A8IAeYwWJZhBKCq8odz4plgJaZwX2YdItDP4kSjIOco5W4lMjMQd66KNMTKFkS2fgbtBF0crogO8cuAwn kZtsdFH8IKA LPQjvp09yXZvDN6Q8XTKfcIkW2TqthdUOcJP65h72KwQnQGGvTDAd8p3OsHqAt7LEwW6xg0ci2HT1fGZbdwrXVHFHX9mFPndLmQ1CZlwX8XiVIHYPdbEEjO 3U29jGsi/k8 h54ngcf5H1An8t fdDVzknprbCGOIdynnLFq0CgYEA1os/qHEXObHe Yn2EQWM924hPtOjY5Z6p60EEALaaKVLYiCyhI7fXkhfB0475gC0 HhGgyu0zts04iOE2Agr8Yc8jAkZ3/UGOrbBFoSSyHvKYQaYqdWJ4HjbV3L5jkWSzplmn5/KFM9COMecEpx0cXkhxt1MMC5gu3WKU5QWhMcCgYEAvdLlwOf33KUsG/dojZAtzK6Lz6UoBi nHHg9jZ2V561xSzhrGGBTRkpUL5kf66AOrHRNYZvNX051WCzsQ94NBOzgwykhqcC gYBx6ravoBgyyrw/YICQB69xkxJlq/uGZQf3cvcPfcxFbjySzjCqgmgXewmqJE2U0drnhDVzd8CgYBOGViuB6UNwptJuZgSsDOVqsh9Z2t2CERUH553 aHqMCnV6dMygBP97Vhyf188pgs63AXHIDTsjE2e JEWVzsv7Cv1SibaKQcAfqChgtcwFigg09blFC/hv/0Qw3DnApqjjKIX/4H/u0b/BmLhP4T//bl2 /4NGATsmKgnLqRX5wKBgBFP36ZVQZS896XhTYbDpHmrXZLldB4EUJBXIv38ZkSH2/JJRfMmLdIWS1E//NpHca8muDvzsqpDhJn7qMe4KnVNaqzEBWlGaA4XaCgmm aN3MYKt4nXRo9EfnhMUtXMW8G3caSPyBlapv5dLLPRjGdnk1mdhPUQsUytEdKLpIQvAoGAbcb1rHbHv9AlmBBq5JODGgfN9GbLpPR6KyCtUGPhIrcSyZF00PcIEckwwt1XvqFJXFzFWCs9SEq7YbmGKuxSVZ7NLOOLaX6lZ3HdBiHvqcsCdMiqw9egTqqkn2po7pGCQzwxYmGLBfF MXDo3KTynvNMz31efrZlmQsVq3VBt9U=";
var scopes = new List<string>
{
"signature"
};
OAuth.OAuthToken authToken = apiCent.RequestJWTUserToken(ik, userId, authserver,Encoding.UTF8.GetBytes(rsaKey), 1, scopes);
string accessToken = authToken.access_token;
Now i am getting error as "Unexpected PEM type" , in production account i take IK,UserID and generated new RSA key.
CodePudding user response:
First off, using legacy auth is not allowed for new applications. You are using the X-DocuSign-Authentication header with clear text password which is a legacy mechanism to authenticate. It is insecure and cannot be used.
When using JWT authentication and changing from the developer environment to the production environment you have to do the following:
- Pass go-live and get approval to have your IK (app) in production.
- Promote your IK to your production account.
- Create a new RSA key for the new IK in the production account. You cannot use the RSA key from your developer account.
- The URL for authentication is changed from https://account-s.docusign.com to https://account.docusign.com
- userId for the user will be different GUID - need to update
- accountId for the account will be different GUID - need to update