Do I need a paid account to start developing with DocuSign API?

No, you can start developing and testing with a free DocuSign Developer Sandbox account. This environment provides full API functionality for development purposes without any cost.

What is an integration key in DocuSign API?

An integration key, also known as a client ID, is a unique identifier for your application within the DocuSign ecosystem. It is essential for authenticating your API requests and is created in the Apps and Keys section of the DocuSign Admin Console.

How do I get an access token for DocuSign API?

Access tokens are obtained through an OAuth 2.0 flow. Typically, your application will redirect the user to DocuSign for consent, receive an authorization code, and then exchange that code for an access token at DocuSign's token endpoint.

Can I use an SDK instead of making direct HTTP calls?

Yes, DocuSign provides SDKs for several popular languages including C#, Java, Node.js, PHP, Python, and Ruby. These SDKs simplify API interactions by handling authentication, request formatting, and response parsing.

What is the purpose of the DocuSign Developer Sandbox?

The Developer Sandbox is a free, non-production environment designed for building and testing your integrations. It allows you to experiment with API features, send test envelopes, and debug your code without affecting live documents or incurring charges.

What should I do if my first API call fails?

Check your access token's validity, ensure the correct base URI and account ID are used, verify your Redirect URI matches what's configured, and review API logs in the DocuSign Admin Console for detailed error messages. Consult the official DocuSign API documentation for specific endpoint requirements.

How do I move my application from the sandbox to production?

To move from the sandbox to production, your integration key must be promoted by DocuSign after passing a 'Go-Live' review. This review ensures your application meets DocuSign's quality and security standards. You will then need a paid DocuSign API plan.

DocuSign API Getting Started: Quickstart Guide (2026)

DocuSign API getting started involves creating a free developer sandbox account, generating an integration key (client ID), and obtaining an access token. This process enables developers to test e-signature functionalities and integrate document workflows into custom applications without impacting production environments.

Getting started overview

Integrating with the DocuSign API enables developers to embed e-signature capabilities directly into their applications, automate document workflows, and manage transactions programmatically. This guide outlines the essential steps to get started, from setting up a developer account to executing your first API call.

The DocuSign API primarily uses a RESTful architecture, allowing interactions through standard HTTP requests. Authentication is typically handled via OAuth 2.0, providing secure access to user resources. Developers can choose to build directly against the REST API or utilize one of the available SDKs for C#, Java, Node.js, PHP, Python, or Ruby to streamline development.

Before making production calls, all development and testing should occur within a DocuSign Developer Sandbox environment. This free tier provides a fully functional, non-production environment where applications can be developed and tested without incurring charges or affecting live documents.

Here is a quick reference table for the getting started process:

Step	What to Do	Where
1. Create Account	Sign up for a free DocuSign Developer Sandbox account.	DocuSign Developer Center
2. Get Keys	Create an integration key (client ID) and generate a secret key.	DocuSign Admin Console > Apps and Keys
3. Configure Redirect URI	Add a valid redirect URI for OAuth 2.0.	DocuSign Admin Console > Apps and Keys
4. Obtain Access Token	Use OAuth 2.0 to get an access token for API authentication.	Via OAuth flow (e.g., Authorization Code Grant)
5. Make First Request	Send a simple API call, such as retrieving account information.	Using a tool like cURL or an SDK

Create an account and get keys

To begin using the DocuSign API, you must first create a free developer account. This account grants access to the Developer Sandbox, which is essential for testing and development. Navigate to the DocuSign Developer Center and follow the prompts to sign up for a new account. Upon successful registration, you will receive an email to activate your account and set your password.

Once your developer account is active, log in and proceed to the Apps and Keys section within the DocuSign Admin Console. Here, you will create a new app, which generates an integration key (also known as a client ID). This key uniquely identifies your application to DocuSign. While creating the app, you will also generate a secret key, which is used in conjunction with your integration key for authentication purposes. Ensure you securely store your secret key as it will not be retrievable after initial generation.

For OAuth 2.0 flows, it is crucial to configure at least one Redirect URI. This URI specifies where DocuSign should redirect the user's browser after they have granted consent to your application. For development, a common practice is to use a local development server address (e.g., http://localhost:8080/callback). The Redirect URI must exactly match the URI provided in your OAuth requests.

DocuSign supports various OAuth 2.0 grant types, including Authorization Code Grant, Implicit Grant, and JSON Web Token (JWT) Grant. The choice of grant type depends on your application's architecture and security requirements. For server-side applications, the Authorization Code Grant is typically recommended for its enhanced security by exchanging an authorization code for an access token directly between your server and DocuSign's authorization server, as detailed in the OAuth 2.0 Authorization Code Grant specification.

Your first request

After setting up your account, obtaining an integration key, and configuring a redirect URI, the next step is to acquire an access token. This token authenticates your API requests. For the Authorization Code Grant flow, your application will first direct the user to DocuSign's authorization endpoint. Upon user consent, DocuSign redirects the user back to your specified Redirect URI with an authorization code. Your application then exchanges this code for an access token at DocuSign's token endpoint.

Here's an example using cURL to exchange an authorization code for an access token:

curl -X POST "https://account-d.docusign.com/oauth/token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "grant_type=authorization_code" \
     -d "code=YOUR_AUTHORIZATION_CODE" \
     -d "client_id=YOUR_INTEGRATION_KEY" \
     -d "client_secret=YOUR_SECRET_KEY" \
     -d "redirect_uri=YOUR_REDIRECT_URI"

Once you have a valid access token, you can make your first API call. A common initial request is to retrieve information about your DocuSign account. This confirms that your authentication and API setup are correct. The base URI for API calls in the Developer Sandbox is https://demo.docusign.net/restapi/v2.1/accounts/YOUR_ACCOUNT_ID.

To find your YOUR_ACCOUNT_ID, you can make an initial call to the /oauth/userinfo endpoint after obtaining your access token. This endpoint provides details about the authenticated user and their associated accounts, including the account_id. Alternatively, the account ID is visible in your DocuSign Admin Console.

Here's a cURL example to retrieve account information:

curl -X GET "https://demo.docusign.net/restapi/v2.1/accounts/YOUR_ACCOUNT_ID" \
     -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
     -H "Content-Type: application/json"

A successful response will return JSON object containing details about your DocuSign account, such as its name, plan information, and status. This confirms your ability to communicate with the DocuSign API.

Common next steps

Once you have successfully made your first API call, you can explore more advanced functionalities. Common next steps include:

Sending an Envelope: The core function of DocuSign is sending documents for signature. This involves creating an envelope, adding documents, defining recipients (signers), and specifying their signing locations (tabs). The DocuSign API documentation on sending envelopes provides detailed examples.
Embedding Signing: For seamless user experiences, you can embed the signing process directly into your application. This eliminates the need for recipients to navigate away from your site to sign.
Using Webhooks (Connect): To receive real-time updates on envelope status changes (e.g., when an envelope is completed or declined), configure DocuSign Connect webhooks. This allows your application to react to events without constant polling of the API. For example, similar to how Stripe's webhook documentation describes event handling, DocuSign Connect sends POST requests to a specified URL with event data.
Exploring SDKs: While direct API calls are possible, using one of the DocuSign SDKs (C#, Java, Node.js, PHP, Python, Ruby) can significantly simplify development by abstracting HTTP requests and handling authentication complexities.
Error Handling: Implement robust error handling in your application to gracefully manage API responses that indicate issues, such as invalid parameters or authentication failures. The DocuSign API returns standard HTTP status codes and detailed error messages in JSON format.

Troubleshooting the first call

Encountering issues during your first API call is common. Here are some troubleshooting tips:

Invalid Access Token: Ensure your access token is current and correctly included in the Authorization: Bearer header. Access tokens have an expiration time (typically one hour for Authorization Code Grant) and must be refreshed.
Incorrect Base URI: Verify that you are using the correct base URI for the Developer Sandbox (https://demo.docusign.net/restapi/v2.1). Using a production URI will result in authentication failures if your integration key is not provisioned for production.
Mismatched Redirect URI: If using OAuth 2.0, confirm that the redirect_uri parameter in your authorization request exactly matches one of the URIs configured for your integration key in the DocuSign Admin Console.
Missing Account ID: Many API endpoints require your DocuSign account ID. Ensure you include the correct account ID in the URL path where required. Retrieve it from the /oauth/userinfo endpoint or the Admin Console.
CORS Issues: If making requests from a web browser, Cross-Origin Resource Sharing (CORS) policies can block requests. Ensure your server-side component handles API calls to avoid browser-imposed restrictions.
API Logging: DocuSign provides API logging within the Admin Console, which can help you inspect the details of incoming requests and DocuSign's responses. This is invaluable for debugging authentication and payload issues.
Review Documentation: Refer to the DocuSign eSignature REST API Reference for specific endpoint details, required parameters, and expected response formats.

DocuSign API Getting Started: Quickstart Guide (2026)

Getting started overview

Create an account and get keys

Your first request

Common next steps

Troubleshooting the first call

Frequently asked questions

Reviews

Discussion

Written by

Getting started overview

Create an account and get keys

Your first request

Common next steps

Troubleshooting the first call

Related

Frequently asked questions

Reviews

Discussion

Written by