# Docusign
Docusign (opens new window) is a secure eSignature solution that provides electronic signature technology and digital transaction management services that enable businesses to create fully digital workflows.
# API version
The Docusign connector uses the Docusign eSignature REST API (opens new window).
# Supported editions and versions
The Docusign connector works with all Docusign plans:
- Personal
- Standard
- Business Pro
# Prerequisites
The prerequisite steps for connecting to Docusign depend on your authentication method:
ROLES AND PERMISSIONS
Docusign users who can sign in to Docusign can connect to Docusign from Workato. The user has the same permissions (opens new window) on Workato as in Docusign. This means they have the same capabilities to view, manage, and send envelopes per their respective permissions on the Docusign platform.
# Retrieve your User ID
Complete the following steps to retrieve your User ID (API Username):
Sign in to Docusign.
Go to Admin > Apps and Keys.
Locate the API Username on this page and record this value in a secure location. This value is required as the User ID when establishing the JWT Token connection in Workato.
# Create an integration key
Complete the following steps to create an integration key in your Docusign instance:
On the Apps and Keys page, click Add App and Integration Key.
Enter a name for your application, such as Workato Integration.
Click Create App.
Record your Integration Key (also known as Client ID) in a secure location. This value is required to establish the connection in Workato.
# Generate an RSA keypair
Complete the following steps to generate an RSA keypair for JWT authentication:
Go to the Service Integration section in your integration app settings.
Click Generate RSA to create a new RSA keypair.
Copy the Private Key and save it in a secure location. This value is required to establish the connection in Workato.
SAVE YOUR PRIVATE KEY
The private key is only displayed once. After you close this dialog, you won't be able to retrieve it again. If you lose it, you must generate a new keypair.
Click Close to save the keypair to your integration.
# Add the redirect URI
Complete the following steps to add the redirect URI:
Go to the Additional settings > Redirect URIs section in your integration app settings.
Click + Add URI.
Enter https://www.workato.com/oauth/callback in the Redirect URIs field.
Click Save.
# Obtain consent for Send On Behalf Of
The Send On Behalf Of field enables you to send envelopes from different users' email addresses when using JWT Token authentication.
This field is available in the following actions:
This field requires two types of consent:
- Admin consent for the JWT app (one-time setup for the organization)
- Individual user consent for each user you plan to send on behalf of
# Obtain admin consent
Use the Docusign Admin panel to grant consent to your JWT app on behalf of all users within your organization's claimed domains. This authorization grants app access to all domain users, with access limited by the permissions you specify. This is a one-time configuration.
PREREQUISITES FOR ADMIN CONSENT
- Your organization must have the Docusign Admin feature enabled.
- Your organization must have at least one claimed domain. Refer to Claim a domain (opens new window) in the Docusign documentation.
- You must have created an integration key for your app.
Complete the following steps to obtain admin consent:
Sign in to Docusign as an organization administrator.
Open your Organization (opens new window) home page in Docusign Admin.
Select Connected Apps from the left navigation.
Select Authorize Application and choose your application from the drop-down menu. This menu lists every integration key by name (for example, Workato Integration).
Enter the signature impersonation permissions in the Add New Application dialog.
These permissions apply to every user who is a member of the organization's claimed domains.
Click Add to confirm and authorize the application.
Refer to How to obtain admin consent for internal applications (opens new window) in the Docusign documentation for more information.
# Obtain individual user consent
Each user whose email address you plan to use in the Send On Behalf Of field must grant individual consent to your JWT app. This allows the app to act on their behalf when sending envelopes.
INTEGRATION KEY AND REDIRECT URI
The integration key and redirect URI from the prerequisites are required for individual consent. Ensure you've completed those steps first.
Complete the following steps to obtain individual user consent:
CONSENT DURING CONNECTION
When you connect using JWT Token authentication, Docusign prompts you to grant consent. This grants individual consent for the user who authenticates the connection. You only need to follow the steps above for additional users you plan to send on behalf of.
Refer to How to obtain individual consent (opens new window) in the Docusign documentation for more information.
# How to connect to Docusign
The Docusign connector supports the following authentication methods:
AUTHENTICATION AND SENDING
JWT Token authentication with the impersonation scope enables sending documents from different users' email addresses using the Send On Behalf Of field. This field requires both admin consent for the JWT app and individual user consent.
With standard OAuth 2.0 (Authorization Code Grant), all documents are sent from the email address of the user who authorized the connection. The Send On Behalf Of field is not available with OAuth 2.0 authentication.
# JWT Token
Complete the following steps to connect to Docusign using JWT Token authentication:
Click Create > Connection.
Search for and select Docusign on the New connection page.
Enter a name for your connection in the Connection name field.
Connect to Docusign using JWT Token authentication
Use the Location drop-down menu to select the project or folder where you plan to store your connection.
Use the Auth type drop-down menu to select JWT Token.
Use the Demo drop-down menu to indicate if this is a demo Docusign account. Select Yes for demo/sandbox accounts or No for production accounts.
Enter the integration key from your Docusign application in the Client ID field.
Enter the User ID (API Username) from the prerequisites steps in the User ID field.
Enter the RSA private key from the prerequisites steps in the Private key field. Include the complete private key including the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- headers.
Optional. Enter the Connect key in the Connect key field to validate your webhook requests. Refer to Add HMAC keys for your app (opens new window) in the Docusign documentation for more information.
Click Connect. Workato redirects you to Docusign to authorize the connection.
Click Allow Access to grant the Workato integration permission to access your account.
JWT consent screen
# OAuth 2.0 (Authorization Code Grant)
Complete the following steps to connect to Docusign using OAuth 2.0 authentication:
Click Create > Connection.
Search for and select Docusign on the New connection page.
Enter a name for your connection in the Connection name field.
Connect to Docusign using OAuth 2.0 (Authorization Code Grant) authentication
Use the Location drop-down menu to select the project or folder where you plan to store your connection.
Use the Auth type drop-down menu to select OAuth 2.0 (Authorization Code Grant).
Use the Demo drop-down menu to indicate if this is a demo Docusign account. Select Yes for demo/sandbox accounts or No for production accounts.
Optional. Enter the Account ID to specify a specific Docusign account when you have multiple accounts. You can find the account ID by navigating to Admin > Apps and Keys > API Account ID. The connection selects your first Docusign account by default.
Optional. Enter the Connect key in the Connect key field to validate your webhook requests. Refer to Add HMAC keys for your app (opens new window) in the Docusign documentation for more information.
Click Connect.
Last updated: 12/5/2025, 8:14:08 PM