{"id":2936,"library":"docusign-esign","title":"DocuSign eSignature API Client","description":"The DocuSign eSignature REST API client for Python provides convenient access to the DocuSign eSignature API. It allows developers to integrate e-signature capabilities into their applications, managing envelopes, documents, and recipients. The current version is 6.1.0, with ongoing development and regular releases to reflect API updates and improvements.","status":"active","version":"6.1.0","language":"en","source_language":"en","source_url":"https://github.com/docusign/docusign-esign-python-client","tags":["api-client","e-signature","docusign","rest","oauth","jwt"],"install":[{"cmd":"pip install docusign-esign","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"note":"The top-level import is preferred for simplicity; the longer path is also valid but less commonly used in examples.","wrong":"from docusign_esign.client.api_client import ApiClient","symbol":"ApiClient","correct":"from docusign_esign import ApiClient"},{"note":"The top-level import is preferred; the longer path is also valid but less commonly used in examples.","wrong":"from docusign_esign.configuration import Configuration","symbol":"Configuration","correct":"from docusign_esign import Configuration"},{"note":"Top-level imports are convenient for frequently used API classes (e.g., EnvelopesApi, AccountsApi).","wrong":"from docusign_esign.apis.envelopes_api import EnvelopesApi","symbol":"EnvelopesApi","correct":"from docusign_esign import EnvelopesApi"}],"quickstart":{"code":"import os\nfrom docusign_esign import ApiClient, Configuration, OAuth, AccountsApi\nfrom docusign_esign.client.api_exception import ApiException\n\ndef get_access_token_jwt():\n    # Ensure these environment variables are set or replace with actual values\n    client_id = os.environ.get('DS_CLIENT_ID', 'YOUR_INTEGRATION_KEY')\n    impersonated_user_id = os.environ.get('DS_IMPERSONATED_USER_ID', 'YOUR_IMPERSONATED_USER_ID')\n    # Private key should be the raw PEM bytes, often loaded from a file or env var\n    private_key_bytes = os.environ.get('DS_PRIVATE_KEY_BYTES', 'YOUR_PRIVATE_KEY').encode('utf-8')\n    # Authentication server: 'account-d.docusign.com' for demo, 'account.docusign.com' for production\n    auth_server = os.environ.get('DS_AUTH_SERVER', 'account-d.docusign.com')\n\n    if 'YOUR_' in client_id or 'YOUR_' in impersonated_user_id or 'YOUR_' in private_key_bytes.decode('utf-8'):\n        print(\"Please set DS_CLIENT_ID, DS_IMPERSONATED_USER_ID, DS_PRIVATE_KEY_BYTES, and DS_AUTH_SERVER environment variables.\")\n        return None\n\n    try:\n        # Use the JWT helper to request a token\n        api_client_oauth = OAuth.ApiClient()\n        token_response = api_client_oauth.request_jwt_user_token(\n            client_id=client_id,\n            impersonated_user_id=impersonated_user_id,\n            private_key_bytes=private_key_bytes,\n            expires_in=3600, # 1 hour\n            scopes=[\"signature\", \"impersonation\"],\n            auth_host=\"https://\" + auth_server\n        )\n        return token_response.access_token\n    except ApiException as e:\n        print(f\"Error during JWT token request: {e.reason} - {e.body}\")\n        return None\n\ndef main():\n    # 1. Get Access Token via JWT Grant\n    access_token = get_access_token_jwt()\n    if not access_token:\n        return\n\n    # DocuSign API server: 'demo.docusign.net' for demo, 'naX.docusign.net' for production (X is a number)\n    api_server = os.environ.get('DS_API_SERVER', 'demo.docusign.net')\n    if 'YOUR_' in api_server:\n        print(\"Please set DS_API_SERVER environment variable.\")\n        return\n\n    # 2. Configure API Client\n    config = Configuration()\n    config.host = f\"https://{api_server}/restapi\"\n    config.access_token = access_token\n\n    api_client = ApiClient(config)\n\n    # 3. Make an API call (e.g., get user info)\n    try:\n        accounts_api = AccountsApi(api_client)\n        user_info = accounts_api.get_user_info()\n\n        print(f\"Successfully authenticated user: {user_info.name} ({user_info.email})\")\n        if user_info.accounts:\n            print(f\"Default Account ID: {user_info.accounts[0].account_id}\")\n            print(f\"Base URL for API calls: {user_info.accounts[0].base_url}\")\n        else:\n            print(\"No accounts found for this user.\")\n\n    except ApiException as e:\n        print(f\"Error calling DocuSign API: {e.reason} - {e.body}\")\n    except Exception as e:\n        print(f\"An unexpected error occurred: {e}\")\n\nif __name__ == '__main__':\n    main()","lang":"python","description":"This quickstart demonstrates how to authenticate with DocuSign using JWT Grant, configure the API client, and make a simple call to retrieve user information. It highlights the critical distinction between authentication server and API server host configurations."},"warnings":[{"fix":"Ensure `config.host` is set to the correct API base URL (including `/restapi` and API version, typically `v2.1`), and the `auth_host` parameter in JWT/OAuth methods points to the correct authentication server. Use 'account-d.docusign.com' for demo/sandbox environments and 'account.docusign.com' for production.","message":"The DocuSign API server (e.g., `demo.docusign.net/restapi` or `naX.docusign.net/restapi`) and the OAuth authentication server (e.g., `account-d.docusign.com` or `account.docusign.com`) use distinct base URLs. Misconfiguring `config.host` for API calls or the `auth_host` parameter in OAuth token requests can lead to authentication failures or API connection issues.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Verify all JWT parameters match your DocuSign integration key settings in Admin Console. Ensure the impersonated user has granted consent for your integration key in their DocuSign account. Load the private key as raw PEM bytes (e.g., `open('private_key.pem', 'rb').read()`).","message":"JWT Grant authentication requires precise setup: `client_id` (integration key), `impersonated_user_id` (GUID of the user to impersonate), `private_key_bytes` (the raw PEM private key from your integration app), and correct `scopes` (e.g., 'signature', 'impersonation'). Common errors include 'consent required' (the impersonated user hasn't granted consent to the integration key) or 'invalid_grant' (incorrect client ID, user ID, private key, or scopes).","severity":"gotcha","affected_versions":"All versions using JWT Grant"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}