DocuSign Connector | How to configure JWT Connection Provider Authentication

The MuleSoft DocuSign connector offers you ‌multiple operations through which you can perform different actions in DocuSign. This documentation here provides with different operations available in the DocuSign connector, which you can use within your Mule project. Also, the DocuSign API reference site provides more information on the REST APIs available. We'll now look into the step-by-step procedure to configure JWT connection provider for DocuSign connector.

1. When you would like to integrate and make use of the DocuSign APIs, the initial step is to create a developer account, which will provide you with access to Apps & Keys to create an integration key. Please access https://developers.docusign.com/ >> click on the "Developer Account" button seen at the top right corner >> click on "Create account" and set up a developer account.
2. Once created, please login to the developer account using the same URL specified in step 1. After logging in, click on the profile icon shown in the top right corner and go to "My Apps & Keys" which should eventually take you to this URL. Here, you can find the User ID, API Account ID and Account Base URI, which need to be noted for later use in the connector configuration. 
3. In Apps & Keys page, please click on "Add App and Integration Key" >> Give a App Name and click on "Create App" which redirects you to the page from where we can fetch details like Integration key, Private Key, etc. Here, please copy the Integration Key below the App name and save it in Notes.
4. Hover down on the same page >> Go to "Service Integration" >> click on "Generate RSA" and copy the Private Key. Note: The Private Key cannot be copied again once the window is closed. If closed, you need to generate a new key and copy the Private Key again.
5. Under "Additional settings", please click on "Add URI" under Redirect URIs section. If you're deploying the application locally in Anypoint Studio, you need to mention the Localhost URL i.e, http://localhost/ . In case you wish to deploy the app in Cloudhub or configured DLB, please configure the Cloudhub App url or the DLB URL. 
6. As per the DocuSign documentation, we have to perform a user consent for the created app to use these credentials in an external service. The user who created the app should update the fields in the below URL and access it through a browser to provide consent.
   • https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature impersonation&client_id=YOUR_INTEGRATION_KEY&redirect_uri=YOUR_REDIRECT_URI (Space should be there between signature impersonation in the URL)
   • You'll be redirected to the DocuSign page, which will either ask you to sign into DocuSign (If not signed in already) or show a page to "Allow access". Once you click on "Allow access", you'll be redirected to a page like "This site can't be reached" or "Page Not Found" which is an expected behaviour. Refer:- https://developers.docusign.com/platform/auth/jwt-get-token/ 
7. After capturing the required details in the previous steps, kindly navigate to Anypoint Studio >> click on the DocuSign connector >> click on the "+" sign near the connector configuration and select the connection as "JWT Connection Provider (JWT Grant)" which will list the required fields.
8. Here, kindly fill the Base URI with the Account Base URI and Impersonated user id with the User ID copied from My Account Information in Apps and Keys section(https://apps-d.docusign.com/admin/apps-and-keys).
9. Please paste the Integration key copied from step 3 and paste the Private key from step 4. 
10. Fill in the Requested Scopes field as "signature impersonation" and click on Test Connection to get a successful response. If the "Test connection" fails, you've missed one of the steps described above. Kindly make sure to review the steps again and perform the integration.
11. We can proceed with deploying the app to the target environment i.e, local, Cloudhub, RTF, etc. The deployment log should show the snippet of token fetched as described below if HTTP Debug log is enabled. {"access_token":"eyJ0eXAiOiJNVCIsImFsZyI6Ilxxxxxxxxxxxxxxx","token_type":"Bearer","expires_in":3600,"scope":"signature impersonation"} 
12. Now, you should be able to perform the DocuSign connector operation within the flow after configuring the JWT connection provider as described above.

Disclaimer: This article involves products and technologies which do not form part of the MuleSoft product set. Technical assistance for such products is limited to this article.