0

I would like to use the REST API to get a URL to open the sender view:

curl --request POST 'https://demo.docusign.net/restapi/v2/accounts/001122/envelopes/33fef057-1111-1111-8e81-5d93739ae4fd/views/sender' --data '{}' -H 'Accept: application/json' -H 'Authorization: bearer xxxxxxx=' -H 'Content-Length: 2' -H 'Content-Type:application/json'

Response from DocuSign:

{
  "url": "https://demo.docusign.net/Member/StartInSession.aspx?StartConsole=1&t=888db3ea-1e85-4860-a8e5-e9b37f38d769&DocuEnvelope=29fae057-9213-4485-8e81-5d93739ae4fd&send=1"
}

In our application, I would like to create an envelope in the "created" status with default values and then open the sender view so that the user can complete the envelope and send it.

The end user is not supposed to know the credentials for the authenticating user that I am using to create the envelope and to open the sender view: the url returned by the API contains a token that should work for some minutes.

I have implemented this solution and everything works, but there is something that I was not expecting. I thought that the url returned could be used only to execute a single operation (to send the envelope), but it seems that the user has complete access to the account as if he/she has executed a login.

Is there a way to limit the access just to the sender view for the given envelope?

Thank you, Marco

Marco Altieri
  • 3,726
  • 2
  • 33
  • 47
  • 1
    What do you want your senders to be able to do? Do you want them to be able to edit recipient info such as email and name? Do you want them to be able to add recipients? Add tabs? I ask because there are some specific recipient types that allow your recipients to modify the envelope, check out the types `Agents`, `Editors`, and `Intermediaries`: https://www.docusign.com/developer-center/explore/features/recipients – Ergin Jun 19 '14 at 20:25
  • Thank you Ergin, I am thinking to use these types of recipients but I would like also that the senders could be able to choose a different template, removes recipients, add other documents and modify the visibility of them. – Marco Altieri Jun 19 '14 at 22:03

2 Answers2

1

Using the embedded Sender view (or the embedded Correct view) will always grant the user (sender) the same access to that DocuSign account as they would have if they logged into the console directly with the credentials supplied in the API request header. i.e., even though they are initially taken directly into the Envelope that the API request specifies, there's nothing to prevent them from navigating outside of that Envelope to other areas of the DocuSign console, where they'll have full access to the account to view/send/delete Envelopes, etc.

Kim Brandl
  • 13,125
  • 2
  • 16
  • 21
0

I had a similar requirement while using the embedded sending and signing using Docusign APIs. If you want to customize the sender view and restrict him to access the other docusign features of his account, you can look into branding. As an admin user you can edit the branding details of a docusign account to enable and disable certain options like "Go Back" to dashboard options. Refer to below link for more details,

https://10226ec94e53f4ca538f-0035e62ac0d194a46695a3b225d72cc8.ssl.cf2.rackcdn.com/quick-start-account-branding.pdf

Srivathsal
  • 51
  • 1
  • 8