0

Docusign eSignature API has a limit of polling 15 min in 15 minutes for requesting a unique url resources.

However in the documentation it is not explained if normal user behaviour is allowed , which is completely different from polling X in X minutes (e.g. clicking to view an envelope multiple times in a row).

Question 1

Is there a problem in Docusign if the same resource is called multiple times within 15 minutes in normal user actions?

There could be scenarios where the resource needs to be fetched much more frequently within 2 or 3 minutes, but almost 0 the rest of the day for that resource).

Common examples may be: asking for an envelope information, related entities and audit events within a short time span.

Question 2

Do all GET unique resource url have the 15 min rate limiting restrictions in eSignaturesAPI (envelopes, recipients, events, status, templates etc)?

Some documentation indicate only status related endpoints are poll restricted, other docs specify that all GET resources in the eSignaturesAPI are.

Question 3

One alternative for polling is to use Docusign Webhooks (Connect) as suggested in many articles, however to secure it with HMAC, it not possible in combination with oAuth.

The connect keys are associated with the user's account and not the client's app account (each user would have to setup their own keys, which is not feasible). One suggestion seems to be mTLS (which won't be an option).

What other ways exist to secure webhooks when using oAuth?

Wondering how other integrations have done it with the current webhook security limitations.

Pedro Franco
  • 53
  • 6

1 Answers1

0

The reason that DocuSign cares about polling is because developers have built integrations that poll every 1 sec resulting in millions or API calls that clogs the servers.

It sounds like your integration is not doing polling.

Then all you have to do is pass go-live and you should be fine.

The last 20 API calls for your go-live review should adhere to the polling rules, make sure they are so. There's no way for DocuSign to know the intention of API calls, so the polling rule are strict, but they should not be hard for you to figure out.

Inbar Gazit
  • 12,566
  • 1
  • 16
  • 23
  • Thanks for the quick reply. So, all non automated (X in X sec/min polling) requests to eSignatures endpoints (https://developers.docusign.com/docs/esign-rest-api/reference/envelopes/ are allowed) are only bounded by the hourly/burst rate limit (and no limited to doing 2 calls within 15 min) . Currently in the ISV program, but having problems in getting in touch to someone from Docusign to clarify doubts. Are you available for 15min call? – Pedro Franco Aug 25 '21 at 20:54
  • did you try partners@docusign.com ? I'm not sure there's a need for a call, but I'm not the right person for the ISV program. – Inbar Gazit Aug 25 '21 at 22:26
  • Sadly, we are unable to get any support from Docusign (partners) and we are blocked in some areas. – Pedro Franco Aug 26 '21 at 16:09