DocuSign, Node SDK, JWT auth, Envelope fetch, "The custom error module does not recognize this error."

Question

[FINAL UPDATE] Fixed per this thread: https://github.com/docusign/docusign-esign-node-client/issues/295

Apparently related to security additions made to DocuSign's API.

---

I haven't encountered this issue before today. I gave a demo to a client just last week and the same code was working fine. Today I get the following:

{
    "status": 444,
    "response": {
        "req": {
            "method": "GET",
            "url": "https://demo.docusign.net/restapi...",
            "data": {},
            "headers": {
                "user-agent": "node-superagent/3.8.2",
                "x-docusign-sdk": "Node",
                "authorization": "Bearer ABC...",
                "content-type": "application/json",
                "accept": "application/json"
            }
        },
        "header": {
            "content-type": "text/html",
            "x-docusign-tracetoken": "2eeb8caa-8865-4898-bef9-d3611bfaa3f7",
            "x-docusign-node": "DA2DFE5",
            "date": "Fri, 17 Jun 2022 01:02:02 GMT",
            "content-length": "54",
            "connection": "close",
            "strict-transport-security": "max-age=31536000; includeSubDomains"
        },
        "status": 444,
        "text": "The custom error module does not recognize this error."
    }
}

Through the node SDK I fetch a token using requestJWTUserToken, and set the apiclient's auth header, then I new-up an EnvelopesAPI instance. When I make a call to getEnvelope() or listStatusChanges(), then I get the error above. None of this code has changed in months, and I'm using the same integration key, account, private key, everything. I've demo'd it all a few times now - no issues.

An interesting observation: the error above gives me a URL and token. The token is valid, and if I make a request to the URL (the envelopes endpoint) via Postman using said token, then the request succeeds. So my calls through the SDK seem to be failing for some reason.

I can't seem to crack this one, and now I can't get around it given a couple demo systems that worked just last week.

I'm using the docusign-esign 5.17 module - upgraded from 5.15 in an attempt to fix the issue. No luck.

Where is this error coming from?

[Update 1]

I'm running my node app that is making requests through the DocuSign Node SDK against a proxy so I can see what the failing request actually look like:

They fail the same way.

HTTP/1.1 444 
Content-Type: text/html
X-DocuSign-TraceToken: 338534c6-c8c3-4b01-9b66-35d697cd0053
X-DocuSign-Node: DA1DFE4
Date: Fri, 17 Jun 2022 03:55:07 GMT
Content-Length: 54
Vary: Accept-Encoding
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains

The custom error module does not recognize this error.

I'm using Proxyman to catch the request, and like Chrome or Firefox it will let you copy a request as a cURL command. If I copy the failing request as cURL, then run in at the terminal, it succeeds.

[MacBookPro0020]~/source/docusign/jwt-smoke-test:0 (master)
$ curl 'https://demo.docusign.net/restapi/v2.1/accounts/a0a4c81f-.../envelopes?envelope_ids=e750526f-...&envelope_ids=a38b794b...&envelope_ids=a5d8c586-...' \
-H 'Host: demo.docusign.net' \
-H 'User-Agent: node-superagent/3.8.2' \
-H 'X-DocuSign-SDK: Node' \
-H 'Node-Ver: v14.18.3' \
-H 'Authorization: Bearer ABCD...' \
-H 'Accept: application/json' \
-H 'Connection: close' \
-H 'Content-Type: application/json' \
--proxy http://localhost:9090
{"resultSetSize":"1","startPosition":"0","endPosition":"0","totalSetSize":"1","nextUri":"","previousUri":"","envelopes":[{"status":"created","documentsUri":"/envelopes/d97565c8...purgeState":"unpurged","envelopeIdStamping":"true","autoNavigation":"true","isSignatureProviderEnvelope":"false","allowComments":"true","anySigner":null,"envelopeLocation":"current_site"}]}

I'm using a JWT auth token, so again, I'm getting a valid token. Calls through the SDK consistently fail, but cURL'ing and manually requesting through Postman both succeed.

I'm at a loss.

Additional details: I see this same issue on MacOS and Windows (i.e., node app hosting docusign-esign). I'm using auth code grant to send envelopes and query envelope statuses and that works fine. I've used JWT Grant without issue up until this week (just demo'd automated functionality last week and it worked.) I haven't made any code changes to my DocuSign functionality, nor have my colleagues, at least according to the repo's history.

I don't recall ever encountering the error above before. I'd love to know why cURL'ing the same request succeeds. I'd rather not ditch the SDK and roll my own requests, but it wouldn't be difficult.

[Update 2]

Here's a simple repro - it's a quick and dirty copy of the QuickStart demo project for the node SDK. I'm using only docusign-esign.

Exact. same. issue.

Again, I can take that token and drop it into cURL or postman and the request will succeed. There's not a lot of code here. The token is valid.

async function main() {
    // Data used
    // dsConfig.dsClientId
    // dsConfig.impersonatedUserGuid
    // dsConfig.privateKey
    // dsConfig.dsOauthServer

    let dsConfig = dsConfig_customer; // defined globally

    const jwtLifeSec = 10 * 60, // requested lifetime for the JWT is 10 min
        dsApi = new docusign.ApiClient();

    dsApi.setOAuthBasePath(dsConfig.dsOauthServer.replace('https://', '')); // it should be domain only.

    const results = await dsApi.requestJWTUserToken(dsConfig.dsClientId,
        dsConfig.impersonatedUserGuid, 'signature impersonation', dsConfig.privateKey,
        jwtLifeSec);

    console.log( results.body.access_token );

    const userInfo = await dsApi.getUserInfo(results.body.access_token);

    dsApi.setBasePath(userInfo.accounts[0].baseUri + '/restapi');
    dsApi.addDefaultHeader( 'Authorization', 'Bearer ' + results.body.access_token );
    const envelopesAPI = new docusign.EnvelopesApi(dsApi);
    const res = await envelopesAPI.getEnvelope( dsConfig.accountID, 'e1917111-2900-48e8-9054-799169379c8a', null );
    console.log(res);

    return {
        accessToken: results.body.access_token,
        tokenExpirationTimestamp: expiresAt,
        userInfo,
        account: userInfo.accounts[0]
    };
}

main().then(result => console.log(result)).catch(err=>console.error(err));

...
    header: {
      'content-type': 'text/html',
      'x-docusign-tracetoken': '685b6226-a0d3-4547-94c7-df0216d884a3',
      'x-docusign-node': 'DA2DFE188',
      date: 'Fri, 17 Jun 2022 05:20:12 GMT',
      'content-length': '54',
      vary: 'Accept-Encoding',
      connection: 'close',
      'strict-transport-security': 'max-age=31536000; includeSubDomains'
    },
    statusCode: 444,
    status: 444,
    statusType: 4,
    info: false,
    ok: false,
    redirect: false,
    clientError: true,
    serverError: false,
    error: Error: cannot GET /restapi/v2.1/accounts/49754554-ABCD-.../envelopes/e1917111-2900-48e8-9054-799169379c8a (444)
...

Answer 1

I finally manage to resolve the issue by downgrading my Docusign SDK NodeJS version from 5.15.0 to 5.7.0 in my package.json file.

An issue relative to this can be find there, I really hope this issue will be resolved anytime soon.

Edit :

The Docusign support actually took action on this (the github's issue from above is now closed), it might be interesting to test again with the latest version of Docusign SDK NodeJS (or the one you were using previously).