After closing user membership, their data often needs to be anonymized (GDPR requirements). Of course, I understand their history with signatures and envelopes will still be present, but that's acceptable and reasonable for legal purposes. However, we would like to remove the user's full name, phone, company & job info from the closed profiles. Ideally, replacing their (now inactive) company email address with some dummy value also would be great.
Here's what I found and had some problems (and surprises) with:
I have to use CreateBulkImportSingleAccountUpdateUsersRequest method for updating even single users because eSignUserManagement:updateUser surprisingly does not include phone number field! No phone here https://developers.docusign.com/docs/admin-api/reference/usermanagement/esignusermanagement/updateuser/ nor do I see it in .net SDK data structures.
updating first name, last name, jobtitle, phone, company works fine through CreateBulkImportSingleAccountUpdateUsersRequest as long as the user is not closed (using CloseMemberships API method for closing). If the user is closed, then, surprisingly, their full name does not react to first name, last name changes. However, jobtitle, phone and company gets updated just fine.
Here's the example CSV I'm sending for update (all the data is faked for testing, so it's safe to share):
APIUserName,FirstName,LastName,UserEmail,eSignPermissionProfile,UserTitle,CompanyName,Phone
52f147f2-b7c6-480f-8e61-369fb7777777,Testersa,Docuapisa,ignore@nosuchmail.com,DocuSign Sender,Docusign APPA,Test ABBAR,+1234567555
It works fully and correctly when user is not closed.
Am I doing something wrong or it's "by design" that Full Name stops reflecting FirstName,LastName changes if the user is closed?
- if I try to also change an email address in the CSV, then the batch request fails for closed users with "membership_not_in_account" error. I tried using UpdateEmailAddress API but that always returns Unauthorized error:
{"error":"unauthorized","error_description":"Not Authorized","reference_id":"..."}
Actually, I noticed that updating email does not work even when user is not closed. So I was wondering if it's caused by the fact that we have not yet configured Auto Activation properly? We are still in progress of setting up domains with SSO provider and require_identity_provider_auth. Will we be able to anonymize email addresses even for closed accounts when we get auto-activation feature working, or are closed accounts so special that they won't react to email updates?
I'm also highlighting some other Admin API inconsistencies below:
https://developers.docusign.com/docs/admin-api/reference/bulkoperations/userimport/updatebulkuserimports/ The description says:
The update CSV file requires an APIUserName column, and does not have an AutoActivate column.However, the table right below that text seems to be exact copy-paste from user creation CSV - it has no APIUserName and has AutoActivate, that should not be there, according to the note. Also, when we look inside the example CSV there, we see that APIUserName is actually not any kind of name but user's GUID. This can be confusing. Why not just call it ID or UserID? Another small problem with the example CSVs (both for adding and updating users) is that "UserTitle" is correctly described as "The user's job title." in the docs, but the example CSV has value "Mr.". Clearly DocuSign team themselves got a bit confused by the naming and wrongly treated UserTitle for what it sounds like instead of a job title. It would be good to fix the CSV.Single-account update documentation (https://developers.docusign.com/docs/admin-api/reference/bulkoperations/singleaccountuserimport/createbulkimportsingleaccountaddusersrequest/ https://developers.docusign.com/docs/admin-api/reference/bulkoperations/singleaccountuserimport/createbulkimportsingleaccountupdateusersrequest/ ) does not mention the limits. Multi-account methods say "Update limit: You can update up to 2,000 users on an account and include up to 50 accounts per import. The maximum number of updated users per import is 8,000." The question - which of these limits is true for single-account APIs - 2000 per entire account or 8000 per entire CSV (which in this case is for single account only)? It would be very helpful to add the correct limit to the documentation.
in eSignUserManagement:createUser https://developers.docusign.com/docs/admin-api/reference/usermanagement/esignusermanagement/createuser/#parameters_newuserrequestaccountproperties job title and company name is in NewUserRequestAccountProperties. But in eSignUserManagement:updateUser https://developers.docusign.com/docs/admin-api/reference/usermanagement/esignusermanagement/updateuser/#parameters_updatemembershiprequest job title and company name is in UpdateMembershipRequest. The data structures differ noticeably creating confusion.
plural/singular naming confusion. eSignUserManagement:addUsers API - actually accepts a single user as parameter. eSignUserManagement:updateUser API - actually accepts a list of users.
some API methods require site_id which is not documented anywhere. By pure luck I found I can get it from GetUserProfiles API (but not GetUsers API) instead of hard-coding some magic string values (see also https://stackoverflow.com/a/73038517/217823 ).
in UI, the sender permission is named "DS Sender". However, when loading permission profiles through GetPermissions API, the name is "DocuSign Sender". This might cause confusion as to which name should be used in the CSV for bulk import. In my case, I'm using permission ID from UI and then fetching the proper name through GetPermissions, whatever it may be. However, it could confuse developers who want to specify the name right in the CSV.
DocuSign CSV processing seems to not fully support RFC 4180 technical standard https://datatracker.ietf.org/doc/html/rfc4180 regarding point 7. When I attempt to upload a CSV with a value that contains properly escaped quotes, DocuSign API fails with an error invalid_csv_data_or_syntax. To be more specific, I'm calling CreateBulkImportSingleAccountUpdateUsersRequest with the following CSV:
APIUserName,FirstName,LastName,UserEmail,eSignPermissionProfile,UserTitle,CompanyName,Phone
2ce69e93-983a-47f3-911a-995b29aeae2e,Tester,Docuapi,ignore2_dcs777@nosuchmail.com,DocuSign Sender,"Docusign ""Tester Ltd"" APP",Test AB,+1234567555
It fails because of "Docusign ""Tester Ltd"" APP" which has the outer double-quotes, according to RFC 4180 point 6, and also has inner quotes doubled as a means of escaping them, according to RFC 4180 point 7. Currently, I had to apply a workaround to our values to replace " with ' - then it works fine.
- CreateBulkImportSingleAccountAddUsersRequest method lies about the update results (at least when using .net SDK). For example, after calling CreateBulkImportSingleAccountAddUsersRequest and then waiting for GetBulkUserImportRequest to return the final result, it returns UpdatedUserCount = 3 for the users that already existed on DocuSign, although no user data was actually updated. Of course, they should not be updated because it is AddUsers method and not UpdateUsers, but then the result should have UpdatedUserCount = 0 and not some other value. It makes sense also to check other Add/Update batch methods for their results being truthful to the actions performed, to avoid confusion of seeing updated / created counts for the methods with the opposite logic.
