Skip to content

DocuSign API Key

Service Name: DocuSign

Service Description: DocuSign is a leading electronic signature and digital transaction management platform that enables users to send, sign, and manage documents electronically in a secure environment.

Service Address: https://www.docusign.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through DocuSign Admin settings.

Secret Access Scope: Grants programmatic access to DocuSign APIs, allowing applications to create, send, and manage electronic signature workflows and documents.

Secret Revokement URL: https://developers.docusign.com/platform/auth/keys-and-apps/

Secret Example: 1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p

Suspicious Activity Investigation Instructions:

  • Review DocuSign account activity logs for unusual document sending or signing patterns.
  • Check for unauthorized API integrations or applications connected to your DocuSign account.
  • Monitor for unexpected changes in account settings or user permissions.
  • Examine API usage metrics for abnormal request volumes or patterns.
  • Verify if documents were created, sent, or accessed from unusual locations or devices.

Mitigation Instructions:

  • Log in to your DocuSign Admin console.
  • Navigate to API and Keys section under Integrations.
  • Locate the compromised API key and select Revoke or Delete.
  • Generate a new API key if needed for legitimate applications.
  • Update any authorized applications with the new API key.
  • Review and update IP restrictions for API access if available.
  • Consider implementing additional security measures such as OAuth 2.0 for application integrations.
  • Audit user access and permissions to ensure only authorized personnel can create API keys.