Skip to content

DocuSign Integration Key

Service Name: DocuSign

Service Description: DocuSign is a leading electronic signature and digital transaction management platform that enables users to electronically sign, manage, and track documents securely.

Service Address: https://www.docusign.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through DocuSign Admin settings.

Secret Access Scope: Grants programmatic access to DocuSign APIs, allowing applications to create, send, and manage electronic signature workflows and documents.

Secret Revokement URL: https://admindemo.docusign.com/authenticate?goTo=apiIntegratorKey

Secret Example: 12345678-1234-1234-1234-123456789abc

Suspicious Activity Investigation Instructions:

  • Review DocuSign account activity logs for unusual document sending or signing patterns
  • Check for unauthorized API calls or integrations using the integration key
  • Monitor for unexpected document creation or template usage
  • Verify if there are any new applications or services connected to your DocuSign account
  • Review user access and permission changes in the DocuSign Admin console

Mitigation Instructions:

  • Log in to your DocuSign Admin account
  • Navigate to "Settings" > "API and Keys"
  • Locate the compromised integration key
  • Click "Delete" or "Revoke" to immediately invalidate the key
  • Create a new integration key if needed for legitimate applications
  • Update any legitimate applications with the new integration key
  • Review and update IP restrictions for API access if applicable
  • Enable additional security features like two-factor authentication
  • Consider implementing JWT authentication for more secure API access