DocuSign Integration Key
Service Name: DocuSign
Service Description: DocuSign is a leading electronic signature and digital transaction management platform that enables users to electronically sign, manage, and track documents securely.
Service Address: https://www.docusign.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through DocuSign Admin settings.
Secret Access Scope: Grants programmatic access to DocuSign APIs, allowing applications to create, send, and manage electronic signature workflows and documents.
Secret Revokement URL: https://admindemo.docusign.com/authenticate?goTo=apiIntegratorKey
Secret Example: 12345678-1234-1234-1234-123456789abc
Suspicious Activity Investigation Instructions:
- Review DocuSign account activity logs for unusual document sending or signing patterns
- Check for unauthorized API calls or integrations using the integration key
- Monitor for unexpected document creation or template usage
- Verify if there are any new applications or services connected to your DocuSign account
- Review user access and permission changes in the DocuSign Admin console
Mitigation Instructions:
- Log in to your DocuSign Admin account
- Navigate to "Settings" > "API and Keys"
- Locate the compromised integration key
- Click "Delete" or "Revoke" to immediately invalidate the key
- Create a new integration key if needed for legitimate applications
- Update any legitimate applications with the new integration key
- Review and update IP restrictions for API access if applicable
- Enable additional security features like two-factor authentication
- Consider implementing JWT authentication for more secure API access