Authentication Resource

The Authentication resource provides access to methods that allow you to authenticate user credentials and change a user's password.

The methods in this resource are suitable only for service integrations that use Legacy Header Authentication. For authentication methods for user applications and to learn more about DocuSign authentication see Authentication Overview.

When accessing the API resources, the GET Authentication:login method is the first request you make. It allows you to determine whether a user is authenticated and provides the information you will need to make subsequent API requests.

GET /v2/login_information

Retrieves account information for the authenticated user. Since the API is sessionless, this method does not actually log you in. Instead, the method returns information about the account or accounts that the authenticated user has access to.

Important: This method must only be used for the Legacy Header Authentication flow. Use the AccountServer: userInfo method for the OAuth2 Authentiction Code and Implicit Grant flows.

Each account has a baseUrl property, returned in the response. Use this baseUrl in all future API calls as the base of the request URL.

For each account, the baseUrl property includes the DocuSign server, the API version, and the accountId property.

It is not uncommon for an authenticated user to have access to more than one account (and more than one baseUrl). Depending on your integration's use case, your integration may choose to:

  • Use the account whose isDefault field is true.
  • List the available accounts and ask the user to choose one.
  • Enable the system administrator to set the account that should be used by your integration.

If this method returns successfully, then you also know that the user has successfully authenticated with the DocuSign Signature platform.

PUT /v2/login_information/{loginPart}

Updates the password for a specified user.

POST /v2/oauth2/revoke


Revokes an OAuth2 authorization server token. After the revocation is complete, a caller must re-authenticate to restore access.

POST /v2/oauth2/token


Creates an OAuth2 authorization server token endpoint.