EnvelopeViews: createRecipient

Returns a URL that enables you to embed the recipient view of the DocuSign UI in your applications. If the recipient is a signer, then the view will provide the signing ceremony.

Note: Please redirect the client to the URL. iFrames should not be used, especially if the recipient is using a mobile or tablet.

This method is only used with envelopes in the sent status.

Your application is responsible for authenticating the identity of the recipient or signer when you use this method. Use the parameters assertionId, authenticationInstant, authenticationMethod, clientUserId, and securityDomain to record information on how the recipient was authenticated. At a minimum, authenticationMethod and clientUserId are required. The information that you provide is included in the envelope's certificate of completion.


After the signer completes or ends the signing ceremony, DocuSign will redirect the user's browser back to your app via the returnUrl that you supply. (The user is redirected through a different subdomain, depending on the region of the account sending the envelope. Please verify your domain whitelist.)

The event status parameter

DocuSign appends an event query parameter to the URL with the outcome of the signing ceremony. Your app can use this event parameter to determine the next step for the envelope. Do not fetch the envelope status by using Envelopes::get or a similar method because doing so could break the DocuSign rule against polling.

Note: Because a user can cancel redirection, close their browser after signing, or spoof the landing URL. Hitting the ReturnUrl should not be the single source of truth for envelope status for your integration.

The URL is time-limited

The URL returned by this method is valid for one use, and you must use or display it within a couple of minutes after it is generated. AFter the recipient is redirected to the recipient view, they must interact with the DocuSign system periodically or their session will time out.

Because the URL is time-limited, it should not be stored or sent through email. After you receive it, immediately redirect the user's browser to the URL.

If you want to invite someone to an embedded signing session via email, the email invitation's URL must be to your application. When invoked, your app should request a recipientView URL from DocuSign and then redirect the signer to that URL.

Maintaining State

After the recipient completes the recipient view (or signing ceremony), they are redirected to your application. Your application can recover state information about the transaction by storing information in a cookie, or by including query parameters in the returnUrl field. Eg, https://myapp.eg.com/docusign_return?myState=12345 When the user is redirected to your app, the event query parameter will be appended. In this example, prevent spoofing by not using a guessable value as the state value.

Note: You can revoke the URL by making the DELETE call to the same URL with no request body.


HTTP request

POST /restapi/v2.1/accounts/{accountId}/envelopes/{envelopeId}/views/recipient


Parameter NameValueDescription
Path Parameters

The external account number (int) or account ID GUID.


The envelope's GUID.

Example: 93be49ab-xxxx-xxxx-xxxx-f752070d71ec



Successful response.


Error encountered.


SDK Method




This object describes errors that occur. It is only valid for responses and ignored in requests.


The code associated with the error condition.


A brief message describing the error condition.


The request body for the EnvelopeViews::createRecipient and EnvelopeViews::createSharedRecipient methods.


A unique identifier of the authentication event executed by the client application.


A sender-generated value that indicates the date and time that the signer was authenticated.


Required. Choose a value that most closely matches the technique your application used to authenticate the recipient / signer.

Choose a value from this list:

  • Biometric
  • Email
  • HTTPBasicAuth
  • Kerberos
  • KnowledgeBasedAuth
  • None
  • PaperDocuments
  • Password
  • RSASecureID
  • SingleSignOn_CASiteminder
  • SingleSignOn_InfoCard
  • SingleSignOn_MicrosoftActiveDirectory
  • SingleSignOn_Other
  • SingleSignOn_Passport
  • SingleSignOn_SAML
  • Smartcard
  • SSLMutualAuth
  • X509Certificate

This information is included in the Certificate of Completion.


A sender-created value. If provided, the recipient is treated as an embedded (captive) recipient or signer.

Use your application's client ID (user ID) for the recipient. Doing so enables the details of your application's authentication of the recipient to be connected to the recipient's signature if the signature is disputed or repudiated.

Maximum length: 100 characters.


(Required) Specifies the email of the recipient. You can use either email and userName or userId to identify the recipient.




Only used if pingUrl is specified. This is the interval, in seconds, between pings on the pingUrl. The default is 300 seconds. Valid values are 60-1200 seconds.


The client URL that the DocuSign Signing experience should ping to indicate to the client that Signing is active. An HTTP GET call is executed against the client. The response from the client is ignored. The intent is for the client to reset its session timer when the request is received.


A local reference that senders use to map recipients to other objects, such as specific document tabs. Within an envelope, each recipientId must be unique, but there is no uniqueness requirement across envelopes. For example, many envelopes assign the first recipient a recipientId of 1.


(Optional) The URL to which the user should be redirected after the signing session has ended. DocuSign redirects to the URL and includes an event query parameter that can be used by your application.

Maximum Length: 500 characters. If the returnUrl exceeds this limit, the user is redirected to a truncated URL.

Possible event parameter values include:

  • access_code_failed: Recipient used incorrect access code.
  • cancel: Recipient canceled the signing operation, possibly by using the Finish Later option.
  • decline: Recipient declined to sign.
  • exception: A system error occurred during the signing process.
  • fax_pending: Recipient has a fax pending.
  • id_check_failed: Recipient failed an ID check.
  • session_timeout: The session timed out. An account can control this timeout by using the Signer Session Timeout option.
  • signing_complete: The recipient completed the signing ceremony.
  • ttl_expired: The Time To Live token for the envelope has expired. After being successfully invoked, these tokens expire after 5 minutes or if the envelope is voided.
  • viewing_complete: The recipient completed viewing an envelope that is in a read-only/terminal state, such as completed, declined, or voided.

Ensure that you include https:// in the URL to prevent the redirect from failing on certain browsers.


The domain in which the user authenticated.


The user ID of the recipient. You can use either the user ID or email and user name to identify the recipient.

If userId is used and a clientUserId is provided, the value in the userId property must match a recipientId (which you can retrieve with a GET recipients call) for the envelope.

If a userId is used and a clientUserId is not provided, the userId must match the user ID of the authenticating user.


The username of the recipient. You can use either email and userName or userId to identify the recipient.


Specifies whether a browser should be allowed to render a page in a frame or IFrame. Setting this property ensures that your content is not embedded into unauthorized pages or frames.

Valid values are:

  • deny: The page cannot be displayed in a frame.
  • same_origin: The page can only be displayed in a frame on the same origin as the page itself.
  • allow_from: The page can only be displayed in a frame on the origin specified by the xFrameOptionsAllowFromUrl property.


When the value of xFrameOptions is allow_from, this property specifies the origin on which the page is allowed to display in a frame. If the value of xFrameOptions is allow_from, you must include a value for this property.


Embedding Envelope views


The view URL to be navigated to.


Generic JSON Request/Response

  "clientUserId": "sample string 1",
  "userId": "sample string 2",
  "userName": "sample string 3",
  "email": "sample string 4",
  "recipientId": "sample string 5",
  "returnUrl": "sample string 6",
  "pingUrl": "sample string 7",
  "pingFrequency": "sample string 8",
  "authenticationMethod": "sample string 9",
  "assertionId": "sample string 10",
  "authenticationInstant": "sample string 11",
  "securityDomain": "sample string 12",
  "xFrameOptions": "sample string 13",
  "xFrameOptionsAllowFromUrl": "sample string 14",
  "frameAncestors": [
    "sample string 1"
  "url": "sample string 1"
Generic XML Request/Response

<recipientViewRequest xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.docusign.com/restapi">
  <assertionId>sample string 10</assertionId>
  <authenticationInstant>sample string 11</authenticationInstant>
  <authenticationMethod>sample string 9</authenticationMethod>
  <clientUserId>sample string 1</clientUserId>
  <email>sample string 4</email>
  <frameAncestors xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
    <d2p1:string>sample string 1</d2p1:string>
  <pingFrequency>sample string 8</pingFrequency>
  <pingUrl>sample string 7</pingUrl>
  <recipientId>sample string 5</recipientId>
  <returnUrl>sample string 6</returnUrl>
  <securityDomain>sample string 12</securityDomain>
  <userId>sample string 2</userId>
  <userName>sample string 3</userName>
  <xFrameOptions>sample string 13</xFrameOptions>
  <xFrameOptionsAllowFromUrl>sample string 14</xFrameOptionsAllowFromUrl>
<viewUrl xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.docusign.com/restapi">
  <url>sample string 1</url>
}} />