Back to Docusign.com
As part of our ongoing commitment to platform security, Docusign is in the final phase of deprecating legacy (basic user password) authentication using the the X-Docusign-Authentication header for all eSignature API integrations.
Any remaining integrations using legacy authentication must migrate to OAuth 2.0 to avoid service disruption.
🔐 What’s Changing
-
What: Legacy authentication (basic user password authentication) will be fully disabled
-
Where: All Docusign eSignature environments (Demo and Production)
-
When: March 31, 2026
Legacy authentication is more vulnerable to security risks such as phishing, brute-force attacks, and credential stuffing. Migrating to OAuth 2.0 aligns with industry best practices and ensures continued access to Docusign APIs.
✅ What Partners Need to Do
If any of your integrations still use legacy authentication, please work with your technical teams to:
-
Identify integrations using legacy authentication
-
Migrate to a supported OAuth 2.0 flow
-
Test updates in the Demo environment before deploying to Production
No action is required if your integration already uses OAuth 2.0 (e.g., Authorization Code Grant, Implicit Grant, or JWT Grant).
🎯 Why Migrate to OAuth 2.0?
-
Enhanced security with modern authorization flows
-
Future compatibility with upcoming API and security enhancements
-
Service continuity for your application and customers
💬 Questions or Need Help?
-
Review the Legacy Authentication Knowledge Article for detailed guidance
-
Open a Support Ticket for technical assistance
-
Ask questions right here in the Docusign Partner Community
We encourage partners to start the migration as soon as possible and use this thread to ask questions or share learnings.