Skip to main content

Hello,

I’d like to integrate JWT authentication to access the DocuSign API from my server.

I understand that, on first use, I need to accept a consent request by visiting a URL like:
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature impersonation&client_id=CLIENT_ID&redirect_uri=https://www.docusign.com

My question is:
Once I’ve granted this consent, is it valid indefinitely as long as I don’t change the client_id? Or do I need to repeat this consent step periodically (e.g., when the token expires or per session)?

Thanks for your help!

@StelDev 

Once user consent is granted via the consent URL for JWT authentication, it does not need to be repeated. However, user consent is independent of token expiration. The JWT token you generate is valid for a short time (typically 1 hour).  You will need to refresh your token.  You can safely generate a new token anytime; you don’t need to wait for the old one to expire.


@StelDev the consent is in force until the user revokes it.

By the way, obtaining consent as documented is merely running the first portion of the Authorization Code Grant flow. More information is in the blog post below.

https://www.docusign.com/blog/developers/demystifying-docusign-authentication


Reply