Identifying the Account Owner in DocuSign via API

I'm currently integrating DocuSign with our application using the OAuth flow for the purpose of conducting access reviews. During this process, I've encountered a challenge in identifying the actual owner of a DocuSign account.

Our integration allows for user management, including deletion. However, we want to implement a safeguard to prevent the accidental deletion of the account owner. The API documentation and current endpoints don't seem to provide a clear method for distinguishing the account owner from other administrative users.

Is there an API endpoint or a recommended approach to reliably identify the original owner or primary administrator of a DocuSign account? This information is crucial for implementing proper access controls and ensuring the integrity of the account structure.

Specifically, I'm looking for:

1. An API method to retrieve the account owner's details
2. Any flags or identifiers in the user data that might indicate account ownership
3. Best practices for handling this scenario in DocuSign integrations

Any insights or official recommendations would be greatly appreciated. Thank you for your assistance.

Page 1 / 1

@athithan

How do you define the account owner? The Admins on an account? You can ran reports that would display the permission profiles on an account. There is not a way to systematically prevent the accidental deletion of the account owner. You could create different levels of Admin access and restrict account administration at that level.

@JohnSantos, thank you for your response. Generally, the individual who initially sets up the DocuSign account becomes the account owner. The account owner is typically responsible for billing and has access to payment information. They are often referred to as the "Primary Admin," and their profile should be protected from deletion.

During the testing process, I mistakenly deleted the account owner (the person who created the account). Following this, the account became inaccessible, and I was unable to list the users. The error message received was:
```
{
"errorCode": "USER_LACKS_MEMBERSHIP",
"message": "The UserID does not have a valid membership in this Account."
}
```

This incident underscores the importance of preventing the deletion of the account owner.

@athithan

It is also recommended that you have more than one Admin on your account.

Hi @athithan,

When using the OAuth flow the /oauth/userinfo endpoint returns account information of the user who granted access. Therefore the information is always related to the user who granted consent. Please consult the link below to learn more.

https://developers.docusign.com/platform/auth/reference/user-info/

You can use is_default and account_name properties to specifically select the correct account if the user has multiple accounts.

https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=jux1643235969954&topicId=twa1578456463932.html&_LANG=enus

Once you have the accountId and the userId you can retrieve a list of the account settings using the endpoint(/restapi/v2.1/accounts/{accountId}/users/{userId}/settings).

https://developers.docusign.com/docs/esign-rest-api/reference/users/users/getsettings/

You can use Docusign Admin API as demonstrated in the link below

https://developers.docusign.com/docs/admin-api/how-to/retrieve-docusign-profile-using-userid/

@Achille.Nisengwe Thank you for your response, I am already using the all above apis you mentioned to get the current logged in user info, I am wondering which flag is responsible show, the current user is owner or not (/restapi/v2.1/accounts/{accountId}/users/{userId}/settings)?

@athithan There is no specific flag that identify an account owner. The first user of an account (owner) has DS Admin permission profile. However when there are multiple administrators in an account it is not possible to know the owner of the account using the permission profile.

The UserProfiles: get API helps you to retrieves the user profile for a specified user.

https://developers.docusign.com/docs/esign-rest-api/reference/users/userprofiles/get/

The DS Admin profile gives a user access to all eSignature features and allows them to manage all account settings and users for an account as the owner. The best way to difference the users is by their permission profile because the initial owner of the account does not have special privilege than any other administrator.

With the information above. The workaround to know the owner of the account is to use the Users
: list API and filter users by the property isAdmin equal True. Then you can use the createdDateTime property to infer the first user in the account. Please consult the link below to learn more.

https://developers.docusign.com/docs/esign-rest-api/reference/users/users/list/

Reply

Sign up

You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.

Docusign Community

You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.

Scanning file for viruses.

This file cannot be downloaded