Back to Docusign.com
Docusign account URL is account-specific
According to https://developers.docusign.com/platform/api-endpoint-base-paths/, the {server} value (which determines the base URL for several Docusign APIs) is specific to a Docusign account:
- The Account Base URI section of the Apps and Keys page.
This is confirmed by the structure of the /oauth/userinfo response, where the base URL can vary per account. For example:
{
"sub": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"name": "First Last",
"given_name": "First",
"family_name": "Last",
"created": "2015-08-13T22:03:03.45",
"email": "first.last@example.com",
"accounts": [
{
"account_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"is_default": false,
"account_name": "Example Europe Ltd",
"base_uri": "https://eu.docusign.net" // Account 1 base URL
},
{
"account_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"is_default": true,
"account_name": "Example Corporation",
"base_uri": "https://na3.docusign.net" // Account 2 base URL
}
]
}
What about the siteid claim of an id_token?
Suppose you request the openid scope during OAuth consent, and Docusign provides an id_token (in addition to the access_token) in the /oauth/token response. For example, the id_token claims can be:
{
"aud": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", // Docusign app client ID
"iat": 1743282624,
"exp": 1745874624,
"iss": "https://account-d.docusign.com/",
"sub": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", // Docusign user ID
"siteid": 1,
"amr": [
"interactive"
],
"auth_time": 1743282624
}The siteid claim is documented in https://developers.docusign.com/platform/auth/consent/obtaining-admin-consent-external/ as follows:
siteid— Identifies the Docusign server used.
- NA1
- NA2
- NA3
- EU
- AU
- CA
Confusingly, it seems like siteid corresponds to the {server} value of the account base URL. But how can that be? The id_token identifies a Docusign user, not a Docusign account. If the user belongs to multiple Docusign accounts with different base URLs, what would the siteid value be?
