Hi,

Thank you for reaching out here in the DocuSign Community.  

Normally this error happens when the request failed because the access token supplied in the request header was not valid.

Error message: The access token provided is expired, revoked or malformed.

Description

The access token in the request header is not valid for one of the following reasons:

• It expired. Access token expiration periods for the supported authentication methods are:
  • Authorization Code Grant: eight hours
  • JWT Grant: one hour
  • Implicit Grant: eight hours
  When you make a request to obtain an access token, the expires_in field in the response contains the expiration period.
• A user or admin has revoked consent for the app to make calls on behalf of a user. See Obtain and revoke consent for more information.
• The access token does not have the correct format.

Recommendations

• Expired token: Follow one of these procedures to obtain a new access token:
  • How to get an access token with Confidential Authorization Code Grant
  • How to get an access token with JWT Grant
  • How to get an access token with Implicit Grant
• For Authorization Code Grant, you can also use a refresh token instead of a new access token, as described in Authorization Code Grant refresh tokens.
• Revoked token: You’ll need to grant consent again, either at the individual level or at the domain level. See Obtain and revoke consent for more information. You can also obtain a new token.
• Malformed token: Confirm that the access token was not inadvertently truncated and that it didn’t include extraneous leading or trailing characters. Also confirm that the request header consists of Bearer followed by a space and then the token.
• If you are using legacy authentication, Docusign recommends moving to a supported OAuth2 authentication workflow.