DocuSign eSignature
DocuSign eSignature is the world's leading electronic signature platform for sending, signing, tracking, and managing agreements digitally, with legally admissible signatures accepted in 180+ countries. It spans the full agreement lifecycle — sending documents, tracking envelope status, and managing recipients, templates, and workspaces. Its REST API offers 400+ endpoints for agreement automation.

Power end-to-end data operations for your DocuSign eSignature API with Nexla. Our bi-directional DocuSign eSignature connector is purpose-built for DocuSign eSignature, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to DocuSign eSignature or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your DocuSign eSignature workflows fast, secure, and fully governed.
Features
Type: API
- Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
- Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
- API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
- Request optimization with intelligent batching, retry, and caching to minimize API calls and costs
Prerequisites
To connect Nexla to DocuSign eSignature, you need an active DocuSign account with API access and the appropriate credentials for your chosen authentication method. DocuSign supports three authentication approaches: API Key (Bearer Token), OAuth2 Authorization Code Grant, and JWT Grant for server-to-server integrations.
DocuSign Account
Before obtaining credentials, ensure you have access to a DocuSign account:
-
For development and testing, sign up for a free DocuSign Developer account at developers.docusign.com. The developer sandbox environment (
account-d.docusign.com) provides a safe environment to build and test integrations without affecting production data. -
For production use, log in to your DocuSign production account at
account.docusign.com. You will need Admin access to create integration keys and manage API credentials.
Create an Integration Key (Required for OAuth2 and JWT)
An Integration Key (also called a Client ID) is a unique identifier that represents your application in DocuSign. It is required for both the OAuth2 Authorization Code Grant and JWT Grant authentication methods.
-
Log in to your DocuSign account and navigate to Settings in the top navigation bar.
-
Under the Integrations section in the left-hand sidebar, click Apps and Keys.
-
Click the ADD APP & INTEGRATION KEY button.
-
Enter a descriptive name for your application (e.g., "Nexla Integration") and click ADD. DocuSign automatically generates a 32-character Integration Key (GUID) for your application.
-
Copy and securely store the Integration Key — this value is your Client ID, required for both OAuth2 and JWT authentication.
Obtain a Secret Key (Required for OAuth2 Only)
If using the OAuth2 Authorization Code Grant method, you also need a Client Secret associated with your Integration Key:
-
On the Apps and Keys page, click ACTIONS next to your Integration Key and select Edit.
-
Under the Authentication section, click ADD SECRET KEY.
-
Copy the generated secret key immediately and store it securely. DocuSign displays this key only once — it cannot be retrieved later from the DocuSign interface.
Store your Client Secret in a secure location immediately after generation. If you lose the secret key, you will need to generate a new one, which will invalidate the previous secret.
Generate an RSA Key Pair (Required for JWT Only)
If using the JWT Grant authentication method for automated server-to-server integrations:
-
On the Apps and Keys page, click ACTIONS next to your Integration Key and select Edit.
-
Under the Authentication section, click ADD RSA KEYPAIR. DocuSign generates a public/private RSA key pair.
-
Download or copy the private key (in PEM format, beginning with
-----BEGIN RSA PRIVATE KEY-----) and store it in a secure location. The private key is shown only once and cannot be retrieved from DocuSign after closing this dialog. -
The corresponding public key is automatically saved and associated with your integration in DocuSign.
Find Your User ID (Required for JWT Only)
The User ID is the GUID of the DocuSign user that the JWT integration will act on behalf of:
-
On the Apps and Keys page, your API Username (User ID) is displayed in the My Account Information section at the top of the page.
-
Copy this value — it is a 32-character GUID (for example,
12345678-abcd-1234-abcd-123456789012).
Grant Consent for JWT (Required for JWT Only)
Before a JWT integration can access the DocuSign API on behalf of a user, that user must explicitly grant consent to the integration. This is a one-time step per user per integration.
-
Construct a consent URL using the format below, replacing
{integration_key}with your Integration Key value and{redirect_uri}with a valid redirect URI registered for your integration:https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id={integration_key}&redirect_uri={redirect_uri}For production accounts, replace
account-d.docusign.comwithaccount.docusign.com. -
Open the URL in a browser, log in with the DocuSign user account that will be impersonated, and click Accept to grant consent.
Consent must be granted once per user per integration. After consent is granted, the JWT flow can obtain access tokens programmatically without further user interaction, making it ideal for automated batch processing and server-to-server workflows.
Determine Your DocuSign Environment
DocuSign operates separate environments for development/testing and production. When configuring your credential in Nexla, you will need to specify the correct base URL for your environment:
- Demo (Sandbox):
account-d.docusign.com— for development and testing (OAuth2 and JWT) - Production (US):
account.docusign.com— for live US production use (OAuth2 and JWT) - Production (EU):
account.docusign.eu— for EU-region production accounts (OAuth2 and JWT)
For the API Key (Bearer Token) method, the environment field expects the API host URL (e.g., demo.docusign.net or na2.docusign.net). Your account's API host URL is listed under Settings > Apps and Keys > Account Base URI in your DocuSign account.
Authenticate
Credentials required
- API Key (Bearer Token)
- OAuth2 (Authorization Code Grant)
- JWT Grant (Service Integration)
DocuSign API Key authentication using Bearer token. Obtain an access token via the OAuth2 authorization flow or JWT assertion grant, then pass it in the Authorization header.
| Field | Required | Secret | Description |
|---|---|---|---|
| API Key Value | Yes | Yes | An encoded string value used as a secret token to authenticate API requests |
| DocuSign Environment | Yes | No | DocuSign API base URL for your account environment (e.g., demo.docusign.net, na2.docusign.net, eu.docusign.net) |
DocuSign OAuth2 authentication with authorization code flow. Recommended for user-present integrations requiring signature and impersonation scopes.
| Field | Required | Secret | Description |
|---|---|---|---|
| DocuSign Environment | Yes | No | API base URL for your DocuSign environment. Allowed values: Demo (Sandbox); Production (US); Production (EU) |
| Integration Key (Client ID) | Yes | No | Your DocuSign integration key from the Apps and Keys page |
| Client Secret | Yes | Yes | Secret key associated with your integration key |
DocuSign JWT Grant authentication for server-to-server integrations. Requires RSA key pair and user consent. Best for batch processing and automated workflows.
| Field | Required | Secret | Description |
|---|---|---|---|
| DocuSign Environment | Yes | No | API base URL for your DocuSign environment. Allowed values: Demo (Sandbox); Production (US); Production (EU) |
| Integration Key (Client ID) | Yes | No | Your DocuSign integration key from the Apps and Keys page |
| User ID (API Username) | Yes | No | The GUID of the user to impersonate. Found in Settings > Apps and Keys > User ID |
| RSA Private Key | Yes | Yes | RSA private key in PEM format. Generate key pair in DocuSign and upload public key to your integration. |
Create a credential in Nexla
-
After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
-
DocuSign eSignature supports three authentication methods in Nexla. Select the method that best fits your integration scenario, and complete the corresponding fields.
DocuSign eSignature Authentication Methods
- API Key (Bearer Token)
- OAuth2 (Authorization Code Grant)
- JWT Grant (Service Integration)
Authenticate using a pre-obtained OAuth2 access token passed as a Bearer token in the Authorization header. This method is useful when you already have a valid access token obtained through DocuSign's OAuth2 or JWT flow outside of Nexla. Note that DocuSign access tokens expire after 8 hours, so periodic token rotation is required.
- Enter your DocuSign OAuth2 access token in the **API Key Value** field. This Bearer token is obtained from DocuSign's OAuth2 authorization flow or JWT assertion grant and is passed in the `Authorization: Bearer {token}` request header for all API calls.
- Enter the API host URL for your DocuSign account environment in the **DocuSign Environment** field. This is the hostname used in API requests—for example, `demo.docusign.net` for sandbox, or your account's assigned production host (such as `na2.docusign.net` or `eu.docusign.net`). Your account's base URI is displayed under **Settings > Apps and Keys > Account Base URI** in your DocuSign account.
Authenticate using DocuSign's OAuth2 Authorization Code Grant flow. This is the recommended method for user-present integrations. Nexla handles the OAuth2 redirect flow to obtain and automatically refresh access tokens. The DocuSign OAuth2 flow requests the `signature` and `impersonation` scopes. Before configuring this method, complete the Integration Key and Secret Key steps in the Prerequisites section above.
- Select your DocuSign environment from the **DocuSign Environment** dropdown: **Demo (Sandbox)** (`account-d.docusign.com`) for development and testing, **Production (US)** (`account.docusign.com`) for US production accounts, or **Production (EU)** (`account.docusign.eu`) for EU-region production accounts.
- Enter your Integration Key in the **Integration Key (Client ID)** field. This is the 32-character GUID generated when you created your app on the DocuSign **Apps and Keys** page (**Settings > Integrations > Apps and Keys**).
- Enter the Client Secret associated with your Integration Key in the **Client Secret** field. This value was generated when you added a secret key to your integration on the **Apps and Keys** page. Store this value securely, as it grants API access to your DocuSign integration.
Authenticate using DocuSign's JWT Grant flow for automated server-to-server integrations that operate without user interaction. This method uses an RSA private key to sign a JWT assertion, which DocuSign exchanges for an access token. It is best suited for automated batch processing and workflow automation. Before using this method, complete the RSA Key Pair generation, User ID, and Consent steps in the Prerequisites section above.
- Select your DocuSign environment from the **DocuSign Environment** dropdown: **Demo (Sandbox)** (`account-d.docusign.com`) for development and testing, **Production (US)** (`account.docusign.com`) for US production accounts, or **Production (EU)** (`account.docusign.eu`) for EU-region production accounts.
- Enter your Integration Key in the **Integration Key (Client ID)** field. This is the 32-character GUID from the DocuSign **Apps and Keys** page. The Integration Key is used as the JWT `iss` (issuer) claim when generating the token assertion.
- Enter the User ID of the DocuSign user to be impersonated in the **User ID (API Username)** field. This is the 32-character GUID displayed in the **My Account Information** section of the **Apps and Keys** page. The User ID is used as the JWT `sub` (subject) claim.
- Paste your RSA private key in PEM format in the **RSA Private Key** field. This is the private key generated when you added an RSA Keypair to your integration on the DocuSign **Apps and Keys** page. The key should begin with `-----BEGIN RSA PRIVATE KEY-----` and end with `-----END RSA PRIVATE KEY-----`. This key is the primary secret for this authentication method — store it securely and never share it.
- Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.
Use as a data source
The DocuSign eSignature connector enables you to ingest envelope data, recipient information, billing records, templates, and workspace files directly from your DocuSign account into Nexla data flows. To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the DocuSign eSignature connector tile, then select the credential that will be used to connect to the DocuSign eSignature instance, and click Next; or, create a new DocuSign eSignature credential for use in this flow.
Endpoint templates
Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common DocuSign eSignature endpoints. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below. Click on an endpoint to see more information about it and how to configure your data source for this endpoint.
Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.
Manual configuration
DocuSign eSignature data sources can also be manually configured to ingest data from any valid DocuSign eSignature API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.
DocuSign API URLs follow the pattern https://{your-host}/v2.1/accounts/{accountId}/{resource}, where {your-host} is your account's base URI (e.g., na2.docusign.net or demo.docusign.net) and {accountId} is your DocuSign account GUID. Your account's base URI is displayed under Settings > Apps and Keys > Account Base URI.
Most DocuSign list endpoints return arrays nested under a named key rather than at the response root (e.g., envelopes, recipients, invoices, bulkBatches) — for example, the List Envelope Status Changes endpoint returns envelopes under $.envelopes[*]. Set the path to data accordingly so Nexla treats each item as a separate record.
Date/time macros are particularly useful with the List Envelope Status Changes endpoint, which accepts from_date and to_date query parameters — for example, appending ?from_date={"{now-1}"} to the envelopes URL retrieves only envelopes with status changes since the previous run period.
Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new DocuSign eSignature data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.
Use as a destination
Click the + icon on the Nexset that will be sent to the DocuSign eSignature destination, and select the Send to Destination option from the menu. Select the DocuSign eSignature connector from the list of available destination connectors, then select the credential that will be used to connect to the DocuSign eSignature organization, and click Next; or, create a new DocuSign eSignature credential for use in this flow.
Endpoint templates
Nexla provides pre-built templates that can be used to rapidly configure destinations to send data to common DocuSign eSignature endpoints. Select the endpoint to which data will be sent from the Endpoint pulldown menu. Then, click on the template in the list below to expand it, and follow the instructions to configure additional endpoint settings.
Manual configuration
DocuSign eSignature destinations can also be manually configured to send data to any valid DocuSign eSignature API endpoint. Using manual configuration, you can also configure Nexla to automatically send the response received from the DocuSign eSignature API after each call to a new Nexla webhook data source. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, data format, endpoint URL, request headers, attribute exclusions, record batching, and response webhooks.
DocuSign's REST API accepts JSON for all write operations — select JSON as the Content Format. DocuSign API URLs follow the pattern https://{your-host}/v2.1/accounts/{accountId}/{resource}, where {your-host} is your account's base URI (e.g., na2.docusign.net or demo.docusign.net). For update operations, include the ID of the object to be updated at the end of the URL.
Most DocuSign API write endpoints accept a single object per call rather than arrays of records — verify that your target endpoint supports batched requests before enabling record batching. Enabling the response webhook option is particularly useful for the Create an Envelope and Create Envelope from Template endpoints, to capture the new envelope ID returned in the response.
Save & activate
Once all endpoint settings have been configured, click the Done button in the upper right corner of the screen to save and create the destination. To send the data to the configured DocuSign eSignature endpoint, open the destination resource menu, and select Activate.
The Nexset data will not be sent to DocuSign eSignature until the destination is activated. Destinations can be activated immediately or at a later time, providing full control over data movement.