Generating an Integrator Key

Every application (or integration) that uses the DocuSign API requires an integrator key to identify the application as it makes API requests. An integrator key is a unique string that looks something like this: 230546a7-9c55-40ad-8fbf-af205d5494ad.

All integrator keys are generated in the DocuSign Demo environment. Integrator keys cannot be created in the production environment. When your application is ready, follow the Go Live steps to enable it in the Production environment.

In the OAuth authentication methods the term client_id refers to your integrator key.

Generating the Key

To generate an integrator key, follow these steps.

  1. Log in to DocuSign Admin

    From your development account, select Go to Admin in the account settings drop-down menu. Alternatively, you can go directly to DocuSign Admin by going to the administrator log in page. In the Demo environment, DocuSign Admin is at https://admindemo.docusign.com.

  2. In DocuSign Admin, click API and Keys in the left navigation panel.

  3. Click ADD INTEGRATOR KEY.

  4. Add a description for your application. You can add a link to your privacy policy and your terms of use, or you can do it later.

  5. If you plan to use the Implicit Grant, (it is a mobile or client application), select This is a mobile app.

  6. Click ADD to generate the integrator key.

    A modal dialog opens to let you add additional information for the following authentication methods:

    If you are not using any of those you can click CANCEL.

  7. The OAuth methods require you to provide a redirect URI for your application.

    When your application sends an authorization request to DocuSign, it includes the redirect URI in the request. The authentication service verifies that the URI in the request and the URI in the application registration match exactly, character for character. For example, these two URIs do not match:

    • https://example.com/auth/callback
    • https://example.com/auth/callback/

    Your application can have more than one redirect URI.

  8. If your application uses the Authorization Code Grant or Service Integration Authentication, you must create a secret key.

    To generate a new secret key, click ADD SECRET KEY.

    Copy the secret key to a secure location immediately after you create it. Secret keys are displayed in plain text only when they are first created. After that, for security purposes, DocuSign only shows the last 4 digits of the key.

    Secrets should be stored securely within your application. They should never be shared or disclosed publicly.

    You can register several secret keys at once. This allows you to update your application’s secret keys without causing any downtime.

  9. If your application uses Service Integration Authentication, you must create an RSA keypair to sign JWT tokens.

    To generate an RSA keypair, click ADD RSA KEYPAIR. An RSA public and private key will appear. The RSA keys are in PEM format.

    Copy both the RSA private key and the RSA public key to a secure location immediately after you create it. Keypairs are displayed in plain text only when they are first created.

    DocuSign never stores the private key. If you lose the private key, it cannot be recovered. In this case you should generate a new keypair.

  10. Click SAVE.

Your integrator key is a string that appears in the My Integrator Keys section of DocuSign Admin. It looks something like this: 230546a7-9c55-40ad-8fbf-af205d5494ad.