Authorization Code Grant OAuth Flow
In v1.4 of fmESignature Link we changed from using the JWT Grant OAuth Flow to the Authorization Code Grant OAuth Flow for authenticating with the DocuSign API. The Authorization Code Grant OAuth Flow requires the user to initially authenticate the use of the DocuSign app by the fmESignature Link file. Once that has been approved the Access Token is generated and stored and can be refreshed without requiring the user to authenticate again.
During the authentication process you will be required to login to your DocuSign account and grant permission for fmESignature Link to use the DocuSign API App:
This will result in a number of tokens being stored in the fmESignature Link Preferences table:
Access Token: the Access Token returned by the OAuth Authorization Code Grant flow and will usually have an 8 hour life. The Access Token is used with each request to the DocuSign API in the authentication header.
Expires At (Host Time): this is the timestamp when the Access Token expires. We are using the FileMaker Server host timestamp here to allow for users in multiple time zones.
Refresh Token: the Refresh Token returned by the OAuth Authorization Code Grant flow and usually has a 30 day life as we are using the extended
scope. You can use a refresh token to get a new access token after the access token expires.
Base URI: this is returned by the Authorization Code Grant flow and is required when making requests to the DocuSign API.
Account ID: this is returned by the Authorization Code Grant flow and is required when making requests to the DocuSign API.
As long as you are making a request to the DocuSign API at least once every 30 days your Refresh Token will not expire, which would cause you to have to go through the Authentication process again. If you are worried about the Refresh Token expiring you can schedule the DocuSign Authentication - OAuth 2.0 Refresh Access Token FileMaker script to be performed on a schedule (e.g. daily or weekly) to ensure the Refresh Token does not expire).
We have full details on setting up the DocuSign Sandbox and connecting to the fmESignature Link file using the Authorization Code Grant flow in our Getting Started Guide as well as this short video that demonstrates the process.