API Users are managed in your account settings on account.assuresign.net. You must be an administrator for all your AssureSign environments in order to create and edit these settings.
To create an API User you enter:
- a unique Username: this is not an AssureSign user or email address (although you may enter the username in the form of an email). When the username is saved it will be validated to ensure it is unique.
- API user scope: choices are
- User: you will select a user from AssureSign users in your account
- Environment: you will select from your environments. If you do not have a sandbox account, you will have only one environment.
- Organization: the API user may operate on behalf of all your users in all your AssureSign environments.
- an Expiration date for the user
When you save the API user you will be shown the API Key.
It is important you copy this information and keep it secure. AssureSign does not save the API Key and it will not be displayed after the interface is closed.
You may delete a user or permanently revoke access of an API User. Expired or revoked users are not automatically deleted, and are still shown when you select "Show Revoked and Expired API Users."
Authenticating API Users
To receive an authentication token needed for other V3.0+ API calls, post the credentials to the /authentication/apiUser endpoint providing your actual values in the JSON object including the AssureSign user name (email address) of the user on whose behalf you are authenticating:
{ "request": { "apiUsername": "NewAPIUser", "key": "vY+ak1310/yTfjN8qhoxEkjN1bX1Ev99", "contextUsername": "bob@mycompany.com", "sessionLengthInMinutes": 60 }}Note that Content-Type on all AssureSign REST methods should be set to application/json. The response of a successful authentication will include a token
{ "token": "tokenvaluewillbelongandpresenthere"}You may now use the token by setting an Authorization header on subsequent calls to V3.0+ endpoints. Add the token in the form:
Authorization:bearer tokenvaluewillbelongandpresenthere
The full endpoint will be relative to the available API version being used.
For example https://account.assuresign.net/api/v3.5/authentication/apiUser
Further calls using the token operate in the context of an account, specified in an additional request header you must add to calls. The Account Context Identifier can be accessed in your account settings, and should be applied after the AssureSign username (an email address) in the form:
X-AS-UserContext {username}:{DocumentNOW Account Context Identifier}
