> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wolfia.com/llms.txt
> Use this file to discover all available pages before exploring further.
# DocuSign integration
> Connect DocuSign to your Trust Center so access requests route through an e-signed NDA before documents unlock
This integration powers the **NDA signing** flow for Wolfia's Trust Center. When a customer requests access to gated documents, Wolfia sends them a DocuSign envelope built from your NDA template. The moment they sign, Wolfia grants access automatically.
## Overview
Setting up DocuSign for your Trust Center is a one-time, four-part configuration.
| Part | What you do |
| ---- | ---------------------------------------------------------------------------------------- |
| 1 | Set up the DocuSign app (Integration Key, Secret Key, redirect URI, Connect webhook key) |
| 2 | Connect Wolfia to your DocuSign account via OAuth |
| 3 | Create the NDA template Wolfia sends to access requesters |
| 4 | Run a real end-to-end test in an incognito window |
### Full walkthrough
If you'd rather watch the whole thing in one go, this is all four parts stitched together. The step-by-step below covers the same ground with screenshots, callouts, and copy-paste values.
## Prerequisites
* A **DocuSign account on a tier that exposes the API**: Advanced Solutions, Enterprise, or API plan. The Business Pro tier does not show **Apps and Keys**.
* You're signed in to DocuSign as a user with **DS Admin** permission.
* You know which environment you'll be running in (**Production** or the **Developer sandbox**). The screenshots below were taken in the Developer sandbox, which is why the Account Base URI in some shots reads `demo.docusign.net`. In Production it reads `na1.docusign.net` or another regional value. The flow is identical.
***
## Part 1: Set up the DocuSign app
In DocuSign, go to **Settings › Integrations › Apps and Keys**, then click **+ Add App and Integration Key**. Give it a name that you'll recognise later; we suggest **Wolfia Trust Portal**. Click **Create App**.
Any name works; "Wolfia Trust Portal" is the easiest to spot later in the apps list.
DocuSign opens the new app's detail page. Under **Integration Type**, select **Third-party integration key**.
Copy the **Integration Key** shown at the top of the page to a scratch pad. You'll paste it into Wolfia in part 2.
This choice **locks after save**. Confirm Third-party integration key is selected before you scroll on.
The amber banner on this page is informational, not an error. Your Integration Key will be different from the one in the screenshot.
Scroll to **Authentication**. Confirm the **User Application** card is set to **Yes** and that the authentication method reads **Authorization Code Grant**. Then click **+ Add Secret Key**.
DocuSign generates the value and shows it once. Copy it immediately and store it next to the Integration Key from step 2.
**One-time reveal.** If you close the page without copying the Secret Key, DocuSign will not show it again. You'll need to remove that key and add a new one.
PKCE is optional. Leave it unchecked unless your security team explicitly requires it.
Keep scrolling to **Additional settings › Redirect URIs** and click **+ Add URI**. Paste the value below **exactly**: no trailing slash, no port, no `www`.
```
https://api.wolfia.com/integrations/docusign/callback
```
DocuSign rejects the OAuth handshake if this differs even by a trailing slash. Copy and paste; don't retype.
Scroll to the bottom of the page and click **Save**. You'll see a saved toast, and your app appears in the **Apps and Integration Keys** list with environment **Development** or **Production**.
Reload the page once and confirm the redirect URI is still there.
A redirect URI silently dropping is the most common reason the next part fails on the first try. Reload and confirm before moving on.
In the left sidebar, scroll down to the **INTEGRATIONS** section and click **Connect**. This page configures the webhooks DocuSign sends to Wolfia when a signer finishes.
On the **Connect (Webhooks)** page, click the **Connect Keys** tab at the top.
This is a **separate key** from the Secret Key you added in step 3. Step 3's secret authenticates Wolfia calling DocuSign. The key on this page signs the webhooks DocuSign sends back to Wolfia. Empty list is expected on a new account.
Click **+ Add Secret Key**. DocuSign generates a value and adds it to the list. You don't need to copy this one; DocuSign uses it internally to sign every webhook it sends Wolfia.
### What you have at the end of part 1
* An **Integration Key** (from step 2) copied to a scratch pad
* A **Secret Key** (from step 3) copied to the same scratch pad, shown only once, so confirm it's saved before moving on
* The **DocuSign environment** you're running in (Production or Developer sandbox) noted down; you'll select it in Wolfia in part 2
* A **Connect Secret Key** live on your account so webhooks are signed
***
## Part 2: Connect Wolfia to your DocuSign account
You'll need the Integration Key and Secret Key from part 1.
**Pick Production, not Developer sandbox.** Sandbox signatures are not legally binding and sandbox accounts use standalone DocuSign credentials instead of your corporate SSO. Use sandbox only if you set up a sandbox app in part 1 for testing.
The screenshots in this part were captured in sandbox, which is why you'll see a yellow **Sandbox** pill in some of them. That pill does not appear in Production.
In Wolfia, go to **Trust Center › NDA**. Toggle **Require NDA for access requests** on. A **Signing method** section appears with two cards: **Upload NDA** (a click-accept PDF) and **DocuSign**.
Upload NDA is the default. Click the **DocuSign** card to switch and open the connect dialog.
Selecting the DocuSign card opens the **Connect DocuSign** dialog. **Production** is pre-selected and that is what you want. Paste the **Integration Key** and **Secret Key** you copied in part 1, then click **Connect**.
Production maps to `apps.docusign.com`. Developer sandbox maps to `apps-d.docusign.com` and is for testing only.
**Your integration key and environment must match.** The integration key you created in part 1 lives in either Production or the Developer sandbox, not both. Picking the wrong environment returns `invalid_client` when you click Connect.
Your browser jumps to DocuSign with a consent screen titled **"\[your app name] is requesting access"** ("Wolfia Trust Portal" if you named it that in part 1). The permissions listed are:
* Create and send envelopes
* Obtain links for starting signing sessions
Click **Allow Access**.
The signed-in DocuSign user on this screen is the account customer-facing envelopes will be sent from. Sign in as a **dedicated service account or DocuSign admin** you're comfortable having as the sender on every NDA.
DocuSign redirects you back to the Wolfia NDA settings. The DocuSign card now has a green check next to it and a new **Select a DocuSign template** dropdown appears beneath it. A **DocuSign connected** toast confirms the OAuth handshake succeeded.
Picking the template is covered in part 3. For now, you're connected.
### What you have at the end of part 2
* Wolfia is connected to your DocuSign account on the environment you picked (Production for real customers)
* Wolfia can call DocuSign on behalf of the signed-in user to create and send envelopes
* The NDA settings page shows a template dropdown, ready for you to point at the NDA you'll send
***
## Part 3: Create the NDA template
DocuSign's modern template UI is two pieces:
* A **Document Template** holds the PDF and its agreement type
* An **Envelope Template** sits on top of it and adds the recipient role and signature fields
**Wolfia sends the envelope template.** You need both.
The recipient role must be literally **`Signer`**. Case-sensitive, no number. DocuSign creates the role as `Signer1` by default, and Wolfia populates the role named `Signer` when sending envelopes. If you skip the rename in step 6, envelope creation fails on the very first access request with a DocuSign API error.
In DocuSign, go to **Templates › Document Templates**, click **+ Create New**, and upload your NDA PDF. Give it a clear name; you'll see this name in the Wolfia dropdown later.
In the same **Upload file** dialog, set **Agreement Type** to **Non-Disclosure Agreement**. Click **Continue**.
Picking NDA here lets you filter and report by NDA later. You'll also set this same type on the envelope template in step 7.
DocuSign opens the document template editor. You don't need to place any fields here. Click **Save and Publish** at the top right and wait for the **Draft saved and published** toast.
You'll land back on the Document Templates list. Hover over your new template and click the **⋮** (three dots) on the right side of the card. In the menu that opens, scroll to the **PREPARE** section and click **Add to Envelope Template**.
The same menu has a **Use Template** option above it; that sends a one-off envelope. Pick **Add to Envelope Template** instead so the template is reusable.
A dialog opens asking how to use the document template. Select **Create new envelope template** and click **Continue**.
The other option, **Add to existing**, is for stitching multiple PDFs into one envelope. You don't need that here.
The envelope template editor opens. Under **Add recipients**, the default role is **Signer1**. Click into the **Role** field and rename it to literally **`Signer`**: no number, exact case. Leave **Name** and **Email** empty. Wolfia fills both per access request.
This is the single most common silent failure. `Signer1`, `signer`, or anything else causes envelope creation to fail.
Scroll to the bottom of the envelope template page and set **Category** to **Non-Disclosure Agreements (NDAs)**.
Yes, you already set the type on the document template in step 2. DocuSign asks for it again on the envelope template, and it's required to save. Click **Next: Add Fields** at the top right.
The **Add Fields** editor opens with the **Standard Fields** palette on the left. Drag a **Signature** field from the palette onto the signature line on the last page of the NDA. Confirm **Required** stays toggled on in the floating field menu, then click **Save and Close**.
**Required** is on by default. If you turn it off, the requester can submit a blank signature and the envelope still counts as completed.
Drag any of **Full Name**, **Title**, and **Date Signed** onto the same block if you want those fields populated automatically. None are required for Wolfia, but having them on file makes your audit trail richer.
Switch to the Wolfia tab on **Trust Center › NDA**. The **Select a DocuSign template** dropdown now lists your new envelope template with its last-modified timestamp. Pick it. Wolfia saves automatically.
If your template doesn't appear, refresh the page. The dropdown queries DocuSign on load; templates published after the page was opened won't show up until refresh.
### What you have at the end of part 3
* A DocuSign **envelope template** named for your NDA, with **Category** set to Non-Disclosure Agreements
* A recipient role named literally **`Signer`**, ready for Wolfia to populate per access request
* At least one **Signature** field placed on the signing block, marked **Required**
* The template **selected in Wolfia**: access requests requiring NDA will now route through it
***
## Part 4: End-to-end test
Now you do the real run as if you were a customer. Submit an access request from outside, your admin approves it, the DocuSign envelope arrives, you sign, and the trust center grants access automatically.
The video below shows the full loop, split into the three checkpoints below.
Open your trust center in an **incognito window** (so you're not signed in as the admin). Click **Request access**, fill in a test email you can read in real time, give a short reason, and submit.
You should see a **request submitted** confirmation.
Switch back to the Wolfia admin and open **Trust Center › Accounts**. Your test request appears at the top of the list. Open it, review the details, and click **Approve & request NDA**.
The test inbox you used in checkpoint 1 receives a DocuSign email titled **"\[your DocuSign sender name] sent you a document to review and sign."**
Click the DocuSign link in the email and complete the signing flow as if you were a real signer. The moment DocuSign reports the envelope as **completed**, Wolfia flips the request to **Approved**, mints an access token, and emails the requester an access link.
Click that link in your incognito window. You should land in the trust center as a signed-in requester with documents visible per the scope your admin granted.
### What you have at the end of part 4
* An **end-to-end signed NDA** in DocuSign with an audit trail your security team can pull on demand
* A trust center that **grants access on signature completion** without a second touch from your team
* Confidence that the integration handles a real signer in a real inbox, not just an admin click-through
***
## Troubleshooting
**`invalid_client` when clicking Connect**
* The Integration Key was created in the opposite environment to the one you selected in Wolfia. Pick the matching environment, or recreate the Integration Key in the environment you want.
**OAuth redirect fails or hangs**
* The redirect URI in DocuSign doesn't match `https://api.wolfia.com/integrations/docusign/callback` exactly. Reload the DocuSign app page and confirm the URI persisted; silently-dropped URIs are the #1 cause.
**Envelope creation fails on the first access request**
* The recipient role on the envelope template is not literally `Signer`. Open the template, rename the role, save.
**Secret Key was never copied**
* DocuSign only reveals it once. Delete that Secret Key and add a new one in step 3, then update Wolfia with the new value via **Trust Center › NDA → DocuSign → Reconnect**.
**Template doesn't show up in the Wolfia dropdown**
* Refresh the Wolfia NDA settings page. The dropdown queries DocuSign on load.
**Envelope completes but access isn't granted**
* The webhook from DocuSign didn't reach Wolfia. Confirm part 1 step 8: a Connect Secret Key is live on your DocuSign account. Without it, webhook signatures fail and Wolfia ignores the event.
## Support
If you get stuck, contact Wolfia support with your **Integration Key** (safe to share) and the **environment** (Production or Developer sandbox). Do not share your Secret Key.