I’m developing an integration with DocuSign for document signing, and I recently met the three requirements needed to move from a development to a production environment:
- Successfully complete 20 consecutive API calls in the last 30 days.
- Use OAuth 2.0 or an Application Password (for eSignature SOAP API only).
- Comply with DocuSign API limits and rules.
Initially, my first review request was rejected due to the third requirement. The reason was multiple GET requests to the first document and second recipient in some transactions, exceeding the allowed API request limits. Here’s an example:
[12:00:00] POST /accounts/12345/envelopes
[12:01:00] GET /accounts/12345/envelopes/AAA/documents/1
[12:02:00] GET /accounts/12345/envelopes/AAA/recipients/2
[12:03:00] POST /accounts/12345/envelopes
[12:04:00] GET /accounts/12345/envelopes/AAA/documents/1 *
[12:05:00] GET /accounts/12345/envelopes/AAA/recipients/2 *
To overcome this issue and pass the review, I omitted the repeated GET requests, leaving only the necessary POST /accounts/12345/envelopes calls, completing the required 20 without issues and receiving DocuSign’s approval.
Question:
Since this solution was implemented as a temporary measure due to time constraints, could omitting the GET requests to retrieve documents or recipients in each transaction cause future issues in production? Could this impact compliance or the stability of the integration by skipping these GET calls solely to meet the API request limits?
Any guidance on potential issues or best practices for cases like this would be greatly appreciated!
2
Answers
GET
requests typically do not change any state, and as you described it, it seems also the case.In that case, the only reason it might affect production is if you are somehow losing key data that you might need later on.
I’m not familiar with their API, but typically
POST
will create records and return the created ids as a response – so I guess you might want to store those ids somewhere for future use. As to the rest, I don’t know the purpose of your application, so I cannot say if you need to keep a copy of the docusign data or not.The limit you mention has nothing to do with production, it’s not an API limit, it’s a limit related to you passing the go-live review to enable your integration (your IK = integration Key) to be live in production.
The limit was imposed to prevent polling. Polling is when an app repeatedly makes a GET call for an envelope again and again until the envelope is signed. This is not allowed. It’s a bad pattern to begin with, and it creates too many unnecessary API calls.
Instead, your integration should use a web hook and get notified when something happens, and not constantly make GET calls to check status.
Now, to answer your question. Once passed review, and once you enabled your IK in production by using a production account, that IK is now live and will have no issues no matter what API calls you make.
Having said that, I still think you should use best practices as I outlined above.