Developer-friendly & type-safe Java SDK specifically catered to leverage Docusign IAM APIs.
This SDK enables Java developers to abstract and simplify the use of the Docusign IAM APIs.
By installing this package, developers can then use Java objects and methods to interact with the following Docusign APIs:
This repo contains the source-code for this SDK. You only need to use the code in this repo if you want to customize the SDK for your own needs. To use the SDK you just need to install the npm package and do not need to use this repo.
You can also find code examples and documentation for this SDK in the Docusign Developer Center.
JDK 11 or later is required.
The samples below show how a published SDK artifact is used:
Gradle:
implementation 'com.docusign:iam-sdk:1.0.0-beta.2'Maven:
<dependency>
<groupId>com.docusign</groupId>
<artifactId>iam-sdk</artifactId>
<version>1.0.0-beta.2</version>
</dependency>After cloning the git repository to your file system you can build the SDK artifact from source to the build directory by running ./gradlew build on *nix systems or gradlew.bat on Windows systems.
If you wish to build from source and publish the SDK artifact to your local Maven repository (on your filesystem) then use the following command (after cloning the git repo locally):
On *nix:
./gradlew publishToMavenLocal -Pskip.signingOn Windows:
gradlew.bat publishToMavenLocal -Pskip.signingA logging framework/facade has not yet been adopted but is under consideration.
For request and response logging (especially json bodies), call enableHTTPDebugLogging(boolean) on the SDK builder like so:
SDK.builder()
.enableHTTPDebugLogging(true)
.build();Example output:
Sending request: http://localhost:35123/bearer#global GET
Request headers: {Accept=[application/json], Authorization=[******], Client-Level-Header=[added by client], Idempotency-Key=[some-key], x-speakeasy-user-agent=[speakeasy-sdk/java 0.0.1 internal 0.1.0 org.openapis.openapi]}
Received response: (GET http://localhost:35123/bearer#global) 200
Response headers: {access-control-allow-credentials=[true], access-control-allow-origin=[*], connection=[keep-alive], content-length=[50], content-type=[application/json], date=[Wed, 09 Apr 2025 01:43:29 GMT], server=[gunicorn/19.9.0]}
Response body:
{
"authenticated": true,
"token": "global"
}
WARNING: This should only used for temporary debugging purposes. Leaving this option on in a production system could expose credentials/secrets in logs. Authorization headers are redacted by default and there is the ability to specify redacted header names via SpeakeasyHTTPClient.setRedactedHeaders.
NOTE: This is a convenience method that calls HTTPClient.enableDebugLogging(). The SpeakeasyHTTPClient honors this setting. If you are using a custom HTTP client, it is up to the custom client to honor this setting.
Another option is to set the System property -Djdk.httpclient.HttpClient.log=all. However, this second option does not log bodies.
package hello.world;
import com.docusign.iam.sdk.IamClient;
import com.docusign.iam.sdk.models.errors.OAuthErrorResponse;
import com.docusign.iam.sdk.models.operations.GetUserInfoResponse;
import java.lang.Exception;
public class Application {
public static void main(String[] args) throws OAuthErrorResponse, Exception {
IamClient sdk = IamClient.builder()
.accessToken("<YOUR_ACCESS_TOKEN_HERE>")
.build();
GetUserInfoResponse res = sdk.auth().getUserInfo()
.call();
if (res.userInfo().isPresent()) {
// handle response
}
}
}Once you have obtained an access token, you can use it to make authenticated API calls to Docusign services:
import com.docusign.iam.sdk.IamClient;
// Initialize the SDK with your access token
IamClient sdk = IamClient.builder()
.accessToken("<YOUR_ACCESS_TOKEN_HERE>")
.build();
// Make API calls on behalf of the user
var res = sdk.auth().getUserInfo().call();Continue reading for more information on using the SDK to obtain an access token!
Before using the SDK to interact with Docusign APIs on behalf of a user, you must authenticate your application. This SDK supports OAuth2 authentication flows for secure access to Docusign services.
To get started with authentication, you will need:
- An Integrator Key (also known as "Client ID")
- A Client Secret
- Your application registered with Docusign
These credentials are obtained by registering your application in the Docusign Developer Portal. This section will guide you through setting up authentication using the confidential authorization code grant flow, which is recommended for server-side applications.
Before your application can interact with the Docusign API, you must first obtain explicit user consent. This authorization process is a mandatory first step for all OAuth2 flows.
Construct a consent url using AuthorizationUrlBuilder:
import java.util.Optional;
import com.docusign.iam.sdk.IamClient;
import com.docusign.iam.sdk.models.components.OAuthBasePath;
import com.docusign.iam.sdk.models.components.OAuthResponseType;
import com.docusign.iam.sdk.utils.auth.AuthorizationUrlBuilder;
// Create the authorization URL
String consentUrl = AuthorizationUrlBuilder.create()
.withBasePath(OAuthBasePath.DEMO)
.withResponseType(OAuthResponseType.CODE)
.withClientId(System.getenv("DOCUSIGN_CLIENT_ID"))
.withRedirectUri(System.getenv("DOCUSIGN_REDIRECT_URI"))
.build();
// Direct the user to grant consent
System.out.println(
"Please visit the following URL to authorize the application: " + consentUrl
);After the user grants permission, Docusign will redirect them to your specified
redirect URI with an authorization code included as a query parameter named
code.
Note
For local development, you set the redirect URI to a localhost URL (e.g.,
http://localhost:3000/callback). When testing, you'll be redirected to this
local URL and can simply copy the authorization code from your browser's
address bar. Look for the parameter that appears after code= in the URL.
After the user grants permission and is redirected to your application with an authorization code, you need to exchange this code for an access token. The SDK provides helper functions to simplify this process.
Here is an example of how one might handle the OAuth2 callback in a console application:
import com.docusign.iam.sdk.IamClient;
import com.docusign.iam.sdk.models.components.ConfidentialAuthCodeGrantRequestBody;
import com.docusign.iam.sdk.models.errors.OAuthErrorResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeSecurity;
import java.util.Scanner;
try {
// Prompt user for the authorization code
Scanner scanner = new Scanner(System.in);
System.out.print("Enter the authorization code from the redirect URL: ");
String authCode = scanner.nextLine();
// Create an unauthenticated client to exchange the auth code for a token
IamClient anonClient = IamClient.builder().build();
// Prepare the request with the auth code
ConfidentialAuthCodeGrantRequestBody request = ConfidentialAuthCodeGrantRequestBody.builder()
.code(authCode)
.build();
// Get token using client credentials
GetTokenFromConfidentialAuthCodeResponse res = anonClient.auth().getTokenFromConfidentialAuthCode()
.security(GetTokenFromConfidentialAuthCodeSecurity.builder()
.clientId(System.getenv("DOCUSIGN_CLIENT_ID"))
.secretKey(System.getenv("DOCUSIGN_CLIENT_SECRET"))
.build())
.request(request)
.call();
/**
* Use the token response as needed. Eg:
* - Store the access token and refresh token in a database
* - Use the access token to make API calls
* - Show the user a success message
**/
System.out.println("Access Token: " + res.authorizationCodeGrantResponse().get().accessToken());
} catch (OAuthErrorResponse e) {
// Handle OAuth error
System.out.println("OAuth Error: " + e.getMessage());
}Note
Additional SDK methods for obtaining access can be found here.
Once you have obtained an access token, you can use it to make authenticated API calls to Docusign services:
import com.docusign.iam.sdk.IamClient;
// Initialize the SDK with your access token
IamClient sdk = IamClient.builder()
.accessToken("<YOUR_ACCESS_TOKEN_HERE>")
.build();
// Make API calls on behalf of the user
var res = sdk.auth().getUserInfo().call();Available methods
- getTokenFromConfidentialAuthCode - Obtains an access token from the Docusign API using an authorization code.
- getTokenFromPublicAuthCode - Obtains an access token from the Docusign API using an authorization code.
- getTokenFromJwtGrant - Obtains an access token from the Docusign API using a JWT grant.
- getTokenFromRefreshToken - Obtains an access token from the Docusign API using an authorization code.
- getUserInfo - Get user information
- getConnectedFieldsTabGroups - Returns all tabs associated with the given account
- getWorkflowInstancesList - Retrieve All Workflow Instances
- getWorkflowInstance - Retrieve a Workflow Instance
- cancelWorkflowInstance - Cancel a Running Workflow Instance
- getWorkflowsList - Retrieve a list of available Maestro workflows
- getWorkflowTriggerRequirements - Retrieve trigger requirements for a specific Maestro workflow
- triggerWorkflow - Trigger a new instance of a Maestro workflow
- pauseNewWorkflowInstances - Pause an Active Workflow
- resumePausedWorkflow - Resume a Paused Workflow
- getAgreementsList - Retrieve a list of agreements
- getAgreement - Retrieve detailed information about a specific agreement
- deleteAgreement - Delete a specific agreement
- createAgreementSummary - Create an AI-generated summary of an agreement document
Some of the endpoints in this SDK support retries. If you use the SDK without any configuration, it will fall back to the default retry strategy provided by the API. However, the default retry strategy can be overridden on a per-operation basis, or across the entire SDK.
To change the default retry strategy for a single API call, you can provide a RetryConfig object through the retryConfig builder method:
package hello.world;
import com.docusign.iam.sdk.IamClient;
import com.docusign.iam.sdk.models.components.ConfidentialAuthCodeGrantRequestBody;
import com.docusign.iam.sdk.models.errors.OAuthErrorResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeSecurity;
import com.docusign.iam.sdk.utils.BackoffStrategy;
import com.docusign.iam.sdk.utils.RetryConfig;
import java.lang.Exception;
import java.util.concurrent.TimeUnit;
public class Application {
public static void main(String[] args) throws OAuthErrorResponse, Exception {
IamClient sdk = IamClient.builder()
.build();
ConfidentialAuthCodeGrantRequestBody req = ConfidentialAuthCodeGrantRequestBody.builder()
.code("eyJ0eXAi.....QFsje43QVZ_gw")
.build();
GetTokenFromConfidentialAuthCodeResponse res = sdk.auth().getTokenFromConfidentialAuthCode()
.request(req)
.security(GetTokenFromConfidentialAuthCodeSecurity.builder()
.clientId("2da1cb14-xxxx-xxxx-xxxx-5b7b40829e79")
.secretKey("MTIzNDU2Nzxxxxxxxxxxxxxxxxxxxxx0NTY3ODkwMTI")
.build())
.retryConfig(RetryConfig.builder()
.backoff(BackoffStrategy.builder()
.initialInterval(1L, TimeUnit.MILLISECONDS)
.maxInterval(50L, TimeUnit.MILLISECONDS)
.maxElapsedTime(1000L, TimeUnit.MILLISECONDS)
.baseFactor(1.1)
.jitterFactor(0.15)
.retryConnectError(false)
.build())
.build())
.call();
if (res.authorizationCodeGrantResponse().isPresent()) {
// handle response
}
}
}If you'd like to override the default retry strategy for all operations that support retries, you can provide a configuration at SDK initialization:
package hello.world;
import com.docusign.iam.sdk.IamClient;
import com.docusign.iam.sdk.models.components.ConfidentialAuthCodeGrantRequestBody;
import com.docusign.iam.sdk.models.errors.OAuthErrorResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeSecurity;
import com.docusign.iam.sdk.utils.BackoffStrategy;
import com.docusign.iam.sdk.utils.RetryConfig;
import java.lang.Exception;
import java.util.concurrent.TimeUnit;
public class Application {
public static void main(String[] args) throws OAuthErrorResponse, Exception {
IamClient sdk = IamClient.builder()
.retryConfig(RetryConfig.builder()
.backoff(BackoffStrategy.builder()
.initialInterval(1L, TimeUnit.MILLISECONDS)
.maxInterval(50L, TimeUnit.MILLISECONDS)
.maxElapsedTime(1000L, TimeUnit.MILLISECONDS)
.baseFactor(1.1)
.jitterFactor(0.15)
.retryConnectError(false)
.build())
.build())
.build();
ConfidentialAuthCodeGrantRequestBody req = ConfidentialAuthCodeGrantRequestBody.builder()
.code("eyJ0eXAi.....QFsje43QVZ_gw")
.build();
GetTokenFromConfidentialAuthCodeResponse res = sdk.auth().getTokenFromConfidentialAuthCode()
.request(req)
.security(GetTokenFromConfidentialAuthCodeSecurity.builder()
.clientId("2da1cb14-xxxx-xxxx-xxxx-5b7b40829e79")
.secretKey("MTIzNDU2Nzxxxxxxxxxxxxxxxxxxxxx0NTY3ODkwMTI")
.build())
.call();
if (res.authorizationCodeGrantResponse().isPresent()) {
// handle response
}
}
}Handling errors in this SDK should largely match your expectations. All operations return a response object or raise an exception.
By default, an API error will throw a models/errors/APIException exception. When custom error responses are specified for an operation, the SDK may also throw their associated exception. You can refer to respective Errors tables in SDK docs for more details on possible exception types for each operation. For example, the getTokenFromConfidentialAuthCode method throws the following exceptions:
| Error Type | Status Code | Content Type |
|---|---|---|
| models/errors/OAuthErrorResponse | 400 | application/json |
| models/errors/APIException | 4XX, 5XX | */* |
package hello.world;
import com.docusign.iam.sdk.IamClient;
import com.docusign.iam.sdk.models.components.ConfidentialAuthCodeGrantRequestBody;
import com.docusign.iam.sdk.models.errors.OAuthErrorResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeSecurity;
import java.lang.Exception;
public class Application {
public static void main(String[] args) throws OAuthErrorResponse, Exception {
IamClient sdk = IamClient.builder()
.build();
ConfidentialAuthCodeGrantRequestBody req = ConfidentialAuthCodeGrantRequestBody.builder()
.code("eyJ0eXAi.....QFsje43QVZ_gw")
.build();
GetTokenFromConfidentialAuthCodeResponse res = sdk.auth().getTokenFromConfidentialAuthCode()
.request(req)
.security(GetTokenFromConfidentialAuthCodeSecurity.builder()
.clientId("2da1cb14-xxxx-xxxx-xxxx-5b7b40829e79")
.secretKey("MTIzNDU2Nzxxxxxxxxxxxxxxxxxxxxx0NTY3ODkwMTI")
.build())
.call();
if (res.authorizationCodeGrantResponse().isPresent()) {
// handle response
}
}
}You can override the default server globally using the .server(AvailableServers server) builder method when initializing the SDK client instance. The selected server will then be used as the default on the operations that use it. This table lists the names associated with the available servers:
| Name | Server | Description |
|---|---|---|
demo |
https://api-d.docusign.com |
Demo |
prod |
https://api.docusign.com |
Production |
package hello.world;
import com.docusign.iam.sdk.IamClient;
import com.docusign.iam.sdk.models.components.ConfidentialAuthCodeGrantRequestBody;
import com.docusign.iam.sdk.models.errors.OAuthErrorResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeSecurity;
import java.lang.Exception;
public class Application {
public static void main(String[] args) throws OAuthErrorResponse, Exception {
IamClient sdk = IamClient.builder()
.server(IamClient.AvailableServers.PROD)
.build();
ConfidentialAuthCodeGrantRequestBody req = ConfidentialAuthCodeGrantRequestBody.builder()
.code("eyJ0eXAi.....QFsje43QVZ_gw")
.build();
GetTokenFromConfidentialAuthCodeResponse res = sdk.auth().getTokenFromConfidentialAuthCode()
.request(req)
.security(GetTokenFromConfidentialAuthCodeSecurity.builder()
.clientId("2da1cb14-xxxx-xxxx-xxxx-5b7b40829e79")
.secretKey("MTIzNDU2Nzxxxxxxxxxxxxxxxxxxxxx0NTY3ODkwMTI")
.build())
.call();
if (res.authorizationCodeGrantResponse().isPresent()) {
// handle response
}
}
}The default server can also be overridden globally using the .serverURL(String serverUrl) builder method when initializing the SDK client instance. For example:
package hello.world;
import com.docusign.iam.sdk.IamClient;
import com.docusign.iam.sdk.models.components.ConfidentialAuthCodeGrantRequestBody;
import com.docusign.iam.sdk.models.errors.OAuthErrorResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeSecurity;
import java.lang.Exception;
public class Application {
public static void main(String[] args) throws OAuthErrorResponse, Exception {
IamClient sdk = IamClient.builder()
.serverURL("https://api-d.docusign.com")
.build();
ConfidentialAuthCodeGrantRequestBody req = ConfidentialAuthCodeGrantRequestBody.builder()
.code("eyJ0eXAi.....QFsje43QVZ_gw")
.build();
GetTokenFromConfidentialAuthCodeResponse res = sdk.auth().getTokenFromConfidentialAuthCode()
.request(req)
.security(GetTokenFromConfidentialAuthCodeSecurity.builder()
.clientId("2da1cb14-xxxx-xxxx-xxxx-5b7b40829e79")
.secretKey("MTIzNDU2Nzxxxxxxxxxxxxxxxxxxxxx0NTY3ODkwMTI")
.build())
.call();
if (res.authorizationCodeGrantResponse().isPresent()) {
// handle response
}
}
}The server URL can also be overridden on a per-operation basis, provided a server list was specified for the operation. For example:
package hello.world;
import com.docusign.iam.sdk.IamClient;
import com.docusign.iam.sdk.models.components.ConfidentialAuthCodeGrantRequestBody;
import com.docusign.iam.sdk.models.errors.OAuthErrorResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeResponse;
import com.docusign.iam.sdk.models.operations.GetTokenFromConfidentialAuthCodeSecurity;
import java.lang.Exception;
public class Application {
public static void main(String[] args) throws OAuthErrorResponse, Exception {
IamClient sdk = IamClient.builder()
.build();
ConfidentialAuthCodeGrantRequestBody req = ConfidentialAuthCodeGrantRequestBody.builder()
.code("eyJ0eXAi.....QFsje43QVZ_gw")
.build();
GetTokenFromConfidentialAuthCodeResponse res = sdk.auth().getTokenFromConfidentialAuthCode()
.request(req)
.security(GetTokenFromConfidentialAuthCodeSecurity.builder()
.clientId("2da1cb14-xxxx-xxxx-xxxx-5b7b40829e79")
.secretKey("MTIzNDU2Nzxxxxxxxxxxxxxxxxxxxxx0NTY3ODkwMTI")
.build())
.serverURL("https://account.docusign.com")
.call();
if (res.authorizationCodeGrantResponse().isPresent()) {
// handle response
}
}
}This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.
While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.