I’m trying to integrate the DocuSign API using PHP and cURL to retrieve account information. I have obtained an access token successfully, but when I make a GET request to the accounts endpoint, I receive the following error:
Error during API call: HTTP 400 – {“errorCode”:”INVALID_REQUEST_PARAMETER”,”message”:”The request contained at least one invalid parameter. An application token must be specified in the ‘X-DocuSign-AppToken’ header.”}
authorize.php:
<?php
function generateCodeVerifier($length = 128) {
$randomBytes = openssl_random_pseudo_bytes($length);
return rtrim(strtr(base64_encode($randomBytes), '+/', '-_'), '=');
}
function generateCodeChallenge($codeVerifier) {
return rtrim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '=');
}
$codeVerifier = generateCodeVerifier();
$codeChallenge = generateCodeChallenge($codeVerifier);
session_start();
$_SESSION['code_verifier'] = $codeVerifier;
$integrationKey = 'YOUR_INTEGRATION_KEY';
$redirectUri = 'https://yourdomain.com/callback.php';
$authorizationUrl = 'https://account-d.docusign.com/oauth/auth?' . http_build_query([
'response_type' => 'code',
'scope' => 'signature',
'client_id' => $integrationKey,
'redirect_uri' => $redirectUri,
'code_challenge' => $codeChallenge,
'code_challenge_method' => 'S256',
]);
header('Location: ' . $authorizationUrl);
exit;
?>
callback.php:
<?php
session_start();
if (!isset($_GET['code'])) {
echo 'Error: Authorization code not found';
exit;
}
$code = $_GET['code'];
$codeVerifier = $_SESSION['code_verifier'];
$integrationKey = 'YOUR_INTEGRATION_KEY';
$secretKey = 'YOUR_SECRET_KEY';
$redirectUri = 'https://yourdomain.com/callback.php';
$tokenUrl = 'https://account-d.docusign.com/oauth/token';
$data = [
'grant_type' => 'authorization_code',
'code' => $code,
'redirect_uri' => $redirectUri,
'code_verifier' => $codeVerifier
];
$headers = [
'Authorization: Basic ' . base64_encode("$integrationKey:$secretKey"),
'Content-Type: application/x-www-form-urlencoded'
];
$context = stream_context_create([
'http' => [
'method' => 'POST',
'header' => implode("rn", $headers),
'content' => http_build_query($data),
]
]);
$response = file_get_contents($tokenUrl, false, $context);
if ($response === FALSE) {
$error = error_get_last();
echo 'Error during token exchange: ' . $error['message'];
exit;
}
$tokenData = json_decode($response, true);
$accessToken = $tokenData['access_token'];
// Store access token for further use
$_SESSION['access_token'] = $accessToken;
header('Location: docusign_get_account_info.php');
exit;
?>
docusign_get_account_info.php:
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();
if (!isset($_SESSION['access_token'])) {
echo 'Error: Access token not found';
exit;
}
$access_token = $_SESSION['access_token'];
// DocuSign API endpoint
$url = 'https://demo.docusign.net/restapi/v2.1/accounts';
// Initialize cURL
$ch = curl_init($url);
// Set cURL options
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"Authorization: Bearer $access_token",
"Content-Type: application/json"
));
// Execute cURL request
$response = curl_exec($ch);
// Check for cURL errors
if (curl_errno($ch)) {
echo 'Error during API call: ' . curl_error($ch);
} else {
// Get HTTP response code
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code != 200) {
echo 'Error during API call: HTTP ' . $http_code . ' - ' . $response;
} else {
// Decode and display the response
$data = json_decode($response, true);
echo '<pre>';
print_r($data);
echo '</pre>';
}
}
// Close cURL session
curl_close($ch);
?>
I have verified that:
-The access token is valid and not expired.
-The endpoint URL is correct.
-I am including the necessary headers (Authorization and Content-Type).
However, the error message suggests that I need to include an X-DocuSign-AppToken header, which is not mentioned in the official DocuSign documentation for this endpoint.
Could you please help me understand why this error is occurring and how I can resolve it?
Thank you for your assistance.
Best regards,
New contributor
Tim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.