Getting Adobe Sign access token for server-to-server authentication

Question

I'm currently trying to build a back-end system, i.e. no user interface which should send documents out for signature using Echosign.

The page for configuring the Oath token requires a redirect URL, but obviously my application doesn't have a UI and therefore no redirect URL either.

Clearly there is a whole OAuth world that I can dive into now, but I'm hoping to use their API quickly without needing to understand all the ins-and-outs of OAuth first. All of the samples seem to be based on a web interface scenario, which is not the case for me.

Any pointers would be appreciated.

Answer 1

_bananabread has the right idea. Follow the steps on this website:

https://www.adobe.io/apis/documentcloud/sign/docs/step-by-step-guide/get-the-access-token.html

up until you have your JSON response with your refresh_token, this is all you need.

Next, you going to need to make a refresh token request that refreshes your token everytime you need to use it and returns you a brand new OAuth token.

Here is a Java code snippet that will refresh your acquired token:

    HttpResponse response = null;
    String access_token = "";
    HttpClient httpClient = HttpClientBuilder.create().build();
    HttpPost request = new HttpPost("http://api.echosign.com/oauth/refresh?"+
                                        "refresh_token=tokenYouJustGot&" +
                                        "client_id=clientIdUsedInPreviousSteps&"+
                                        "client_secret=clientSecretUsedInPreviousStep"+
                                        "grant_type=refresh_token");


    request.addHeader("content-type", "application/x-www-form-urlencoded");
    response = httpClient.execute(request);
    String json = EntityUtils.toString(response.getEntity());
    JSONObject jobj = new JSONObject(json);
    access_token = jobj.getString("access_token");

access_token String will now contain a brand new OAuth access token with you can use for any request ie POST or GET.

Answer 2

The only way I've been able to do things like this in the past is to initially follow the default authentication process, then once you have an access token you can create a cron task that runs every say 30 minutes to refresh your access token before it expires.

As long as the cron task continues to run you will always have a valid access token and wont need to go through the login/redirect url process.

Answer 3

I would contact Adobe support. They can enable an integration key within your Adobe Sign account that would allow you to integrate with a static key that you could use integrate with your backend system instead of OAUTH.