DocuSign eSignature
Send, track, and chase DocuSign envelopes from natural-language requests.
Dex connects to the DocuSign eSignature REST API using JWT Grant authentication (signed RS256 assertion, exchanged at account.docusign.com) and lets admins and employees run agreement workflows in natural language — sending envelopes (POST /envelopes with documents or templateRoles), voiding and correcting in-flight envelopes, resending to stalled signers, managing templates and signing groups, and pulling signed PDFs and audit trails — all scoped to your account via the auto-discovered /restapi/v2.1/accounts/{accountId} base URL.
What Dex does with DocuSign eSignature
Dex handles both admin workflows and employee self-service — all policy-guardrailed and audit-logged.
For admins (CoAdmin)
- Create and send envelopes via POST /envelopes — base64 documents plus signers with recipientId and routingOrder, or from a template with templateId + templateRoles (emailSubject and emailBlurb are required when status is "sent")
- Search envelopes by from_date, status (created/sent/delivered/completed/declined/voided), and recipient email, with start_position/count pagination
- Void an envelope (PUT /envelopes/{envelopeId} with status "voided" and a required voidedReason) or correct it in flight — update expiry, add recipients
- Manage recipients on in-flight envelopes via PUT /envelopes/{envelopeId}/recipients — fix a wrong email or name, or resend to all pending signers with ?resend_envelope=true
- List and update templates, and browse folders to find or move envelopes
- Manage eSignature signing groups — create custom groups and add or remove users via PUT/DELETE /groups/{groupId}/users
- Download the combined signed PDF (GET /envelopes/{envelopeId}/documents/combined) and pull the audit-event timeline for compliance
For employees (self-service)
- Find your pending envelopes — Dex queries GET /envelopes filtered by your email over the last 30 days
- Check the status of a specific envelope and see which signers are still pending in the routing order
- Get an embedded signing URL (valid ~5 minutes) so you can sign right now without digging through email
- Resend a stalled envelope to its pending recipients — Dex confirms the envelope and recipient with you before resending
- Download the completed, signed PDF of your agreement
Just ask Dex
Your team types a request in plain language. Dex investigates, plans, and executes — with the right guardrails.
Admin prompts
- >Send the offer letter PDF to alex.candidate@example.com for signature — subject "Please sign your offer letter", route to the candidate first, then HR
- >Create an envelope from our NDA template for the new vendor contact at acme.com and send it now
- >Void envelope 7f3a-... with reason "Sent in error" and send a corrected one to the right signer
- >List every envelope sent since June 1 that's still in "sent" or "delivered" status and resend to the pending recipients
- >Create a "HR Signers" signing group and add Dana and Omri to it
Employee prompts
- >What DocuSign envelopes are waiting on me?
- >Who hasn't signed the lease agreement envelope yet?
- >Give me a signing link for my pending offer letter — I'll sign it now
- >Resend my expense-policy envelope to the manager who hasn't signed
- >Download the signed PDF of the contract I completed last week
Policy actions
Every action Dex can take on DocuSign eSignature is declared, scoped, and guardrailed. Admins control which apply, who approves them, and whether they're limited to self-service.
| Action | What it does |
|---|---|
docusign_list_envelopes | List and search envelopes by date, status, and recipient email (end users see their own) |
docusign_manage_envelope | Create, send, void, and correct envelopes (admin-side; end users escalate) |
docusign_list_templates | List templates and read template details |
docusign_manage_template | Update templates and create envelopes from them |
docusign_list_recipients | View an envelope's recipients, routing order, and per-signer status |
docusign_manage_recipient | Update recipients on in-flight envelopes and resend to pending signers (Dex confirms before resending) |
docusign_list_groups | List eSignature signing groups |
docusign_manage_group | Create signing groups and add or remove group members |
How to configure DocuSign eSignature
Onboarding takes minutes. Dex validates your credentials before saving them.
Setup steps
- 1Sign in to DocuSign as an admin and go to Settings → Apps and Keys, then create a new app/integration key (a Public integration) — copy the Integration Key.
- 2Generate an RSA keypair for the integration and upload the public key; keep the private key (PEM, including the -----BEGIN ... PRIVATE KEY----- header and footer) for Dex.
- 3Collect the impersonation user's GUID (Admin → Users → the user → API Username) and your account GUID (shown top-right on the Apps and Keys page).
- 4Grant one-time admin consent for the "signature impersonation" scopes — if consent is missing, Dex prints the exact consent URL on the first connection attempt; open it while signed in as a DocuSign admin.
- 5In Dex, enable the DocuSign eSignature integration and paste the five credentials. Dex signs a JWT assertion, exchanges it at account.docusign.com (or account-d.docusign.com for demo), discovers your account's base_uri via /oauth/userinfo, and validates the connection live.
Credentials required
- integration_key
- DocuSign Integration Key (client_id) — Admin → Apps and Keys → your integration
- user_id
- GUID of the impersonation user (Admin → Users → the user → API Username)
- account_id
- GUID of your DocuSign account (Admin → Apps and Keys, top-right of the page)
- private_key
- RSA private key in PEM format (multi-line, including header/footer) matching the public key uploaded to the integration
- environment
- "production" or "demo" — selects account.docusign.com vs account-d.docusign.com for authentication
Requirements
- •DocuSign admin rights to create an integration key, upload an RSA public key, and grant one-time admin consent for "signature impersonation"
- •The impersonation user must have access to the target account — Dex verifies the account_id against /oauth/userinfo at connect time
- •emailSubject and emailBlurb are required when sending (status: "sent"); status: "created" saves a draft instead
- •Completed or voided envelopes cannot be modified (409 INVALID_ENVELOPE_STATE_FOR_REQUEST), and voiding always requires a voidedReason
- •API paths are account-scoped — Dex pre-suffixes /restapi/v2.1/accounts/{accountId} on the base URL automatically
Related integrations
- Collaboration
DocuSign Admin
Provision DocuSign users, permission profiles, and account memberships across your whole organization.
Learn more → 
Directory & IdentitySharePoint
Grant, audit, and query SharePoint sites and lists through Microsoft Graph.
Learn more →
CollaborationZoom Workplace
Manage Zoom users, meetings, webinars, and phone from plain-language requests.
Learn more →
See Dex run DocuSign eSignature
Book a 30-minute walkthrough with our team and see how autonomous IT works in your environment — or get started for free.