Getting "INVALID_TOKEN_FORMAT The security token format does not conform to expected schema." docusign legacy auth header

Question

I'm trying to write a request using Python Requests which sends a request to Docusign. I need to use the legacy authorization header, but unfortunately it seems most documentation for this has been removed. When I send the request I get an error as stated in the title.

From research, I found that special characters in the password can cause this issue, so I've confirmed that my password has no special characters, and that my API key is correct. I am currently sending the header as a stringified dictionary as shown below. I have tried it several other ways, and this seems to be the closest, but it still results in the error. Other ways I've tried include attempting to write out the header as a single string (not forming a dictionary first), but that didn't seem to work any better.

docusign_auth_string = {}
docusign_auth_string["Username"] = docusign_user
docusign_auth_string["Password"] = docusign_password
docusign_auth_string["IntegratorKey"] = docusign_key

docusign_auth_string = str(docusign_auth_string)

headers = {'X-DocuSign-Authentication': docusign_auth_string}

response = requests.post(docusign_url, headers=headers, data=body_data)

The above code returns a 401 with the message, INVALID_TOKEN_FORMAT "The security token format does not conform to expected schema." The header I am sending looks as follows: {'X-DocuSign-Authentication': "{'Username': 'test@test.com', 'Password': 'xxxxxxxxxx', 'IntegratorKey': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'}"}

When I send the request via Postman, it works just fine. In Postman I enter the header name as X-Docusign-Authentication, and the value as: {"Username":"{{ds_username}}","Password":"{{ds_password}}","IntegratorKey":"{{ds_integrator_key}}"} (subbing the same variable values as in the python code).

Therefore it definitely has something to do with the way Requests is sending the header.

Does anyone know why I might be getting the above error?

Answer 1

I'm able to reproduce this behavior: It looks like DocuSign doesn't accept Single Quotes around the sub-parameters of the x-DocuSign-Authentication header value.

Your example fails:

{'Username': 'test@test.com', 'Password': 'xxxxxxxxxx', 'IntegratorKey': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'}

This has more success:

{"Username": "test@test.com", "Password": "xxxxxxxxxx", "IntegratorKey": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}

I'm not familiar enough with Python to advise if there's a different code structure you can follow to use double quotes instead of single. Worst case scenario, you may need to manually set the Header Value to follow that format.

Answer 2

I found a solution to this issue. The response that mentioned double quotes is correct, but in Python I was unable to send a string with the proper format for docusign to understand. Next I found the following Stack overflow question, which ultimately provided the solution:

How to send dict in Header as value to key 'Authorization' in python requests?

I used json.dumps and that resolved the issue. My code is as follows:

docusign_auth_string = {}
docusign_auth_string["Username"] = docusign_user
docusign_auth_string["Password"] = docusign_password
docusign_auth_string["IntegratorKey"] = docusign_key

headers = {"X-DocuSign-Authentication": json.dumps(docusign_auth_string), "Content-Type": "application/json"}

Answer 3

Since you are having success using Postman, it will help to get exactly what is being sent via your request. For this use:

response = requests.get(your_url, headers=your_headers)
x = response.request.headers()
print(x)

This will show you exactly what requests is preparing and sending off. If you post that response here id be happy to help more.

How can I see the entire HTTP request that's being sent by my Python application?

The 2nd answer shows all the possible parameters of your response object.