Better CORS error messages for developers

At Docusign, we know that debugging your apps can be a pain, so we have made enhancements to the error responses associated with Docusign CORS functionality in hopes that they improve the development process. Prior to the change, invalid CORS requests would return a simple 403 (forbidden) error response. Now, these forbidden responses also come with an error code, as well as a more descriptive error message that we anticipate will help you troubleshoot  issues with your apps.

Here is the table of error codes and their error messages:

Error code(s)

Message

Missing_Origin_Header

Missing Origin Header: ensure the request is configured to use CORS and try again.

Invalid_Origin_Header

Invalid Origin Header: ensure the request is configured to use CORS and try again.

Origin_Not_Allowed

Disallowed Origin Header: ensure the request is configured to use CORS and try again.

Missing_Or_Disallowed_Http_Method

Missing or Disallowed HTTP Method: ensure an HTTP method is specified and the method used is allowed for this integration key and try again.

Unsupported_Http_Method

Unsupported HTTP Method: ensure the HTTP method being used is one of the supported methods (GET, POST, PUT, DELETE, HEAD) and try again.

Http_Method_Not_Allowed

Disallowed HTTP Method: ensure the HTTP method being used is one of the supported methods (GET, POST, PUT, DELETE, HEAD) and try again.

Insecure_Connection

Insecure Connection: ensure the CORS request is made securely (e.g., HTTPS) and try again.

Missing_Api_Version

Invalid API Version: ensure the request URL contains the correct API version (e.g., >= v2.1) and try again.

Cors_Invalid_Api_Version

Invalid API Version: ensure the request URL contains the correct API version (e.g., >= v2.1) and try again.

Invalid_Client_Id

Invalid Integration Key: ensure an existing and correct integration key is being used and try again.

Empty_Account_Id, Invalid_Account_Id, Misformatted_Account_Id

Invalid Account ID: ensure the request URL contains the correct account ID and try again.

Missing_Cors_Scope

Missing CORS Scope: ensure the CORS scope parameter is included in the request and try again.

Missing_Config_Or_Request

The request is missing or the account does not have the right permissions. Please check and try again.

Let’s take a look at an example error response. Say I make a request with an OAuth access token that does not have a CORS scope. Here is the response:

"restResponse": "{
    "errorCode":"Missing_Cors_Scope",
    "message":"Missing CORS Scope: ensure the CORS scope parameter is included in the request and try again."
}"

Previously, this restResponse JSON had an empty value like so:
"restResponse": ""

Note that the response now has an error code and a more descriptive message for the next step.

We hope that this will be useful in your development! Please reach out to Developer Support if you have any questions or suggestions.

Additional resources

• Docusign Developer Center

• Docusign Developers Community

• @DocusignDevs on X

• Docusign for Developers on LinkedIn

• Docusign for Developers on YouTube

• Docusign Developer Newsletter