Server template API access restricted to active membership

As you might already know, one of the most common ways to create an envelope is through the usage of server templates. This makes creating an envelope a simpler task to do through the APIs, especially if you frequently use a specific set of documents as a baseline to your envelopes.

Previously, when a user created an envelope based on a template ID, Docusign verified that the user had a membership on the template's account and that they had access to the template through that membership. However, it was not verified that said membership is in an active state.

You were able to use templates belonging to:

• Accounts where the authenticated user's membership is closed, pending state

• Closed accounts

What’s changing?

Docusign has strengthened restrictions on access to server templates via composite template envelope creation API calls. Only templates from active accounts with which the authenticated user has an active membership are now available. This guarantees that only authorized people have access to templates.

If the authenticated user doesn’t have an active membership on the account that owns the template, they receive the following error:

"errorCode": "USER_LACKS_MEMBERSHIP",

"message": "The UserID does not have a valid membership in this Account. User is not an active member of the template's account."

This affects both eSignature REST and SOAP APIs.

Why is Docusign restricting access to templates?

As part of continuous efforts to improve the security of our product and services, a vulnerability was found when creating envelopes from templates that are specified by template ID via Docusign API (such as composite templates/CreateEnvelopeFromTemplatesAndForms calls).&

Next steps

If the authenticated user has no active membership on the template account?

You have two options:

• Work with the admin of the account that owns the template to create an active membership for the authenticated user. Once the membership has been activated, creating envelopes based on a template ID will work as expected. Their administrator can review more details in the Docusign Admin Basic Guide: User Management.

• Download the template from the template account, upload it to an account to which the authenticated user has an active membership, and use that account moving forward. See documentation below:

  • REST API: Templates:get and Templates:create

  • SOAP API: RequestTemplate and UploadTemplate

If the template account is closed?

Download the template from the template account, upload it to an account to which the authenticated user has an active membership, and use that account moving forward. See documentation below:

• REST API: Templates:get and Templates:create

• SOAP API: RequestTemplate and UploadTemplate

Timelines

This change has taken effect for all envelope creation calls based on a template ID as per the rollout schedule below:

• April 14: Demo

• April 18 - May 13: Production

The change has been rolled out in production one site at a time, hence the schedule.

Additional resources

• Error when calling templates via REST API: “The UserID does not have a valid membership in this Account. User is not an active member of the template's account.”

• Docusign Admin Basic Guide: User Management (eSignature UI)

• REST API:

  • Composite templates

  • Templates:get

  • Templates:create

• SOAP API:

  • CreateEnvelopeFromTemplatesAndForms

  • RequestTemplate

  • UploadTemplate

• Docusign Developer Center

• @DocuSignAPI on Twitter

• Docusign for Developers on LinkedIn

• Docusign for Developers on YouTube

• Docusign Developer Newsletter