Blog
Home/

From the trenches: Concurrency issues

Author Drew Martin
Drew MartinDeveloper Support Engineer
Summary3 min read

In general an integration is free to make many API calls nearly simultaneously, but there are a few cases where concurrent requests can run into trouble

While in general an integration is free to make many API calls nearly simultaneously, there are a few cases where concurrent requests can run into trouble:

Burst API Limit: Docusign has a system-wide burst limit of 500 API calls over 30 seconds. If a particular account exceeds this threshold, further API calls made in that short window will be blocked. 

Concurrent Envelope Updates: An integration can make calls to update several envelopes at once, but if multiple actions are taken on the same envelope at the same time, problems can arise. For example, if your integration begins uploading a document to a draft envelope and also makes attempts to add a recipient before the upload is complete, the changes may not process correctly. For this reason, you must ensure API calls made against the same envelope happen sequentially: only firing once the previous call against that envelope has completed.

If multiple integrations will be used on a single account, Envelope Locking can be used to ensure they do not conflict by modifying an envelope at the same time.

Multiple Signing Sessions: Similar to updating envelopes: An integration can have several embedded signing sessions taking place at once, but only one signing session per envelope. If multiple recipients need to sign a single envelope, they'll need to do so one at a time. In this case, requesting a second signing session URL will invalidate the first. If the first signing session is already active, they will be kicked out and data entered may be lost. For this reason, your application should wait for the first signer to be directed to the landing page before subsequent signing sessions are generated.

Thread-safety Concerns: At the time of writing, there is a known issue with the C# client library: ApiClient objects are not thread-safe, and configuration changes made in one (such as setting an Authorization header) may overwrite others. This means that if you are building a multi-user application running multiple simultaneous sessions, special care needs to be taken to ensure that calls are made using the correct authentication token. Otherwise, actions taken by one user could be done under the name of another.

One method that is notable in this case is RequestJWTUserToken(). Executing this method will cause all apiClient objects instantiated by your application to use the token generated—not just the particular apiClient used to call the method.

As always, we strongly recommend testing using your developer account prior to release. Identifying areas of concern early can prevent errors with live envelopes. 

Additional resources

Author Drew Martin
Drew MartinDeveloper Support Engineer
More posts from this author

Related posts

  • From the Trenches: Testing Docusign Connect with ngrok
    Developer Support Articles

    From the Trenches: Testing Docusign Connect with ngrok

    Author Ivan Dinkov
    Ivan Dinkov
  • From the Trenches: Controlling Sign on Paper options via the API

    From the Trenches: Controlling Sign on Paper options via the API

    Author Guilherme Flores
    Guilherme Flores
From the Trenches: Testing Docusign Connect with ngrok

From the Trenches: Testing Docusign Connect with ngrok

Author Ivan Dinkov
Ivan Dinkov
From the Trenches: Controlling Sign on Paper options via the API

From the Trenches: Controlling Sign on Paper options via the API

Author Guilherme Flores
Guilherme Flores

Discover what's new with Docusign IAM or start with eSignature for free

Explore Docusign IAMTry eSignature for Free
Person smiling while presenting