OAuth Walkthrough

OAuth allows you to perform actions on behalf of other users after they grant you the authorization to do so. For example, you could send signature requests on behalf of your users. This page lays out the basic steps to build your own OAuth flow and send calls on behalf of your users using an access token.

App Setup

Create an app

Before you can do anything with OAuth, you'll need to create an app and configure it to use OAuth.

App Settings

When creating an app, you'll need to provide the following information:

FieldDescription
App nameThe name of your app. Public-facing and visible to your users.
OAuth callback URLThe URL that users are redirected to after authorizing your app. The state and code parameter are included in the url as query string parameters.
Event callback URLThe URL to which Dropbox Sign should POST events. See the event section for more info.
ScopesActions that your app will be allowed to perform on behalf of the granting user.

Choosing Scopes

Scopes control the level of access granted to an access token. On your app settings page, choose the scopes that fit your particular use case for OAuth. Scopes are split up by billing model and organized around specific groups of actions (like signature requests). You can read more about them in the Access Scopes section of the OAuth Overview page.

App Approval

Dropbox Sign requires production approval for apps using OAuth. That means your app can't be authorized or added by other users until it is approved for production. When you feel your app is ready to go live, please follow the app approval process to request approval for your app.

Testing OAuth

You can authorize your app from your own account while building with OAuth. This is the approach we recommend for testing and building your OAuth flow before submitting the app for production approval.

Checking for a Dropbox Sign account

A user needs to authorize your app before an access token can be issued and used on their behalf. Dropbox Sign has an OAuth flow for two scenarios: 1 - Authorization code flow -- user has an existing Dropbox Sign account. 2 - Account creation flow -- user is new to Dropbox Sign.

We recommend checking whether a user has a Dropbox Sign account (/account/verify) before selecting the corresponding flow:

curlphpjavapythonrubynodejsC#
Copy
Copied
curl 'https://api.hellosign.com/v3/account/verify' \
    -u '0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98:' \
    -F 'email_address=jack@example.com'
Copy
Copied
$client = new HelloSign\Client('0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98');
$client->isAccountValid('jack@example.com');
Copy
Copied
HelloSignClient client = new HelloSignClient("0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98");
if (client.isAccountValid("jack@example.com")) {
    // Account is valid
}
Copy
Copied
client = HSClient(api_key='0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98')
client.verify_account('jack@example.com')
Copy
Copied
client = HelloSign::Client.new :api_key => '0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98'
client.verify :email_address => 'jack@examples.com'
Copy
Copied
const hellosign = require('hellosign-sdk')({ key: '0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98' });

hellosign.account.verify({
  email_address: 'alice@example.com'
}).then((res) => {
  // handle response
}).catch((err) => {
  // handle error
});
Copy
Copied
var client = new Client("0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98");
var account = client.VerifyAccount("jack@example.com");

Response if the user has an account

Copy
Copied
{"account":{"email_address":"jack@example.com"}}

Response if the user does not have an account

Copy
Copied
{}

Authorization Code Flow

Dropbox Sign recommends the authorization code flow for generate access tokens for users that already have a Dropbox Sign account. Sometimes called the "3 legged OAuth flow", this approach consists of three distinct steps: 1. Obtaining consent from the user generates an authorization code. 2. The authorization code is exchanged for an access token using a token endpoint. 3. The access token is used to send API calls on behalf of the user according to the authorization they granted.

Obtaining user authorization

Existing Dropbox Sign users can authorize your app by navigating to your app's authorization url. This url can be constructed manually in your code or you can copy it from the app details modal of your API settings page:

Screenshot of Authorization url on app details page

For example (line breaks for readability only):

Copy
Copied
https://app.hellosign.com/oauth/authorize
  ?response_type=code
  &client_id=cc91c61d00f8bb2ece1428035716b
  &state=900e06e2
  &redirect_uri=YOUR_APP_REDIRECT_URI
  • The state parameter is used for security and must match throughout the flow for a given user. It can be set to the value of your choice (preferably something random). You should verify it matches the expected value before processing parameters on an OAuth callback.
  • If redirect_uri is provided provided in the Authorization URL, the value must match the OAuth Callback URL specified in the API app settings. If redirect_uri is not provided, users will be redirected to the Default OAuth Callback URL.
Users grant their authorization on an OAuth consent page that shows them the name of your app and the level of access (scopes) being requested. They can choose to Accept or Deny the authorization request. Both actions will redirect the user back to your OAuth callback URL. If the user clicked Accept and authorized your app then the URL will contain a code and state parameter. However, if they clicked Deny, then only the state parameter will be present and the OAuth flow cannot be completed.
OAuth

Users must be logged into Dropbox Sign to authorize your app. They'll be prompted for login or sign up if they're not already signed in.

Generating an Access Token

Once the user has given their consent and you've retrieved the authorization code from the url, you'll need to exchange it for an access token by calling the token endpoint. Make a POST request to /oauth/token with the following parameters:

NameValue
stateSame as the state you specified earlier
codeThe code passed to your callback when the user granted access
grant_typeString value of "authorization_code"
client_idThe client id of your app
client_secretThe secret token of your app

Example

curlphpjavapythonrubynodejsC#
Copy
Copied
curl 'https://app.hellosign.com/oauth/token' \
    -F 'state=900e06e2' \
    -F 'code=1b0d28d90c86c141' \
    -F 'grant_type=authorization_code' \
    -F 'client_id=cc91c61d00f8bb2ece1428035716b' \
    -F 'client_secret=1d14434088507ffa390e6f5528465'
Copy
Copied
$client = new HelloSign\Client('0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98');
$request = new HelloSign\OAuthTokenRequest(array(
    'code' => '1b0d28d90c86c141',
    'state' => '900e06e2',
    'client_id' => 'YOUR_CLIENT_ID',
    'client_secret' => 'YOUR_CLIENT_SECRET'
));
$token = $client->requestOAuthToken($token_request);
Copy
Copied
HelloSignClient client = new HelloSignClient("0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98");
String code = "1b0d28d90c86c141";
String clientId = "cc91c61d00f8bb2ece1428035716b";
String clientSecret = "1d14434088507ffa390e6f5528465";
OauthData oauth = client.getOauthData(code, clientId, clientSecret);
String token = oauth.getAccessToken();
}
Copy
Copied
client = HSClient(api_key='0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98')
client.get_oauth_data(
    client_id='cc91c61d00f8bb2ece1428035716b',
    client_secret='1d14434088507ffa390e6f5528465',
    code='1b0d28d90c86c141',
    state='900e06e2'
)
Copy
Copied
client = HelloSign::Client.new :api_key => '0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98', :client_id => 'cc91c61d00f8bb2ece1428035716b', :client_secret => '1d14434088507ffa390e6f5528465'
client.get_oauth_token :state => '900e06e2', :code =>'1b0d28d90c86c141'
Copy
Copied
const hellosign = require('hellosign-sdk')({ key: '0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98', clientId: 'b6b8e7deaf8f0b95c029dca049356d4a2cf9710a', clientSecret='1d14434088507ffa390e6f5528465' });

hellosign.oauth.getToken({
  state: '900e06e2',
  code: '1b0d28d90c86c141'
}).then((res) => {
  // handle response
}).catch((err) => {
  // handle error
});
Copy
Copied
Coming soon
Show Response
Copy
Copied
{
    "access_token": "NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc=",
    "token_type": "Bearer",
    "refresh_token": "hNTI2MTFmM2VmZDQxZTZjOWRmZmFjZmVmMGMyNGFjMzI2MGI5YzgzNmE3",
    "expires_in": 86400,	// in seconds
    "state": "900e06e2"
}
At the end of a successful Authorization Code flow, you'll receive a payload that contains an access_token, which can be used to send API calls on behalf of the user that authorized your app. You can see how to use it in the Making API Calls with Access Tokens section below.
Save the Refresh Token
Access tokens are only valid for about an hour. You'll want to securely store the refresh_token, which can be used later to generate a new access token without forcing the user to complete another OAuth flow. Please refer to the Refreshing an Access Token section.

Account Creation Flow

When a user without a Dropbox Sign account visits your authorization url, they'll need to sign up from that page before they can authorize your app. It's possible to do that, but we also offer an approach. You can create the users Dropbox Sign account and get the access token at the same time. However, the access token will not work until the user has confirmed their account and authorized your app.

Production Approval Required

Your app must be approved for production before this flow is possible.

Create account

The first step is calling /account/create and passing your API app's client_id and client_secret.

Example

curlphpjavapythonrubynodejsC#
Copy
Copied
curl 'https://api.hellosign.com/v3/account/create' \
    -u '0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98:' \
    -F 'email_address=jill@example.com' \
    -F 'client_id=cc91c61d00f8bb2ece1428035716b' \
    -F 'client_secret=1d14434088507ffa390e6f5528465'
Copy
Copied
$client = new HelloSign\Client('0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98');
$client_id = 'YOUR_CLIENT_ID';
$client_secret = 'YOUR_CLIENT_SECRET';
$account = $client->createAccount(
    new HelloSign\Account(
        'jill@example.com'
    ),
    $client_id,
    $client_secret
);
Copy
Copied
HelloSignClient client = new HelloSignClient("0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98");
String clientId = "cc91c61d00f8bb2ece1428035716b";
String clientSecret = "1d14434088507ffa390e6f5528465";
Account newAccount = client.createAccount("jill@example.com", clientId, clientSecret)
Copy
Copied
client = HSClient(api_key='0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98')
client.create_account(
    email_address='jill@example.com',
    client_id='cc91c61d00f8bb2ece1428035716b',
    client_secret='1d14434088507ffa390e6f5528465'
)
Copy
Copied
client = HelloSign::Client.new :api_key => '0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98', :client_id => 'cc91c61d00f8bb2ece1428035716b', :client_secret => '1d14434088507ffa390e6f5528465'
client.oauth_create_account :email_address => 'jill@example.com'
Copy
Copied
const hellosign = require('hellosign-sdk')({ key: '0ca97430f712bd3898e782000d4387c60c464155afbdb49d1fddda27c7443b98', clientId: 'b6b8e7deaf8f0b95c029dca049356d4a2cf9710a', clientSecret='1d14434088507ffa390e6f5528465' });

hellosign.account.create({
  email_address: 'alice@example.com'
}).then((res) => {
  // handle response
}).catch((err) => {
  // handle error
});
Copy
Copied
Coming soon
Show Response
Copy
Copied
{
	"account": {
		"account_id": "b4680b45053c7601ca1eee3b126eca6b2b0a0219",
		"email_address": "jill@example.com",
		"callback_url": null,
		"role_code": null
	},
	"oauth_data": {
		"access_token": "NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc=",
		"token_type": "Bearer",
		"refresh_token": "hNTI2MTFmM2VmZDQxZTZjOWRmZmFjZmVmMGMyNGFjMzI2MGI5YzgzNmE3",
		"expires_in": 86400    // in seconds
	}
}

User confirms account

The user is sent an email from Dropbox Sign with a hyperlink to confirm their account activation. Once the user accesses Dropbox Sign, they're prompted to authorize your Dropbox Sign app.

User activation required
The user must complete this step for this flow to work. The access_token will not work until the user has activated their account and authorized your app.
Once the new user has approved your app, the access_token can be used to call the Dropbox Sign API on their behalf. The refresh_token should also be saved and used once the access token expires.

Making API Calls With Access Tokens

Now that you have an access_token, you can make API calls on behalf of other users. When making API calls, you'll need to pass the access token by setting the HTTP header Authorization: Bearer <oauth2-access-token>.
Signature Request Visibility

By design, your app's visibility into customer activity is limited to signature requests created using your API app. You can't see any signature requests that the user sends directly from their own account.

Example

curlphpjavapythonrubynodejsC#
Copy
Copied
curl 'https://api.hellosign.com/v3/signature_request/list' \
    -H 'Authorization: Bearer NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc='
Copy
Copied
$token = new HelloSign\OAuthToken(array(
    'access_token' => 'NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc'
));
$client = new HelloSign\Client($token);
$signature_requests = $client->getSignatureRequests(1);
Copy
Copied
HelloSignClient client = new HelloSignClient("SIGN_IN_AND_CREATE_API_KEY_FIRST");
String code = "1b0d28d90c86c141";
String clientId = "cc91c61d00f8bb2ece1428035716b";
String clientSecret = "1d14434088507ffa390e6f5528465";
client.getOauthData(code, clientId, clientSecret);

// Subsequent requests are made using the OAuth data retrieved above
SignatureRequestList list = client.getSignatureRequests();
Copy
Copied
client = HSClient(access_token='NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMTyMzc=')
client.get_signature_request_list()
Copy
Copied
oauth_client = HelloSign::Client.new :auth_token => 'NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc='
oauth_client.get_signature_requests
Copy
Copied
const hellosign = require('hellosign-sdk')({ oauthToken: 'NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc=' });

hellosign.signatureRequest.list().then((res) => {
  // handle response
}).catch((err) => {
  // handle error
});
Copy
Copied
var client = new Client();
client.UseOAuth2Authentication("NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc=");
var requests = client.ListSignatureRequests(1);

Signature Request with Access Token

For this example, let's send a non-embedded signature request (/signature_request/send) and replace the basic auth with an access token.

Example

curlphpjavapythonrubynodejsC#
Copy
Copied
curl 'https://api.hellosign.com/v3/signature_request/send' \
    -H 'Authorization: Bearer NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc=' \
    -F 'title=NDA with Acme Co.' \
    -F 'subject=The NDA we talked about' \
    -F 'message=Please sign this NDA and then we can discuss more. Let me know if you have any questions.' \
    -F 'signers[0][email_address]=jack@example.com' \
    -F 'signers[0][name]=Jack' \
    -F 'signers[0][order]=0' \
    -F 'signers[1][email_address]=jill@example.com' \
    -F 'signers[1][name]=Jill' \
    -F 'signers[1][order]=1' \
    -F 'cc_email_addresses[0]=lawyer@example.com' \
    -F 'cc_email_addresses[1]=lawyer2@example.com' \
    -F 'file[0]=@NDA.pdf' \
    -F 'file[1]=@AppendixA.pdf' \
    -F 'test_mode=1'
Copy
Copied
$token = new HelloSign\OAuthToken(array(
    'access_token' => 'NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc'
));
$client = new HelloSign\Client($token);
$request = new HelloSign\SignatureRequest;
$request->enableTestMode();
$request->setTitle('NDA with Acme Co.');
$request->setSubject('The NDA we talked about');
$request->setMessage('Please sign this NDA and then we can discuss more. Let me know if you have any
questions.');
$request->addSigner('jack@example.com', 'Jack', 0);
$request->addSigner(new HelloSign\Signer(array(
    'name' => 'Jill',
    'email_address' => 'jill@example.com',
    'order' => 1
)));
$request->addFile($path_to_nda_pdf);
$request->addFile($path_to_appendix_a_pdf);
$request->addCC('lawyer1@example.com');
$request->addCC('lawyer2@example.com');
$response = $client->sendSignatureRequest($request);
Copy
Copied
HelloSignClient client = new HelloSignClient("SIGN_IN_AND_CREATE_API_KEY_FIRST");
String code = "1b0d28d90c86c141";
String clientId = "cc91c61d00f8bb2ece1428035716b";
String clientSecret = "1d14434088507ffa390e6f5528465";
client.getOauthData(code, clientId, clientSecret);

// Subsequent requests are made using the OAuth data retrieved above

SignatureRequest request = new SignatureRequest();
request.setTitle("NDA with Acme Co.");
request.setSubject("The NDA we talked about");
request.setMessage("Please sign this NDA and then we can discuss more. Let me know if you have any questions.");
request.addSigner("jack@example.com", "Jack");
request.addSigner("jill@example.com", "Jill");
request.addCC("lawyer@hellosign.com");
request.addCC("lawyer@example.com");
request.addFile(new File("nda.pdf"));
request.addFile(new File("AppendixA.pdf"));
request.setTestMode(true);

SignatureRequest newRequest = client.sendSignatureRequest(request);
Copy
Copied
client = HSClient(access_token='NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMTyMzc=')
client.send_signature_request(
    test_mode=True,
    title='NDA with Acme Co.',
    subject='The NDA we talked about',
    message='Please sign this NDA and then we can discuss more. Let me know if you have any questions.',
    signers=[
        { 'email_address': 'jack@example.com', 'name': 'Jack', 'order': 0 },
        { 'email_address': 'jill@example.com', 'name': 'Jill', 'order': 1 }
    ],
    cc_email_addresses=['lawyer@example.com', 'lawyer2@example.com'],
    files=['NDA.pdf', 'AppendixA.pdf']
)
Copy
Copied
oauth_client = HelloSign::Client.new :auth_token => 'NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc='
oauth_client.send_signature_request(
    :test_mode => 1,
    :title => 'NDA with Acme Co.',
    :subject => 'The NDA we talked about',
    :message => 'Please sign this NDA and then we can discuss more. Let me know if you have any
    questions.',
    :signers => [
        {
            :email_address => 'jack@example.com',
            :name => 'Jack',
            :order => 0,
        },
        {
            :email_address => 'jill@example.com',
            :name => 'Jill',
            :order => 1,
        }
    ],
    :cc_email_addresses => ['lawyer@example.com', 'lawyer2@example.com'],
    :files => ['NDA.pdf', 'AppendixA.pdf']
)
Copy
Copied
const hellosign = require('hellosign-sdk')({ oauthToken: 'NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc=' });

const opts = {
  test_mode: 1,
  title: 'NDA with Acme Co.',
  subject: 'The NDA we talked about',
  message: 'Please sign this NDA and then we can discuss more. Let me know if you have any questions.',
  signers: [
    {
      email_address: 'alice@example.com',
      name: 'Alice',
      order: 0
    },
    {
      email_address: 'bob@example.com',
      name: 'Bob',
      order: 1
    }
  ],
  cc_email_addresses: ['lawyer@example.com'],
  files: ['NDA.pdf]
};

hellosign.signatureRequest.send(opts).then((res) => {
  // handle response
}).catch((err) => {
  // handle error
});
Copy
Copied
var client = new Client();
client.UseOAuth2Authentication("NWNiOTMxOGFkOGVjMDhhNTAxZN2NkNjgxMjMwOWJiYTEzZTBmZGUzMjMThhMzYyMzc=");
var request = new SignatureRequest();
request.Title = "NDA with Acme Co.";
request.Subject = "The NDA we talked about";
request.Message = "Please sign this NDA and then we can discuss more. Let me know if you have any questions.";
request.AddSigner("jack@example.com", "Jack", 0);
request.AddSigner("jill@example.com", "Jill", 1);
request.AddCc("lawyer@example.com");
request.AddCc("lawyer2@example.com");
request.AddFile("C:\Users\Me\My Documents\NDA.pdf");
request.AddFile("C:\Users\Me\My Documents\AppendixA.pdf");
request.TestMode = true;
var response = client.SendSignatureRequest(request);
Show Response
Copy
Copied
{
	"signature_request": {
		"signature_request_id": "d70f43a06bbc8d9068510b394bf93e713fa5dbe9",
		"title": "NDA with Acme Co.",
		"original_title": "The NDA we talked about",
		"subject": "The NDA we talked about",
		"message": "Please sign this NDA and then we can discuss more. Let me know if you have any questions.",
        "is_complete": false,
        "is_declined": false,
		"has_error": false,
		"custom_fields": [
		],
		"response_data": [
		],
		"signing_url": "https://app.hellosign.com/sign/d70f43a06bbc8d9068510b394bf93e713fa5dbe9",
		"details_url": "https://app.hellosign.com/home/manage?guid=d70f43a06bbc8d9068510b394bf93e713fa5dbe9",
		"requester_email_address": "paul@hellosign.com",
		"signatures": [
			{
				"signer_email_address": "jack@example.com",
				"signer_name": "Jack",
				"order": 0,
				"status_code": "awaiting_signature",
				"signed_at": null,
				"last_viewed_at": null,
				"last_reminded_at": null
			},
			{
				"signer_email_address": "jill@example.com",
				"signer_name": "Jill",
				"order": 1,
				"status_code": "awaiting_signature",
				"signed_at": null,
				"last_viewed_at": null,
				"last_reminded_at": null
			}
		],
		"cc_email_addresses": [
			"lawyer@hellosign.com",
			"lawyer@example.com"
		]
	}
}

Refreshing an Access Token

Access tokens are only valid for a given period of time (typically one hour) for security reasons. Whenever acquiring a new access token, the expires_in parameter specifies the time (in seconds) before it expires.You can use the refresh_token to generate a new access_token for a user that has previously authorized your app without prompting them to complete another OAuth flow. This creates a smoother experience for users of your app, but only works as long as they have not revoked authorization to your app and the access scopes have not been changed.

Send a POST request to /oauth/token?refresh with the following parameters:

NameValue
grant_typeString value of "refresh_token"
refresh_tokenThe refresh token provided in the same payload that the access_token was initially returned

Example

curlphpjavapythonrubynodejsC#
Copy
Copied
curl 'https://app.hellosign.com/oauth/token' \
    -F 'grant_type=refresh_token' \
    -F 'refresh_token=hNTI2MTFmM2VmZDQxZTZjOWRmZmFjZmVmMGMyNGFjMzI2MGI5YzgzNmE3'
Copy
Copied
$token = new HelloSign\OAuthToken(array(
    'access_token' => 'hNTI2MTFmM2VmZDQxZTZjOWRmZmFjZmVmMGMyNGFjMzI2MGI5YzgzNmE3'
));
$client = new HelloSign\Client($token);
$token = $client->refreshOAuthToken($token);
Copy
Copied
HelloSignClient client = new HelloSignClient("SIGN_IN_AND_CREATE_API_KEY_FIRST");
OauthData newOauthData = client.refreshOauthData(oauth.getRefreshToken());
Copy
Copied
client = HSClient(api_key='SIGN_IN_AND_CREATE_API_KEY_FIRST')
client.refresh_access_token('hNTI2MTFmM2VmZDQxZTZjOWRmZmFjZmVmMGMyNGFjMzI2MGI5YzgzNmE3')
Copy
Copied
client = HelloSign::Client.new :api_key => 'SIGN_IN_AND_CREATE_API_KEY_FIRST'
client.refresh_oauth_token :refresh_token => 'hNTI2MTFmM2VmZDQxZTZjOWRmZmFjZmVmMGMyNGFjMzI2MGI5YzgzNmE3'
Copy
Copied
const hellosign = require('hellosign-sdk')({ key: 'SIGN_IN_AND_CREATE_API_KEY_FIRST' });

hellosign.oauth.refreshToken({
  refresh_token: 'hNTI2MTFmM2VmZDQxZTZjOWRmZmFjZmVmMGMyNGFjMzI2MGI5YzgzNmE3'
}).then((res) => {
  // handle response
}).catch((err) => {
  // handle error
});
Copy
Copied
Coming soon
Show Response
Copy
Copied
{
    "access_token": "MDZhYzBlMGI1YzQ0ZjI1ZjYzYmUyNmMzZWQ5ZGNmOGYyNmQxMmMyMmQ2NmNiY2M3NW=",
    "expires_in": 86400,	// in seconds
    "refresh_token": "hNTI2MTFmM2VmZDQxZTZjOWRmZmFjZmVmMGMyNGFjMzI2MGI5YzgzNmE3",
    "token_type": "Bearer"
}

More Information

Here are a few links to read up on related topics and get a better understanding of our API.

ReferenceDescription
http://oauth.net/2/OAuth 2.0 Protocol information. For users with existing accounts we use the "Authorization Code flow". For users without existing accounts we use a hybrid of the "Authorization Code flow" and the "Resource Owner Password Credentials flow".
http://www.quora.com/OAuth-2-0/How-does-OAuth-2-0-workQuick overview and explanation of OAuth 2.0 Protocol