简体繁体 English

Docusign API 轮询/限速疑惑

[英]Docusign API Polling/Rate limiting doubts

原文 2021-08-25 20:26:15 3 1 node.js/ docusignapi/ digital-signature/ docusignconnect

Docusign eSignature API has a limit of polling 15 min in 15 minutes for requesting a unique url resources. Docusign eSignature API 限制在 15 分钟内轮询15 分钟以请求唯一的 url 资源。

However in the documentation it is not explained if normal user behaviour is allowed , which is completely different from polling X in X minutes (eg clicking to view an envelope multiple times in a row).但是在文档中没有解释是否允许正常的用户行为，这与在 X 分钟内轮询 X 完全不同（例如，连续多次单击以查看信封）。

Question 1问题一

Is there a problem in Docusign if the same resource is called multiple times within 15 minutes in normal user actions?如果在正常用户操作中在 15 分钟内多次调用同一资源，Docusign 是否存在问题？

There could be scenarios where the resource needs to be fetched much more frequently within 2 or 3 minutes, but almost 0 the rest of the day for that resource).可能存在需要在 2 或 3 分钟内更频繁地获取资源的情况，但几乎是 0 该资源当天的 rest）。

Common examples may be: asking for an envelope information, related entities and audit events within a short time span.常见的例子可能是：在短时间内询问信封信息、相关实体和审计事件。

Question 2问题2

Do all GET unique resource url have the 15 min rate limiting restrictions in eSignaturesAPI (envelopes, recipients, events, status, templates etc)?是否所有 GET 唯一资源 url 在 eSignaturesAPI 中都有 15 分钟的速率限制限制（信封、收件人、事件、状态、模板等）？

Some documentation indicate only status related endpoints are poll restricted, other docs specify that all GET resources in the eSignaturesAPI are.一些文档表明只有与状态相关的端点是轮询限制的，其他文档指定 eSignaturesAPI 中的所有 GET 资源都是。

Question 3问题三

One alternative for polling is to use Docusign Webhooks (Connect) as suggested in many articles, however to secure it with HMAC, it not possible in combination with oAuth.轮询的一种替代方法是使用许多文章中建议的 Docusign Webhooks (Connect)，但是为了使用 HMAC 保护它，它不可能与 oAuth 结合使用。

The connect keys are associated with the user's account and not the client's app account (each user would have to setup their own keys, which is not feasible).连接密钥与用户帐户相关联，而不是与客户端的应用程序帐户相关联（每个用户都必须设置自己的密钥，这是不可行的）。 One suggestion seems to be mTLS (which won't be an option).一个建议似乎是 mTLS（这不是一个选项）。

What other ways exist to secure webhooks when using oAuth?使用 oAuth 时，还有哪些其他方法可以保护 webhook？

Wondering how other integrations have done it with the current webhook security limitations.想知道其他集成如何在当前的 webhook 安全限制下完成它。

1 个解决方案

The reason that DocuSign cares about polling is because developers have built integrations that poll every 1 sec resulting in millions or API calls that clogs the servers. DocuSign 关心轮询的原因是因为开发人员构建了每 1 秒轮询一次的集成，导致数百万或 API 次调用阻塞服务器。

It sounds like your integration is not doing polling.听起来您的集成没有进行轮询。

Then all you have to do is pass go-live and you should be fine.然后你所要做的就是通过上线，你应该没问题。

The last 20 API calls for your go-live review should adhere to the polling rules, make sure they are so.上线审核的最后 20 个 API 电话应遵守投票规则，确保它们是这样。 There's no way for DocuSign to know the intention of API calls, so the polling rule are strict, but they should not be hard for you to figure out. DocuSign 无法知道 API 调用的意图，因此轮询规则很严格，但您应该不难理解。