API client configuration

You can authenticate and configure the BoldSign Python SDK using either an API Key or a Bearer Token. Depending on your authentication method, you can set up with one of the two configurations outlined below.

Authentication with API Key

To authenticate using an API Key, you'll need to first generate your API key. You can refer to the API-Key for more details .

Once you have your API key, you can configure as follows:

configuration = boldsign.Configuration(api_key="Your-API-Key-Here ")
api_client = boldsign.ApiClient(configuration)

Replace "Your-API-Key-Here" with the actual API key you generated. After setting this up, the SDK will use this API key for authenticating all API requests.

Authentication Using Bearer Token

Alternatively, you can authenticate using a Bearer Token. To generate a Bearer Token and make calls to the API, you can use any of BoldSign's supported OAuth2 authentication workflows, such as Client Credential or Authorization Code Grant. This guide focuses on the Authorization Code Grant flow, offering a detailed walkthrough with code examples to help you integrate OAuth2 authentication into your python application easily. Check out the OAuth 2.0 for more details about the authorization code flow.

Implement Authorization Code Flow

To begin the OAuth2 authorization code flow with Python, you need to set up a web server that handles the redirect URI endpoint. This endpoint is crucial for receiving the authorization code and exchanging it for access and refresh tokens. Ensure you have the necessary packages installed. You will need requests and Flask for HTTP requests and setting up the web server.

When implementing OAuth2 with PKCE (Proof Key for Code Exchange), you need to generate a code verifier and a code challenge to enhance the security of your authorization flow. The code verifier is a random string, and the code challenge is a hashed version of the verifier, both of which are used to verify the authenticity of the authorization request. To generate a PKCE code verifier and challenge in python, you can install pkce package using pip tool.

Here's a step-by-step guide to obtain the Access Token.

import os
import flask
from flask import Flask, redirect, request, jsonify
import pkce
import string
import random
import http
import json

app = Flask(__name__)

AUTHORIZATION_URL = 'https://account.boldsign.com/connect/authorize'
TOKEN_URL = 'https://account.boldsign.com/connect/token'
SCOPE = 'openid profile email offline_access BoldSign.Documents.All'
CLIENT_ID = 'YOUR_CLIENT_ID'
CLIENT_SECRET = 'YOUR_CLIENT_SECRET' 
REDIRECT_URI = 'http://localhost:5000/callback'

@app.route('/authorize')
def authorize():
    global code_verifier
    code_verifier = pkce.generate_code_verifier(length=48)
    code_challenge = pkce.get_code_challenge(code_verifier)
    state = get_state(16)
    authorization_uri = f"{AUTHORIZATION_URL}?response_type=code&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}&scope={SCOPE}&code_challenge={code_challenge}&code_challenge_method=S256&state={state}"
    return redirect(authorization_uri)

@app.route('/callback')
def callback():
    auth_code = request.args.get('code')
    state = request.args.get('state')
    conn = http.client.HTTPSConnection("account.boldsign.com")
    payload = f"grant_type=authorization_code"+ \
    f"&client_id={CLIENT_ID}" + \
    f"&client_secret={CLIENT_SECRET}" + \
    f"&code={auth_code}" + \
    f"&redirect_uri={REDIRECT_URI}"  + \
    f"&code_verifier={code_verifier}" + \
    f"&state={state}"

    headers = {'content-type': "application/x-www-form-urlencoded"}

    conn.request("POST", "/connect/token", payload, headers)
    res = conn.getresponse()
    data = res.read()
    jsonData = json.loads(data.decode("utf-8"))
    global refresh_token
    refresh_token = jsonData["refresh_token"]
    result=jsonData["access_token"]
    print("Access Token:", result)
    return jsonify(jsonData)

@app.route('/refresh_token')
def refresh_access_token():
     conn = http.client.HTTPSConnection("account.boldsign.com")
     payload = f"grant_type=refresh_token" + \
        f"&client_id={CLIENT_ID}" + \
        f"&client_secret={CLIENT_SECRET}"+ \
        f"&refresh_token={refresh_token}"

     headers = {'content-type': "application/x-www-form-urlencoded"}
     
     conn.request("POST", "/connect/token", payload, headers)
     res = conn.getresponse()
     data = res.read()
     jsonData = json.loads(data.decode("utf-8"))
     result=jsonData["access_token"]
     print("New Access Token:", result)
     return jsonify(jsonData)

def get_state(length):
        # Generate a random alphanumeric string of the specified length
        chars = string.ascii_letters + string.digits
        return ''.join(random.choice(chars) for _ in range(length))

if __name__ == '__main__':
    app.run(port=5000)

In the provided code example, replace CLIENT_ID with your client id from BoldSign application, CLIENT_SECRET with your client secret from BoldSign application. Once you have the refresh token, you can use it to obtain a new access token without requiring the user to reauthorize your application using refresh end point. This process ensures continuous access to the BoldSign API.

Once you have the Bearer Token (access token), you can configure it as shown below:

configuration = boldsign.Configuration(access_token="Your-Bearer-Token-Here ")
api_client = boldsign.ApiClient(configuration)

Replace "Your-Bearer-Token-Here" with your actual Bearer Token. This token will be used for authenticating API requests made with the SDK.