HMAC Security

HMAC Security can be used to verify that a message was sent by DocuSign, and that the message contents match what DocuSign sent.

In DocuSign, navigate to DocuSign Connect and click on the Aerofiler webhook. Then click "Manage Keys":

Then, click "Add Secret Key":

Copy that key into Aerofiler:

In both DocuSign and Aerofiler, the key is viewable only one time. When you revisit the page, only several characters of the key will be displayed.

In DocuSign, check the "Include HMAC Signature" option:

Once the key is generated in DocuSign, saved in Aerofiler, and the setting is enabled in DocuSign, it will be used for authentication and integrity verification.

If the key is present in DocuSign and not present in Aerofiler, or if the key is present in Aerofiler and not in DocuSign, this is an invalid state. In this scenario, when a document is received from DocuSign, it will not be filed into the repository and an error message will be sent to your account Administrators.

Last updated