Configure a DocuSign Connect listener in the DocuSign admin console specifying your HTTPS webhook endpoint URL, the triggering events (envelope-completed, envelope-declined, envelope-voided), and an HMAC secret for payload verification
In your webhook handler, verify the HMAC signature on every inbound payload using the HMAC secret and the algorithm documented in the DocuSign Connect developer guide before processing the payload
Parse the envelope completed event to extract the envelopeId, completedDateTime, recipientStatuses, and documentIds
Use the envelopeId to retrieve the signed document binary from the DocuSign eSignature API (GET /v2.1/accounts/{accountId}/envelopes/{envelopeId}/documents/{documentId})
Map the envelopeId back to the originating CLM contract record using a correlation ID you stored when creating the envelope (e.g., a custom envelope field); update the CLM record's execution date, status, and attach the signed PDF via the CLM API
Return HTTP 200 to DocuSign Connect within a short timeout window; offload any slow CLM update work to an async queue to prevent Connect from retrying the delivery
Known gotchas
DocuSign Connect retries failed deliveries (non-2xx responses) with backoff — if your webhook handler performs slow CLM API calls synchronously, it risks timeout, causing duplicate processing on retry; always acknowledge quickly and process asynchronously
The HMAC signature header name and algorithm are documented in the DocuSign Connect developer guide — verify against current documentation since the header name has changed in past API versions
Connect delivers events at-least-once; design your CLM update logic to be idempotent using the envelopeId as a deduplication key
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp