In the DocuSign Admin console (or via the Connect API), create a Connect configuration specifying your HTTPS endpoint URL, the triggering events (e.g., envelope-sent, envelope-completed, recipient-completed), and whether to include documents and form data in the payload.
Accept incoming POST requests at your endpoint; DocuSign sends an XML or JSON payload (depending on configuration) signed with an HMAC-SHA256 signature in the X-DocuSign-Signature-1 header.
Validate the HMAC signature using your Connect HMAC key before processing any payload to prevent spoofed events.
Respond with HTTP 200 within a few seconds; offload heavy processing to a background queue to avoid timeouts that trigger DocuSign's retry logic.
Handle duplicate deliveries idempotently by tracking processed envelopeId + status combinations in your datastore.
For missed events, backfill by querying GET /v2.1/accounts/{accountId}/envelopes?from_date=... to reconcile state.
Known gotchas
DocuSign retries failed deliveries (non-2xx or timeout) several times with increasing delays; without idempotency guards, retries will cause duplicate processing.
The Connect payload can be large when documents are included; size limits on your API gateway or load balancer may silently drop payloads — stream to storage before parsing.
Connect HMAC keys must be rotated carefully; during rotation there is a window where both old and new keys must be accepted simultaneously.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp