Set up the DocuSign MCP server

The DocuSign MCP server lets AI agents send envelopes, manage signing workflows, and generate signing links through the eSignature REST API. This guide covers creating a DocuSign integration app, configuring OAuth, and connecting the server to MintMCP — starting in the sandbox environment and promoting to production.

Prerequisites

• A MintMCP admin account
• A DocuSign developer account (for sandbox setup) — sign up at developers.docusign.com
• A paid DocuSign production account with admin access, required for the Go-Live promotion

Create a DocuSign integration app

Connect without registering a DocuSign app

To skip the app setup entirely, go to MCP store → Manage store, find DocuSign in the recommended servers, and install it with MintMCP's credentials rather than your own. MintMCP brokers sign-in through its own OAuth client, so there are no integration keys or scopes to configure — your team just signs in with DocuSign on first use. Follow the steps below only when you'd rather use your own DocuSign app.

DocuSign uses its own names for standard OAuth terms:

DocuSign term	OAuth equivalent
Integration Key	client_id — a GUID shown on the app's General Info page
Secret Key	client_secret — shown once at creation
Redirect URI	OAuth callback URL — registered under Additional Settings

1. Sign in to your DocuSign developer account at account-d.docusign.com.

2. Go to Settings → Integrations → Apps and Keys.

3. Click Add App and Integration Key, give the app a name (for example, MintMCP), and click Create App.

4. Copy the Integration Key (GUID) from the General Info section — this is the OAuth client_id.

5. Scroll to Authentication. When asked "Is your application able to securely store a client secret?", select Yes — this enables Authorization Code Grant for a confidential client.

6. Under Secret Keys, click Add Secret Key and copy the key immediately. DocuSign shows it only once.

7. Scroll to Additional Settings → Redirect URIs and click Add URI. Enter MintMCP's callback URL exactly:

   https://app.mintmcp.com/oauth/callback

   This value must match byte-for-byte what's registered in DocuSign, or authorization fails with invalid_redirect_uri. Changes can take up to 5 minutes to propagate.

8. Click Save.

Add DocuSign to MintMCP

1. In MintMCP, go to MCP store → Manage store.

2. Find DocuSign in the available connectors and click to install it.

3. Open the connector's OAuth settings and enter:

   Setting	Value
   Authorization URL	https://account-d.docusign.com/oauth/auth
   Token URL	https://account-d.docusign.com/oauth/token
   Scope	signature extended
   Client ID	Integration Key from the DocuSign app
   Client Secret	Secret Key from the DocuSign app

   The signature scope grants access to the eSignature REST API — omitting it causes 401 errors on all calls. The extended scope keeps users connected without re-consenting every 30 days by rolling the refresh-token lifetime forward on each refresh.

4. Confirm the Redirect URL shown in the connector's OAuth settings matches https://app.mintmcp.com/oauth/callback.

5. Click Save.

On the first tool call, MintMCP redirects each user to sign in with DocuSign and consent once. MintMCP stores and refreshes their token automatically — users act under their own DocuSign identity and permissions.

Go live with production DocuSign

DocuSign integration apps run against the sandbox environment (account-d.docusign.com). To work with real DocuSign accounts, you must promote the app to production.

Promote the app

1. In DocuSign, go to Settings → Integrations → Apps and Keys.

2. Find your app and click Go Live.

3. Select the integration type, enter your production account details, and complete the built-in validation.

   DocuSign's streamlined Go-Live process (updated October 2025) no longer requires 20 successful sandbox API calls. Approval is automated in most cases and takes about 15 minutes, but can sit in Pending review for up to 48 hours.

Recreate credentials in the production app

When Go-Live completes, DocuSign duplicates the Integration Key to production — the GUID stays the same. The following do not carry over from the sandbox app and must be recreated:

• New Secret Key — the sandbox secret does not work in production. Add a new secret under Authentication → Secret Keys and copy it.
• Redirect URI — add https://app.mintmcp.com/oauth/callback again under Additional Settings → Redirect URIs.

Both changes take up to 5 minutes to propagate. If production calls fail right after Go-Live, wait a few minutes and confirm the production Secret Key and redirect URI were added in the production app.

Update MintMCP

1. In MintMCP, open the DocuSign connector's OAuth settings.

2. Update the OAuth URLs to the production endpoints:

   Setting	Production value
   Authorization URL	https://account.docusign.com/oauth/auth
   Token URL	https://account.docusign.com/oauth/token

3. Update Client Secret to the new production Secret Key.

4. Click Save.

Security considerations

• Each user authenticates individually through OAuth, so actions are tied to their DocuSign identity and permissions — MintMCP does not share credentials across users.
• The Secret Key is shown only once at creation. Store it securely and restrict who can view it in MintMCP.
• The extended scope keeps sessions active as long as users keep using the connection; it does not grant additional eSignature permissions beyond what the user already has.
• When going live, add a new Secret Key and the redirect URI in the production app before switching MintMCP to production endpoints — the sandbox credentials do not work in production.

Troubleshooting

• invalid_redirect_uri or redirect mismatch — the registered URI must be exactly https://app.mintmcp.com/oauth/callback. Allow up to 5 minutes after adding or editing the URI.
• 401 on eSignature calls — the signature scope is missing. Set the Scope field to signature extended.
• Users prompted to consent again unexpectedly — confirm extended scope was granted; without it, consent expires every 30 days.
• Production credentials fail right after Go-Live — expected. The app must show Live in DocuSign (can take up to 48 hours), then allow a few minutes for the new Secret Key and redirect URI to propagate.
• Calls hitting sandbox after going live — confirm MintMCP's Authorization URL and Token URL point to account.docusign.com (production), not account-d.docusign.com.

Next steps

• Tool customization — Control which DocuSign tools are exposed to users
• MCP gateway administration — Manage access and permissions