So my application has an integration with DocuSign.
My case is getting routed to DocuSign for e-Signature but after signing the document the callback to pega is not happening and the signed document is not getting attached in the case. The logs in DocuSign says 403 forbidden requests. The pyConnect URL is also configured correctly. The Service Package for DocuSign in Pega is without any authentication
A 403 from the DocuSign usually meant that DocuSign can reach the endpoint but the endpoint is refusing the request. Since you mentioned that Pega service package is unauthenticated, I would recommend you to first check whether there is any firewall/WAF/load balancer rule blocking inbound requests from DocuSign and confirm that the callback URL is publicly reachable and accepts POST requests.
DocuSign’s 403 is typically caused by endpoint-level rejection or firewall restrictions rather than a basic URL configuration issue.
When I hit the pyConnet end point URL using postman or bruno that API is working fine in DocuSign service package I can see the invocation history. But from DocuSign to pega it is not getting invoked. In pega tracer also nothing is present nor in pega logs
I hope you’re using the Pega Marketplace component to integrate with Docusign. We have implemented in our previous project and all the handshakes are looking good. I hope you have configured everything as per the Pega documentation .
If the request is not appearing in Pega tracer or logs at all, the issue is likely happening before Pega receives it. Since the callback URL works from Postman/Bruno, that only confirms the endpoint is reachable from your client, not from DocuSign Connect. I would recommend you to check the web tier, proxy, load balancer, and WAF logs to see whether DocuSign’s callback is being blocked or rejected before it reaches Pega. DocuSign’s ‘403’ on Connect is often due to endpoint-level rejection or network filtering rather than a Pega service-package authentication issue.
As @RameshSangili mentioned, we have implemented the same component and we havent seen any such issues.
A few useful checks would be-
Review the DocuSign Connect logs/failure logs to confirm whether DocuSign is attempting the callback and what HTTP status it receives.
Point DocuSign temporarily to a simple public test endpoint or webhook catcher to verify that the callback is being sent out correctly.
Check the reverse proxy / load balancer / WAF logs in front of Pega, since the request may be blocked before it reaches Pega.
Inspect the Pega web server access logs. If there is no incoming request entry there, then the request is not reaching Pega at all.
Compare the exact headers and payload sent by DocuSign with the request you tested manually in Postman/Bruno.
It was resolved by the Pega Support team after raising a ticket.
Issue: “We reviewed the issue and found that requests from the below source IPs are being blocked when attempting to access the configured callback/service package endpoint”