Adobe is committed to providing safe and secure product experience for our customers by adhering to the latest industry standard security protocols. As a part of that process, Adobe Sign is ending support (August 2019) for older API authentication model that allowed sending username and password in the API call. Please see the security notice.
Following are the steps you need to take to move to a secure authentication model:
►Use REST APIs
Enhancement to Adobe Sign APIs are now restricted to only REST APIs. Please follow the documentation available here for learning more about the REST API. You can also quickly try out the REST API on the swagger documentation.
The very first step to enable an end user to use your client app with Adobe Sign is to have the end-user authenticate with Adobe. The recommended way for authenticating end users with Adobe Sign is the standard OAuth 2.0 protocol. Please refer to this step-by-step guide on creating your application and having it integrated with Adobe Sign OAuth workflow.
The general recommendation is that every user in the organization should directly authenticate with Adobe while using your client app to have their unique access tokens issued. SAML configuration with Adobe Sign in your user's organization provides an easy way to do so. However, there might be enterprise use-cases where only a single admin is required to authenticate with Adobe and other users in this organization can just use the client without Adobe login. This is possible via OAUTH modifiers concept that Adobe Sign provides. Modifiers enable clients to call APIs with admins’ OAUTH token and actual regular user’s identity in “x-api-user” header. Please refer the guide available here for more details on modifiers.