You should definitely use OAuth as there are multiple advantages of using OAuth tokens over API key. Few advantages of OAuth over API key are: -
- API Key are permanent and can not be revoked where as OAuth tokens can be revoked
- Access token provides fine level control in terms of authorizing various operations like agreement write, user write etc. where as API key simply authorizes for all the scopes. It does not provide any granularity in terms of authorization.
- You can have different OAuth token for different application whereas API key remains same across all the API calls. Different application identifier provides better analytics and easier troubleshooting if something goes wrong.
Because of above security concerns, EchoSign has stopped issuing new API keys. It might be the the case that API key is enabled for your account but end user of your application may not be able to get an API key issued and may not be able to use your application.
Your use case fits well in the OAuth workflow. You should do an OAuth and only ask for authorizations needed in your workflow. From your workflow, it looks that you only need agreement_read and agreement_send or agreement_write and may be user_login scope depending on how you are sending the agreement.
OAuth documentation is available at https://secure.na1.echosign.com/public/static/oauthDoc.jsp which explains in details various OAuth scopes, how access token and refresh token works along with their timeout mechanism. There is also a demo code at the end.
Moving to OAuth tokens in SOAP API is very easy, all you need to do is use access token that you will get from OAuth workflow in place of API key string. Every thing else remains unchanged.
On a side note, you seem to be using SOAP APIs for your requirements. EchoSign also provided REST APIs documentation for which is available at https://corporate.na1.echosign.com/redirect/latestRestApiMethods
REST APIs provides a clear OAuth support with exact scope requirements for various API endpoints. Also REST API documentation provides an interactive documentation from where you can directly invoke APIs and play with them. On REST API documentation, with every API there is an OAUTH-ACCESS-TOKEN button which will help you generate OAuth token and use API with that token.