Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to request Netsuite RESTlet with TBA authentification

Tags:

http-headers

oauth

access-token

netsuite

I am trying to do a request my Netsuite RESTlet using Alamofire (SWIFT) but I meet several difficulties: In the documentation it's specify the different parameters needed (see below).

DOCUMENTATION:

An OAuth 1.0 RESTlet authorization header requires the data described in the following table. Some of these values can be obtained from the NetSuite UI. Other values must be calculated. Typically, your integration should include logic to identify these values and generate the finished header. Follow the OAuth 1.0 protocol to create the authorization header. enter image description here

However in postman I am using extra parameters (consumer Secret and the Token Secret) and it's works if I remove them it doesn't works

enter image description here

To finish when i check the Authorization header generated by postman, I see only the specify parameters in the documentation :

OAuth realm="my realm",oauth_consumer_key="myConsumerKey",oauth_token="myAccessToken",
oauth_signature_method="HMAC-SHA1",oauth_timestamp="1543488570",
oauth_nonce="ERxdLbUfkeh",oauth_version="1.0",oauth_signature="UeqmxAyeUqtPoICLo%2FARsQE8B1E%3D"

If someone can explain me this, I could implement TBA authentification in my Application but for now I need to understand better this authentification.

like image 280
Millet Antoine Avatar asked Jan 28 '23 02:01

Millet Antoine

2 Answers

I also spend a few hours trying to make it work. In my case I wasn't adding the account ID to the realm param. Here a picture of what I ended with: Postman NetSuite TBA RESTlet Config

Here where you can get the account ID: NetSuite RESTlet TBA realm param

I hope it helps

like image 200
Daniel Aron Goldenberg Avatar answered Jan 29 '23 16:01

Daniel Aron Goldenberg

The explanation of why the consumer secret and the token secret are needed by Postman to generate the token is shown in SuiteAnswer 42019 - as referenced in the Notes section beside oauth_signature in your screenshot above. From that page:

  1. Sign the result string from step 5 using the consumer secret and token secret concatenated using '&' (For this case, HMAC-SHA1 or HMAC-256).

In other words, Postman uses the secrets to generate the output which authenticates your credentials - you cannot generate the oauth_signature correctly without them.

like image 25
Krypton Avatar answered Jan 29 '23 16:01

Krypton
Sign in to Comment

Related questions

How to delegate authorisation to external Auth 2.0 services
Skype Bot OAuth error that wasn't happening before
Which OAuth2 authentication flow shoud I use for PWA + server side application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!