NetSuite Oauth Implemenation

Question

I am looking for the oauth implemenation in Netsuite.Does Netsuite Supports oauth ? I searched for oath implementation in NetSuite but didn’t have a single result.

Is there any official documentation saying netsuite doesnt support oauth?

Answer 1

NetSuite's SuiteTalk API does support oAuth, although it's implemented very differently from other services (google, stripe, etc). Acquiring oauth credentials requires the user to run through a non-obvious process and copy/paste four separate keys. I've written up a guide detailing how to setup NetSuite SuiteTalk API with oAuth.

Answer 2

In 15.1 NetSuite supports inbound RESTlet calls with OAuth 1.0 tokens (be aware that it's not full OAuth 1.0 protocol, though it utilizes its token and header format). In NetSuite you can get access token in two ways - either call token endpoint, either manually from the UI. The good thing is that you can still use OAuth 1.0 open source libraries, like scribe for Java or oauth-1.0a.js, in the case if you plan to call RESTlets from node.js or SuiteScript (e.g. Suitelets)

PS Just look for Token-based Authentication for RESTlets

Answer 3

Netsuite Does Support OAuth, You can call a Restlet from an outside application with OAuth. There are lots of things that need to be configured in order for it to work, its pretty complex so I wrote this step by step guide. Check out the step by step instructions.

Basic code to Configure the Signature & header

var NETSUITE_ACCOUNT_ID = '1234567890_SB'
var BASE_URL = 'https://1234567890_SB.restlets.api.netsuite.com/app/site/hosting/restlet.nl'
var HTTP_METHOD = 'POST'
var SCRIPT_ID = '613'
var OAUTH_VERSION = '1.0';
var SCRIPT_DEPLOYMENT_ID = '1'
var TOKEN_ID = "1234567890abcdefghijklmnopqrstuvwxyz0987654321"
var TOKEN_SECRET = "1234567890abcdefghijklmnopqrstuvwxyz0987654321"
var CONSUMER_KEY = "1234567890abcdefghijklmnopqrstuvwxyz0987654321"
var CONSUMER_SECRET = "1234567890abcdefghijklmnopqrstuvwxyz0987654321"
var text = "";
var length = 32;
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for (var i = 0; i < length; i++) {
text += possible.charAt(Math.floor(Math.random() * possible.length));
}
var OAUTH_NONCE = text;
var TIME_STAMP = Math.round(+new Date() / 1000);
var data = '';
data = data + 'deploy=' + SCRIPT_DEPLOYMENT_ID + '&';
data = data + 'oauth_consumer_key=' + CONSUMER_KEY + '&';
data = data + 'oauth_nonce=' + OAUTH_NONCE + '&';
data = data + 'oauth_signature_method=' + 'HMAC-SHA1' + '&';
data = data + 'oauth_timestamp=' + TIME_STAMP + '&';
data = data + 'oauth_token=' + TOKEN_ID + '&';
data = data + 'oauth_version=' + OAUTH_VERSION + '&';
data = data + 'script=' + SCRIPT_ID;
var encodedData = encodeURIComponent(data);
var completeData = HTTP_METHOD + '&' + encodeURIComponent(BASE_URL) + '&' + encodedData;
var hmacsha1Data = CryptoJS.HmacSHA1(completeData, CONSUMER_SECRET + '&' + TOKEN_SECRET);
var base64EncodedData = Base64.stringify(hmacsha1Data);
var oauth_signature = encodeURIComponent(base64EncodedData);
var OAuth = 'OAuth oauth_signature="' + oauth_signature + '",';
OAuth = OAuth + 'oauth_version="1.0",';
OAuth = OAuth + 'oauth_nonce="' + OAUTH_NONCE + '",';
OAuth = OAuth + 'oauth_signature_method="HMAC-SHA1",';
OAuth = OAuth + 'oauth_consumer_key="' + CONSUMER_KEY + '",';
OAuth = OAuth + 'oauth_token="' + TOKEN_ID + '",';
OAuth = OAuth + 'oauth_timestamp="' + TIME_STAMP + '",';
OAuth = OAuth + 'realm="' + NETSUITE_ACCOUNT_ID + '"';
var request = https.post({
url: BASE_URL + '?script=' + SCRIPT_ID + '&deploy=' + SCRIPT_DEPLOYMENT_ID,
headers: { "Content-Type": "application/json", "Authorization": OAuth },
body: JSON.stringify({ hello: "world" })
})
var response = JSON.parse(request.body)
log.debug('response', response)