I am using the Netsuite web services (SuiteTalk) api but keep getting a Invalid login attempt error when using a tokenPassport. As the token authentication seems quite complex I will include all the steps i have taken.
I have retreived the account id from Setup > Integration > Web Service Preferences
I have set up a new role with all Authentication boxes unchecked. In the permissions > Setup I have added the following permissions
Access Token Management = Full
User Access Tokens = Full
Web Services = Full
I have added the new role to my User Access Permissions
I have created a new application in Setup > Integration > Manager Integrations Under the Authentication tab I have selected TOKEN-BASED Authentication
I have created a new access token in the Setup > Users/Roles > Access Tokens with the following settings
Application Name = the new applicaiton
User = me
Role = the new role
Token Name = renamed to something that makes sense
My request xml looks like
<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:msg="urn:messages_2016_2.platform.webservices.netsuite.com"
xmlns:core="urn:core_2016_2.platform.webservices.netsuite.com">
<env:Header>
<msg:tokenPassport>
<core:account>123XXXX_SB1</core:account>
<core:consumerKey>MY_CONSUMER_KEY</cre:consumerKey>
<core:token>MY_TOKEN_ID</core:token>
<core:nonce>ZcVszy7ySJ3Ji8PIgwlW</core:nonce>
<core:timestamp>1530692570</core:timestamp>
<core:signature algorithm="HMAC-SHA256">nN7V4PH9qWNT9BocMQzKcFetqZ3QxpxutDJ8iZjSmH8=</core:signature>
</msg:tokenPassport>
</env:Header>
<env:Body>
<msg:get>
<msg:baseRef xsi:type="core:RecordRef" internalId="1234567" type="customer"/>
</msg:get>
</env:Body>
</env:Envelope>
I am using the following ruby class to generate the nonce and signature
class NetSuiteToken
attr_reader :account, :consumer_key, :consumer_secret, :token_id, :token_secret
def initialize(account, consumer_key, consumer_secret, token_id, token_secret)
@account = account.to_s
@consumer_key = consumer_key
@consumer_secret = consumer_secret
@token_id = token_id
@token_secret = token_secret
end
def passport
{
'msg:tokenPassport' => {
'core:account' => account,
'core:consumerKey' => consumer_key,
'core:token' => token_id,
'core:nonce' => nonce,
'core:timestamp' => timestamp,
'core:signature' => signature,
:attributes! => { 'core:signature' => { 'algorithm' => 'HMAC-SHA256' } }
}
}
end
private
def signature
Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), signature_key, signature_data))
end
def signature_key
"#{consumer_secret}&#{token_secret}"
end
def signature_data
"#{account}&#{consumer_key}&#{token_id}&#{nonce}&#{timestamp}"
end
def nonce
@nonce ||= Array.new(20) { alphanumerics.sample }.join
end
def alphanumerics
[*'0'..'9',*'A'..'Z',*'a'..'z']
end
def timestamp
@timestamp ||= Time.now.to_i
end
end
If anybody could offer any assistance it would be highly appreciated.
You need to add the role permission called "Log in using Access Tokens"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With