Viewing, Editing, Creating, and Revoking TBA Tokens

You can see a list view of tokens in your account.

To view tokens:

1. Go to Setup > Users/Roles > User Management > Access Tokens

   The Access Token page appears.

   

2. You can take the following actions:

   • Click View to open the Access Token page and review the details of a specific token.

   • Click New Access Token to open the Access Token page and create a new token. For more information, see Access Token Management – Create and Assign a TBA Token.

   • Click Edit to open the Access Token page and:

     • Edit specific details about the token, or

     • Click Revoke to revoke the token. For more information, see Revoking TBA Tokens in the NetSuite UI.

   • Open the Filters panel to select a value for Revoked status (All, Yes, or No).

   • Click Search at the top right corner of the Access Tokens page. For more information, see Using the TBA Access Token Search Page.

Revoking TBA Tokens in the NetSuite UI

This section provides information about revoking a token in the NetSuite UI. For information about revoking a token programmatically, see Issue Token and Revoke Token REST Services for Token-based Authentication.

Revoking a token makes it inactive forever, but does not remove the token from the system. The token is still accessible for auditing purposes.

Revoke and Inactive Statuses

• When a token is revoked, it cannot be edited, and will display an Inactive status in list views.

• When the Inactive box is checked for a token, the token will display as Inactive in list views, but the token can still be edited. To make the token active again, click Edit, clear the Inactive box, and click Save.

Additional Token Rules

• When an application used for token-based authentication is deleted, all tokens associated with that application are revoked.

• When an administrator removes roles from an entity (an employee, a vendor, a partner, a customer, or a contact) the tokens are still active in the system. These active tokens cannot be used by the entity for log in to NetSuite (unless the administrator adds the roles back to the entity).

• When an administrator deletes an entity, (an employee, a vendor, a partner, a customer, or a contact) the associated tokens are deleted.

Related Topics

Token-based Authentication (TBA)

Token-based Authentication (TBA) for Integration Application Developers

Troubleshoot Token-based Authentication (TBA)

Specifications for Signature Construction for the TBA Authorization Flow

Generating the Signature for the TBA Authorization Flow

General Notices