The Authorization Headers

This section covers creating authorization headers. The values used in the following code samples are defined in the section The Signature for Web Services and RESTlets.

Warning:

The end of support for the HMAC-SHA1 signature method targeted for 2021.2 has been postponed. However, the algorithm used by the HMAC-SHA1 signature method is no longer considered secure. You should update your integrations to use the HMAC-SHA256 signature method as soon as possible.

Create the Authorization Header

To create the authorization header, place the correct parameter in the right place.

Note:

For RESTlets, each parameter must be rawurlencoded.

See the following sections:

SOAP Web Services Header

              $passport = " <ns:tokenPassport soap:actor=\"http://schemas.xmlsoap.org/soap/actor/next\" soap:mustUnderstand=\"0\" xmlns:ns=\"urn:messages_2015_2.platform.webservices.netsuite.com\">\n"
  ." <ns:account>".$realm ."</ns:account>\n"
  ." <ns:consumerKey>".$consumerKey ."</ns:consumerKey>\n"
  ." <ns:token>". $tokenKey ."</ns:token>\n"
  ." <ns:nonce>". $nonce ."</ns:nonce>\n"
  ." <ns:timestamp>". $timestamp ."</ns:timestamp>\n"
  ." <ns:signature algorithm=\"". $signatureMethod ."\">". $signature .":</ns:signature>\n"
  ." </ns:tokenPassport>"; 

            

SOAP Web Services Token Passport Example

                <ns:tokenPassport soap:actor="http://schemas.xmlsoap.org/soap/actor/next soap:mustUnderstand="0" xmlns:ns="urn:messages_2015_2.platform.webservices.netsuite.com"
  <ns:account>123456</ns:account>
  <ns:consumerKey>f40afdd8abaac111b13825dd5e5e2ddddb44f86d5a0dd6dcf38c20aae6b67e4</ns:consumerKey>
  <ns:token>2b0ce516420110bcbd36b69e99196d1b7f6de3c6234c5afb799b73d87569f5cc</ns:token>
  <ns:nonce>fjaLirsIcCGVZWzBX0pg</ns:nonce>
  <ns:timestamp>1508242306</ns:timestamp>
  <ns:signature algorithm="HMAC-SHA256">76wQrUWF8i3BwfAjrNnTxjFo+Ixj9YzYgsj+HVeGQyY=</ns:signature>
</ns:tokenPassport> 

              

RESTlet Header

              $header = 'Authorization: OAuth '
         .'realm="' .rawurlencode($realm) .'", '
         .'oauth_consumer_key="' .rawurlencode($consumerKey) .'", '
         .'oauth_token="' .rawurlencode($tokenKey) .'", '
         .'oauth_nonce="' .rawurlencode($nonce) .'", '
         .'oauth_timestamp="' .rawurlencode($timestamp) .'", '
         .'oauth_signature_method="' .rawurlencode($signatureMethod) .'", '
         .'oauth_version="' .rawurlencode($version) .'", '
         .'oauth_signature="' .rawurlencode($signature) .'"' 

            

RESTlet Header Example

                Authorization: OAuth realm="123456", oauth_consumer_key="ef40afdd8abaac111b13825dd5e5e2ddddb44f86d5a0dd6dcf38c20aae6b67e4", oauth_token="2b0ce516420110bcbd36b69e99196d1b7f6de3c6234c5afb799b73d87569f5cc", oauth_nonce="fjaLirsIcCGVZWzBX0pg", oauth_timestamp="1508242306", oauth_signature_method="HMAC-SHA256", oauth_version="1.0", oauth_signature="7mpNx1RdQn4VLSyeEwCK7jFBjGQ0blzwDSMU9Kg5Rmg%3D" 

              

REST Web Services Header

              $header = 'Authorization: OAuth '
         .'realm="' .rawurlencode($realm) .'", '
         .'oauth_token="' .rawurlencode($tokenKey) .'", '
         .'oauth_consumer_key="' .rawurlencode($consumerKey) .'", '
         .'oauth_nonce="' .rawurlencode($nonce) .'", '
         .'oauth_timestamp="' .rawurlencode($timestamp) .'", '
         .'oauth_signature_method="' .rawurlencode($signatureMethod) .'", '
         .'oauth_version="' .rawurlencode($version) .'", '
         .'oauth_signature="' .rawurlencode($signature) .'"' 

            

REST Web Services Header Example

              Authorization: OAuth realm="123456", oauth_token="2b0ce516420110bcbd36b69e99196d1b7f6de3c6234c5afb799b73d87569f5cc", oauth_consumer_key="ef40afdd8abaac111b13825dd5e5e2ddddb44f86d5a0dd6dcf38c20aae6b67e4", oauth_nonce="fjaLirsIcCGVZWzBX0pg", oauth_timestamp="1508242306", oauth_signature_method="HMAC-SHA256", oauth_version="1.0", oauth_signature="B5OIWznZ2YP0OB7VrJrGkYsTh%2B8H%2B5T9Hag%2Bo92q0zY%3D" 

            

Related Topics

Token-based Authentication (TBA)
Token-based Authentication (TBA) Tasks for Administrators
Token-based Authentication (TBA) for Integration Application Developers
Troubleshoot Token-based Authentication (TBA)

General Notices