The NLAuth Authorization Header in TBA

You should use The Three-Step TBA Authorization Flow for all new TBA integrations. You should also consider migrating existing integrations currently using the issutoken endpoint to use the authorization flow.

To construct an NLAuth authorization header, use the fields described in the following table.

Important:

Strings must be escaped using RFC 3986. If you do not escape characters in the header, you may receive an INVALID_LOGIN_ATTEMPT error. For more information about percent encoding, see https://tools.ietf.org/html/rfc5849#section-3.6.

Field	Description
nlauth_account	The account ID of the NetSuite account.
nlauth_email	The email address with which the user logs in to NetSuite.
nlauth_signature	The user’s password.
nlauth_role	The internal ID of a role with which the user is associated.
nlauth_application_id	The application ID of the integration associated with the RESTlet.
nlauth_otp Important: This parameter can only be used with the issuetoken endpoint.	The value of the one-time password (OTP) is the same as the value of a two–factor authentication (2FA) verification code generated by an authenticator app when a user is logging in to the NetSuite UI.

Field

Description

nlauth_account

The account ID of the NetSuite account.

nlauth_email

The email address with which the user logs in to NetSuite.

nlauth_signature

The user’s password.

nlauth_role

The internal ID of a role with which the user is associated.

nlauth_application_id

The application ID of the integration associated with the RESTlet.

nlauth_otp

Important:

This parameter can only be used with the issuetoken endpoint.

The value of the one-time password (OTP) is the same as the value of a two–factor authentication (2FA) verification code generated by an authenticator app when a user is logging in to the NetSuite UI.

For more information, see Troubleshoot Token-based Authentication (TBA).

Related Topics