The NLAuth Authorization Header in TBA

See The Three-Step TBA Authorization Flow, which should be used for all new integrations that use TBA. Developers of existing integrations currently using the NLAuth authorization header should consider migrating the integration to the TBA authorization flow.

To construct an NLAuth authorization header, use the fields described in the following table.

Important:

Strings must be escaped using RFC 3986. If you do not escape characters in the header, you may receive an INVALID_LOGIN_ATTEMPT error. For more information about percent encoding, see https://tools.ietf.org/html/rfc5849#section-3.6.

Field

Description

nlauth_account

The account ID of the NetSuite account.

nlauth_email

The email address with which the user logs in to NetSuite.

nlauth_signature

The user’s password.

nlauth_role

The internal ID of a role with which the user is associated.

nlauth_application_id

The application ID of the integration associated with the RESTlet.

nlauth_otp

Important:

This parameter can only be used with the issuetoken endpoint.

The value of the one-time password (OTP) is the same as the value of a two–factor authentication (2FA) verification code generated by an authenticator app when a user is logging in to the NetSuite UI.

For more information, see Troubleshoot Token-based Authentication (TBA).

Related Topics

Token-based Authentication (TBA)
Token-based Authentication (TBA) Tasks for Administrators
Troubleshoot Token-based Authentication (TBA)

General Notices