The IssueToken Endpoint

The issuetoken endpoint is a programmatic method for creating tokens. The issuetoken authentication mechanism enables client applications to access NetSuite APIs using a token, significantly reducing the risk of compromising user credentials.

You should use the Three-Step TBA Authorization Flow for all new TBA integrations. You should also consider migrating existing integrations currently using the issutoken endpoint to use The Three-Step TBA Authorization Flow.


Whether using The Three-Step TBA Authorization Flow, or calling The IssueToken Endpoint, an integration record is created and automatically installed in your account. The Require Approval during Auto-Installation of Integration preference affects whether this new record is automatically enabled. You can manage the preference at Setup > Integration > SOAP Web Services Preferences. If the Require Approval during Auto-Installation of Integration box is not checked (set to false) the State field on the new application is automatically set to Enabled, and all requests are permitted. However, if the box is checked (set to true) the State field on the new integration record is set to Waiting for Approval. In the latter case, you must manually edit the record and set the State to Enabled. Until you set the state to Enabled, all requests sent by that application are blocked.

See the following sections for more information:

Related Topics

Token-based Authentication (TBA) for Integration Application Developers
The Three-Step TBA Authorization Flow

General Notices