The IssueToken Endpoint

Available in NetSuite since 2015.1, the issuetoken endpoint is a programmatic method for creating tokens. The issuetoken authentication mechanism enables client applications to access NetSuite APIs using a token, significantly reducing the risk of compromising user credentials.

If you decide to use TBA for new integrations, you should use the TBA authorization flow. Developers of existing integrations currently using the issuetoken endpoint should consider migrating the integration to the authorization flow. See The Three-Step TBA Authorization Flow for more information.


Whether using The Three-Step TBA Authorization Flow, or calling The IssueToken Endpoint, an integration record is created and automatically installed in your account. The Require Approval during Auto-Installation of Integration preference affects whether this new record is automatically enabled. You can manage the preference at Setup > Integration > SOAP Web Services Preferences. If the Require Approval during Auto-Installation of Integration box is not checked (set to false) the State field on the new application is automatically set to Enabled, and all requests are permitted. However, if the box is checked (set to true) the State field on the new integration record is set to Waiting for Approval. In the latter case, you must manually edit the record and set the State to Enabled. Until you set the state to Enabled, all requests sent by that application are blocked.

See the following sections for more information:

Related Topics

Token-based Authentication (TBA) for Integration Application Developers
The Three-Step TBA Authorization Flow

General Notices