Step One Obtain An Unauthorized Request Token
The application sends a POST request to the request token endpoint. Include the necessary parameters in the authorization header.
The format of the URL is:
https://<accountID>.restlets.api.netsuite.com/rest/requesttoken
where <accountID> is a variable for your NetSuite account ID.
You should use the account-specific domain URL as shown. However, as of 2020.1, if you do not know the account ID, requests can be sent to the system.netsuite.com
domain.
See the following header for details.
Request Header Parameters in the Authorization Header for Step One
OAuth Authorization Header Parameter |
Description |
---|---|
oauth_consumer_key |
|
oauth_signature_method |
Only HMAC-SHA256 is supported. |
oauth_signature |
For more information about constructing a signature, see Constructing the Signature for Step One of the TBA Authorization Flow. See also Specifications for Signature Construction for the TBA Authorization Flow. |
oauth_timestamp |
|
oauth_nonce |
|
oauth_version |
|
oauth_callback |
|
realm |
|
role |
|
Refer to RFC 5849 if you need more information about the parameters oauth_timestamp, oauth_nonce, and oauth_version.
The HTTP Response Parameters for Step One
When an authorization request is successfully verified, the following HTTP response is returned:
Response Parameter |
Description |
---|---|
oauth_token |
An unauthorized request token, which should be authorized by the application in Step Two of the flow. |
oauth_token_secret |
The corresponding token secret, to be used for signature creation in Step Three of the flow. |
oauth_callback_confirmed |
Response must be true, if the request verification was successful. |
role |
The role parameter is present in the response only if configured in the request. |
When you have the HTTP response, proceed to Step Two Authorize the Request Token.
Related Topics
- Token-based Authentication (TBA)
- Token-based Authentication (TBA) for Integration Application Developers
- The Three-Step TBA Authorization Flow
- Specifications for Signature Construction for the TBA Authorization Flow
- Generating the Signature for the TBA Authorization Flow
- Troubleshoot Token-based Authentication (TBA)