Step Two Authorize the Request Token

The application sends a GET request to the user authorization endpoint. Include the oauth_token parameter obtained in the response in Step One.

The format of the URL is:

https://<accountID>.app.netsuite.com/app/login/secure/authorizetoken.nl?oauth_token=da9eba68ac7c1995bcdcb5f035f5b64df79dbc6e4db305064aa63eaa7bf35111&state=nnbs6b8n0zjlmhrlisv

where <accountID> is a variable for your NetSuite account ID.

The state parameter is optional. Maximum length is 512 characters. Valid alpha-numeric characters are upper- and lowercase letters (a-z, A-Z), and numbers 0–9. For more information, see RFC 6749, Section 4.1.1.

Note:

You should use the account-specific domain URL as shown. However, as of 2020.1, if you do not know the account ID, requests can be sent to the system.netsuite.com domain.

The user is authenticated. If there is no active NetSuite session, the user is first redirected to the NetSuite login form. If the GET request points to an account-specific domain, for an account with SAML SSO or OIDC enabled, the user can be redirected to a third party application.
After successful authentication, a consent page appears. The user can click Allow to give permission for the generation of the access token, which occurs in Step Three.

Note:
If the user clicks Deny, the authorization flow ends. The application should display an error message to the user. Clicking Deny is one reason for an empty oauth_verifier parameter in the response to Step Two.
If the authenticated user is logged in to an inappropriate role, the user can choose the appropriate role by selecting Change Role on the Consent page.

Redirect Parameters for Step Two

The user is redirected to the oauth_callback URL (from Step One), with the oauth_token and the oauth_verifier parameters.

The following is an example of a redirect:

            https://my.example.com/TBA/?callbackRequest&oauth_token=da9eba68ac7c1995bcdcb5f035f5b64df79dbc6e4db305064aa63eaa7bf35111&oauth_verifier=111e630079c0222cf59cf18410e9939c848507457d7010003db01e63fa42abcd&company=1234567&role=3&entity=38&state=nnbs6b8n0zjlmhrlisv

Parameter	Description
oauth_token	An authorized request token to be used in Step Three.
oauth_verifier	An attribute to be used in Step Three.
company	NetSuite account ID (company identifier).
role	Indicates the role for which to grant the access token.
entity	The entity ID of a successfully authenticated system user.
state	If the optional state parameter value does not match the value originally passed to NetSuite, the client should not trust the request or redirect.

Parameter

Description

oauth_token

An authorized request token to be used in Step Three.

oauth_verifier

An attribute to be used in Step Three.

company

NetSuite account ID (company identifier).

role

Indicates the role for which to grant the access token.

entity

The entity ID of a successfully authenticated system user.

state

If the optional state parameter value does not match the value originally passed to NetSuite, the client should not trust the request or redirect.

When the application has handled the callback URL, proceed to Step Three: Step Three Exchange the Request Token for an Access Token.

Redirect Parameters for Step Two

Related Topics