Step Two Authorize the Request Token

The application sends a GET request to the user authorization endpoint. Include the oauth_token parameter obtained in the response in Step One.

The format of the URL is:

https://<accountID>.app.netsuite.com/app/login/secure/authorizetoken.nl?oauth_token=da9eba68ac7c1995bcdcb5f035f5b64df79dbc6e4db305064aa63eaa7bf35111

where <accountID> is a variable for your NetSuite account ID.

Note:

You should use the account-specific domain URL as shown. However, as of 2020.1, if you do not know the account ID, requests can be sent to the system.netsuite.com domain.

Redirect Parameters for Step Two

The user is redirected to the oauth_callback URL (from Step One), with the oauth_token and the oauth_verifier parameters.

The following is an example of a redirect:

            https://my.example.com/TBA/?callbackRequest&oauth_token=da9eba68ac7c1995bcdcb5f035f5b64df79dbc6e4db305064aa63eaa7bf35111&oauth_verifier=111e630079c0222cf59cf18410e9939c848507457d7010003db01e63fa42abcd&company=1234567&role=3&entity=38 

          

Parameter

Description

oauth_token

An authorized request token to be used in Step Three.

oauth_verifier

An attribute to be used in Step Three.

company

NetSuite account ID (company identifier).

role

Indicates the role for which to grant the access token.

entity

The entity ID of a successfully authenticated system user.

state

If the optional state parameter value does not match the value originally passed to NetSuite, the client should not trust the request or redirect.

When the application has handled the callback URL, proceed to Step Three: Step Three Exchange the Request Token for an Access Token.

Related Topics

Token-based Authentication (TBA)
Token-based Authentication (TBA) Tasks for Administrators
Generating the Signature for the TBA Authorization Flow
Troubleshoot Token-based Authentication (TBA)
Troubleshoot Token-based Authentication (TBA)

General Notices