Constructing the Signature for Step One of the TBA Authorization Flow

This section contains information and examples for how to construct the signature used in Step One of the TBA authorization flow.

Warning:

As of 2023.1, the support ended for the HMAC-SHA1 signature method.

The following values are used for the examples in this section:

Parameter	Value
Company ID	1234567
Role ID	45678
Consumer Key	60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5
Consumer Secret	60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5 Note: For purposes of this example, the values of Consumer Key and Consumer Secret are identical.
Nonce	bUvpxBX93OWo0FLswq5M
Timestamp	1575998103
Callback URL	https://my.example.com/TBA/?callbackRequest

Parameter

Value

Company ID

1234567

Role ID

45678

Consumer Key

60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5

Consumer Secret

60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5

Note:

For purposes of this example, the values of Consumer Key and Consumer Secret are identical.

Nonce

bUvpxBX93OWo0FLswq5M

Timestamp

1575998103

Callback URL

https://my.example.com/TBA/?callbackRequest

Signature Base String Construction for Step One

The formation for the construction of the base string is as follows:

            <base-string> = <http-request-method>&<base-string-uri>&<normalized-request-parameters>

Where:

Component	Description
http-request-method	POST
base-string-uri	https://1234567.restlets.api.netsuite.com/rest/requesttoken Note: The URI is to be encoded using the algorithm described in Encoding.
normalized-request-parameters	The following parameters to be normalized into a single string are: oauth_callback oauth_consumer_key oauth_nonce oauth_signature_method oauth_timestamp oauth_version role Note: The single string of normalized parameters is to be encoded using the algorithm described in Request Parameters Normalization.

Component

Description

http-request-method

POST

base-string-uri

https://1234567.restlets.api.netsuite.com/rest/requesttoken

Note:

The URI is to be encoded using the algorithm described in Encoding.

normalized-request-parameters

The following parameters to be normalized into a single string are:

oauth_callback
oauth_consumer_key
oauth_nonce
oauth_signature_method
oauth_timestamp
oauth_version
role

Note:

The single string of normalized parameters is to be encoded using the algorithm described in Request Parameters Normalization.

Signature Base String Example for Step One

              POST&https%3A%2F%2F1234567.restlets.api.netsuite.com%2Frest%2Frequesttoken&oauth_callback%3Dhttps%253A%252F%252Fmy.example.com%252FTBA%252F%253FcallbackRequest%26oauth_consumer_key%3D60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5%26oauth_nonce%3DbUvpxBX93OWo0FLswq5M%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1575998103%26oauth_version%3D1.0%26role%3D45678

Generating the Signature for Step One

The key for generating the signature consists of the consumer secret.

Important:

Be aware that the token secret is omitted in Step One.

              60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5

After using the algorithm described in Generating the Signature for the TBA Authorization Flow you get the following result:

              7kgwwmiAylqeMdHjCBnIUUW%2BdrDrGCbZGBkuCt39J90%3D

Final Authorization Header Example for Step One

              Authorization: OAuth realm="1234567", role="45678", oauth_consumer_key="60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5", oauth_nonce="bUvpxBX93OWo0FLswq5M", oauth_timestamp="1575998103", oauth_signature_method="HMAC-SHA256", oauth_version="1.0", oauth_callback="https%3A%2F%2Fmy.example.com%2FTBA%2F%3FcallbackRequest", oauth_signature="7kgwwmiAylqeMdHjCBnIUUW%2BdrDrGCbZGBkuCt39J90%3D"

Signature Base String Construction for Step One

Signature Base String Example for Step One

Generating the Signature for Step One

Final Authorization Header Example for Step One

Related Topics