Constructing the Signature for Step One of the TBA Authorization Flow
This section contains information and examples for how to construct the signature used in Step One of the TBA authorization flow.
As of 2023.1, the support ended for the HMAC-SHA1 signature method.
The following values are used for the examples in this section:
Parameter |
Value |
---|---|
Company ID |
1234567 |
Role ID |
45678 |
Consumer Key |
60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5 |
Consumer Secret |
60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5
Note:
For purposes of this example, the values of Consumer Key and Consumer Secret are identical. |
Nonce |
bUvpxBX93OWo0FLswq5M |
Timestamp |
1575998103 |
Callback URL |
https://my.example.com/TBA/?callbackRequest |
Signature Base String Construction for Step One
The formation for the construction of the base string is as follows:
<base-string> = <http-request-method>&<base-string-uri>&<normalized-request-parameters>
Where:
Component |
Description |
---|---|
http-request-method |
POST |
base-string-uri |
https://1234567.restlets.api.netsuite.com/rest/requesttoken
Note:
The URI is to be encoded using the algorithm described in Encoding. |
normalized-request-parameters |
The following parameters to be normalized into a single string are:
Note:
The single string of normalized parameters is to be encoded using the algorithm described in Request Parameters Normalization. |
Signature Base String Example for Step One
POST&https%3A%2F%2F1234567.restlets.api.netsuite.com%2Frest%2Frequesttoken&oauth_callback%3Dhttps%253A%252F%252Fmy.example.com%252FTBA%252F%253FcallbackRequest%26oauth_consumer_key%3D60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5%26oauth_nonce%3DbUvpxBX93OWo0FLswq5M%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1575998103%26oauth_version%3D1.0%26role%3D45678
Generating the Signature for Step One
The key for generating the signature consists of the consumer secret.
Be aware that the token secret is omitted in Step One.
60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5
After using the algorithm described in Generating the Signature for the TBA Authorization Flow you get the following result:
7kgwwmiAylqeMdHjCBnIUUW%2BdrDrGCbZGBkuCt39J90%3D
Final Authorization Header Example for Step One
Authorization: OAuth realm="1234567", role="45678", oauth_consumer_key="60712990bc09623786e7047c226bcb3f86d49dca0b04efc21001dc76d97a81f5", oauth_nonce="bUvpxBX93OWo0FLswq5M", oauth_timestamp="1575998103", oauth_signature_method="HMAC-SHA256", oauth_version="1.0", oauth_callback="https%3A%2F%2Fmy.example.com%2FTBA%2F%3FcallbackRequest", oauth_signature="7kgwwmiAylqeMdHjCBnIUUW%2BdrDrGCbZGBkuCt39J90%3D"
Related Topics
- Token-based Authentication (TBA)
- Token-based Authentication (TBA) for Integration Application Developers
- The Three-Step TBA Authorization Flow
- Token-based Authentication (TBA) Tasks for Administrators
- Troubleshoot Token-based Authentication (TBA)
- Specifications for Signature Construction for the TBA Authorization Flow