OAuth 2.0 Authorization Code Grant Flow

You can use a redirection-based authorization code grant flow with OAuth 2.0. If there is no active session, users enter user credentials into one of the following login forms as a part of the flow.

• A trusted NetSuite login form

• SAML SSO Identity provider’s login form

• OIDC OpenID Connect provider’s login form

The OAuth 2.0 authorization code grant flow consists of two steps. Additionally, you can implement refresh token request, and a request to the revoke token endpoint.

• Step One GET Request to the Authorization Endpoint

• Step Two POST Request to the Token Endpoint

• Refresh Token POST Request to the Token Endpoint

• POST Request to the Revoke Token Endpoint

With the OAuth 2.0 authorization code grant flow, the application begins the process of granting the access token and refresh token by sending a GET request to the authorization endpoint. The user, to whom the access token and refresh token are to be granted, explicitly consents to the application accessing NetSuite through RESTlets, REST web services, or SuiteAnalytics Connect.

The Administrator must create an integration record for each application. See Create Integration Records for Applications to Use OAuth 2.0. The underlying application must have the ability to open a browser.

For more information, see RFC 6749.

Related Topics

• OAuth 2.0
• Create Integration Records for Applications to Use OAuth 2.0
• Managing OAuth 2.0 Authorized Applications
• OAuth 2.0 for Integration Application Developers
• OAuth 2.0 Access and Refresh Token Structure
• Troubleshooting OAuth 2.0

General Notices