NetSuite 2022.1 includes the following enhancements to authentication features:

End of Support for HMAC-SHA1 Signature Method for TBA Postponed

The end of support for the HMAC-SHA1 signature method for the Token-based Authentication (TBA) feature has been postponed. Previously, the end of support was targeted for NetSuite 2022.1. The new target date for the end of support will be announced later. Even though the end of support has been delayed, you should update your integrations to use HMAC-SHA256 as soon as possible.

After the end of support, any integrations using the TBA feature with HMAC-SHA1 as a signature method will stop working. The end of support and the request to change the signature method to HMAC-256 also applies to third-party integrations.

You must use the HMAC-SHA256 signature method to create new integrations for use with TBA.

Before the end of support, you must update your authorization header to use HMAC-SHA256. To update the authorization header, change the values of the oauth_signature_method parameter and the oauth_signature parameter to HMAC-SHA256.

For more information, see the following help topics:


If you are using a library for signing, verify that the library supports HMAC-SHA256, and if needed, update to a library with HMAC-SHA256 support.

General Notices