The Request Token Structure

The JWT bearer token for the POST request to the token endpoint in OAuth 2.0 client credentials flow includes three parts: a header, a payload, and a signature.

The token header includes the following parameters:

Parameter Name

Description

typ

The value of the typ parameter is always JWT.

alg

The value of the alg parameter is PS256, PS384, PS512, ES256, ES384, or ES512.

The value you choose determines the algorithm used for signing of the token.

kid

The value of the kid parameter is the value of the Certificate ID generated during the mapping of the application. For more information, see OAuth 2.0 Client Credentials Setup.

The token payload includes the following parameters:

Parameter Name

Description

iss

The value of the iss parameter is the client ID for the integration. For more information, see Create Integration Records for Applications to Use OAuth 2.0.

scope

The value of the scope parameter is restlets, rest_webservices, suite_analytics, or all of them, separated by a comma.

aud

The value of the aud parameter is the NetSuite token endpoint, https://<accountID>.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token.

exp

The value of the exp parameter represents the number of seconds since January 1, 1970, until the token’s expiration.

The value must be less than 60 minutes greater than the value of the iat parameter.

iat

The value of the iat parameter represents when the token was issued. The value of the parameter is in seconds, since January 1, 1970.

Note:

The token’s dot-separated values are Base64 encoded.

The public part of the certificate is used to validate the signature. The private part of the same certificate is used in the kid parameter. For more information, see OAuth 2.0 Access and Refresh Token Structure.

Related Topics

General Notices