Create Your Own Test Window for HMAC-SHA1 in TBA Integrations

Using the HMAC-SHA1 signature method for Token-based Authentication (TBA) integrations is no longer considered best practice. To help you prepare for the end of support in the future, you can temporarily disable the HMAC-SHA1 signature method for TBA in your production account. Disabling HMAC-SHA1 temporarily lets you test your TBA integrations to verify that they are not using the HMAC SHA1 signature method.

Note:

Support ended on July 30, 2021 for the HMAC-SHA1 signature method for TBA integrations in all non-production accounts, such as sandbox, Test Drive, development accounts, and Release Preview accounts.

To complete the following procedure, you must be logged in to NetSuite with an Administrator role or in another role that has the Enable Features permission.

To temporarily disable HMAC-SHA1 for TBA in your NetSuite production account:

  1. Go to Setup > Company > Enable Features.

  2. Click the SuiteCloud tab, and scroll down to the Manage Authentication section.

  3. Check the Disable HMAC-SHA1 for Token-based Authentication box.

  4. Click Save.

To re-enable HMAC-SHA1 for TBA, clear the Disable HMAC-SHA1 for Token-based Authentication box, and click Save.

Important:

You must update any TBA integrations to use HMAC-SHA256 for the signature method before the end of support that will be announced later.

For more information, see The Signature for Web Services and RESTlets.

Related Topics

Token-based Authentication (TBA)
Token-based Authentication (TBA) for Integration Application Developers
Troubleshoot Token-based Authentication (TBA)
Specifications for Signature Construction for the TBA Authorization Flow
Generating the Signature for the TBA Authorization Flow

General Notices