Error Messages for the TBA Authorization Flow

See the following table for information about resolving error messages for the TBA authorization flow.

Request Token Errors

Access Token Errors





The appropriate integration record could not be found.

  • If the integration record exists, verify the following:

    • Ensure the consumer key is correct.

    • If this error occurs with a currently enabled application, you can attempt resetting the credentials (obtain new credentials).


      This action might break other integrations using this application. You must update the credentials in all integrations where they are used.

    If there is no existing integration record for this application, create one. See Create Integration Records for Applications to Use TBA.


If the company ID parameter is specified in Step 1 of the TBA authorization flow, the value of the error is IntegrationBlocked.


The state of the integration record is Blocked.

Enable the application on the integration record.

To enable the app:

  1. Go to Setup > Integration > Manage Integrations.

  2. Select the appropriate integration record, and click Edit.

  3. In the State field, change Blocked to Enabled.

  4. Save the record.



The integration application does not use the TBA authorization flow.

Ensure that the TBA: Authorization Flow box is checked in the corresponding integration record. For more information, see Create Integration Records for Applications to Use TBA.



The timestamp is not in the allowed range. The timestamp of the request must be within plus or minus five (+ or – 5) minutes of the server time.

Ensure that:

  • Your computer clocks are synchronized using the NTP protocol.

  • Requests are sent soon after generating the TBA header.

  • Requests are not being queued before being sent to NetSuite.



The signature is incorrect.

See Generating the Signature for the TBA Authorization Flow for the correct method of signing a request. See also The Signature for Web Services and RESTlets.

InvalidCallback <<--callback-URL-specified-->>

The callback URL is not valid.

On the integration record, verify the callback URL and correct the request as needed.



The request is missing a required parameter.

Verify that all required parameters are included in the request. For more information, see the following topics:



The nonce was not long enough.

Nonce must be at least six characters long. An ideal nonce length is 20 characters.



The combination of nonce and timestamp has already been used by this user.

  • Ensure you generate a unique nonce for every request.

  • Do not send the same request more than one time. If you must perform the same operation, you must generate a new TBA header for each subsequent request.


The token could not be found.

Ensure that the token:

  • Is correct.

  • Is active.

  • Is a token for the correct integration application.


The entity or role is not usable.

This error may have many causes.

  • Verify that the entity and role are both active in NetSuite.

  • Verify the entity has access.

  • Verify that the role has TBA permissions.

  • Verify that the user has not made the role inactive on the user’s View My Roles page.



The Token-based Authentication feature in NetSuite is not enabled.

Enable the feature. See Enable the Token-based Authentication Feature.



Potential reasons for this error message include:

  • The algorithm used (such as HMAC-SHA1) is not supported for the TBA authorization flow.

  • The signature method is not supported.

Potential resolutions include:



The request uses an invalid value for OAuth version parameter.

The value for the OAuth version parameter must be 1.0.


The value of the oauth_verifier parameter does not match the value provided in Step Two of the TBA flow.

Ensure that the value of the oauth_verifier parameter provided to the Callback URL in the application is used during Step Three.

Related Topics

Token-based Authentication (TBA)
Token-based Authentication (TBA) Tasks for Administrators
Token-based Authentication (TBA) for Integration Application Developers
Troubleshoot Token-based Authentication (TBA)
TBA and the Login Audit Trail

General Notices