24-hour Test Window for HMAC-SHA1 Deprecation for Integrations Using Token-based Authentication (TBA) NetSuite Account ID: ************** You are receiving this notification because you use the Token-based Authentication (TBA) feature in your account for integrations that use HMAC-SHA1 as a signature method. As of NetSuite 2021.2, the use of HMAC-SHA1 will be deprecated. Before your account is upgraded to 2021.2, you must change your integrations to use HMAC-SHA256 as the signature method. What is Changing? When your account is upgraded to NetSuite 2021.2, any integrations that use the Token-based Authentication (TBA) feature with HMAC-SHA1 as a signature method will stop working. This limitation applies to all integrations in your account, including integrations from third-party solution providers. Upgrades to NetSuite 2021.2 are targeted to occur between August and October of 2021. What Will Happen During this Test Window? The upcoming 24-hour test window will enable you to see the effects on your account of deprecation of the HMAC-SHA1 signature method for TBA. During the test window, the HMAC-SHA1 signature method will be disabled and integrations using it will stop working. The 24-hour test window will begin on Tuesday, June 22, 2021 at 12:00 a.m. PDT. Local Time Conversion Chart Region Start Time and Date End Time and Date North America 12 a.m. PDT* Tuesday, June 22 12 a.m. PDT Wednesday, June 23 Europe 9 a.m. CEST* Tuesday, June 22 9 a.m. CEST Wednesday, June 23 Asia Pacific 3 p.m. HKT* Tuesday, June 22 3 p.m. HKT Wednesday, June 23 *PDT (Pacific Daylight Time = UTC -7) *CEST (Central European Summer Time = UTC +2) *HKT (Hong Kong Time = UTC +8) After the test window ends, integrations using the HMAC-SHA1 signature method will resume working. Required Actions Update your TBA integrations to use the HMAC-SHA256 signature method. If you use any integrations provided by a third party, you must inform the third party that HMAC-SHA1 will no longer be supported as a signature method for TBA in NetSuite. The third party must provide you with an updated solution before the NetSuite 2021.2 release. You must update the authorization header to use HMAC-SHA256. The value of the oauth_signature_method parameter must be changed from HMAC-SHA1 to HMAC-SHA256, and the value of the oauth_signature parameter also must change accordingly. For more information, see the help topic Example OAuth Header (SuiteAnswers, ID 50996). If you are using a library for signing, you must check whether the library supports HMAC-SHA256. If the library you are using does not support HMAC-SHA256, you must either update the library to use HMAC-SHA256, or start using another library that supports HMAC-SHA256. There will be another 72-hour test window scheduled in July. If you require assistance or more information, please contact NetSuite Customer Support. Thank you, The Oracle NetSuite Team