This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

```I am trying to create a token based on TBA authorization flow. Has anyone here managed to get past step 1 and get the unauthorized token?```


```I have tried to implement the entire process of the first step by scrupulously following the NetSuite documentation but for some reason the signature that I generate does not seem to be correct since in the Login Audit Trail it always returns the error "InvalidSing". Could you help me with this ?```


And I build the signature in a pre-request script

const normalized_request_parameters *=* encodeRFC5849(
    [
        //`oauth_callback=${oauth_callback}`,
        `oauth_consumer_key=${oauth_consumer_key}`,
        `oauth_nonce=${oauth_nonce}`,
        `oauth_signature_method=${oauth_signature_method}`,
        `oauth_timestamp=${oauth_timestamp}`,
        `oauth_token=${oauth_token_secret}`,
        `oauth_version=${oauth_version}`,
//        `role=${role}`
    ].*join*('&amp;')
)

let signature_base_string *=* [
    base_string_uri,
    normalized_request_parameters
 ].*join*('%26')
 signature_base_string *=* http_request_method.*toUpperCase*()*+*'%'*+*signature_base_string

 console.*log*('signature_base_string:', signature_base_string)


const signature_key *=* [
    oauth_consumer_secret,
    oauth_token_secret
].*join*('&amp;')

console.*log*( 'signature_key', signature_key)

const oauth_signature *=*  CryptoJS.HmacSHA256( signature_base_string, signature_key ).*toString*(CryptoJS.enc.Base64)

console.*log*( 'oauth_signature', oauth_signature )

//role="${role}",
const Authorization *=* `${secureProtocol} realm="${realm}", oauth_callback="${oauth_callback}", oauth_consumer_key="${oauth_consumer_key}", oauth_nonce="${oauth_nonce}", oauth_signature_method="${oauth_signature_method}", oauth_signature="${oauth_signature}", oauth_timestamp="${oauth_timestamp}", oauth_version="${oauth_version}"`

pm.collectionVariables.*set*("Authorization", Authorization);

usual answer for javascript is to use <https://www.npmjs.com/package/oauth-1.0a>

```Have you ever used this package in node.js? Has it worked for you?```


```As the documentation indicates, is this end-point (http://{{ACCOUNT_ID}}.<http://restlets.api.netsuite.com/rest/requesttoken)|restlets.api.netsuite.com/rest/requesttoken)> correct to obtain the unauthorized token?```


only the domain for production is the same as the account id

<https://system.netsuite.com/app/common/otherlists/company.nl?selectedtab=companyurls|Company URLs> has the url you are supposed to use

if you plan on doing it programmatically, then you should be using <https://system.netsuite.com/app/help/helpcenter.nl?fid=article_7094653807.html|Dynamic Discovery of URLs>

Yes, I know. I'm working in a Sandbox and the domain begins "xxxxxxx_sb1". But I'm not sure if "/rest/requesttoken" it's correct to request the unauthorized token.