define(["N/encode", "N/https", "N/crypto/certificate", "N/log"], function (encode, https, certificate, log) { function generateJWT() { const CERTIFICATE_ID = "###################"; const PRIVATE_CERTIFICATE_ID = "custcertificate_######"; const CLIENT_ID = "##################"; const ACCOUNT_ID = "######"; const SCOPE = ["restlets", "rest_webservices", "suite_analytics"].join(","); const TOKEN_URL = `https://${ACCOUNT_ID}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token`; function getTimestampInSeconds() { return Math.floor(Date.now() / 1000); // Current UTC time in seconds } const iat = getTimestampInSeconds(); const exp = iat + 300; // Set expiration to 5 minutes (300 seconds) log.debug("JWT Timestamps", { iat: iat, exp: exp }); // JWT Header const header = encode.convert({ string: JSON.stringify({ alg: "PS256", typ: "JWT", kid: CERTIFICATE_ID, }), inputEncoding: encode.Encoding.UTF_8, outputEncoding: encode.Encoding.BASE_64_URL_SAFE, }).replace(/=+$/, ""); // JWT Payload const payload = encode.convert({ string: JSON.stringify({ iss: CLIENT_ID, scope: SCOPE, aud: TOKEN_URL, exp: exp, iat: iat, }), inputEncoding: encode.Encoding.UTF_8, outputEncoding: encode.Encoding.BASE_64_URL_SAFE, }).replace(/=+$/, ""); // Sign JWT with NetSuite's Private Key const signer = certificate.createSigner({ certId: PRIVATE_CERTIFICATE_ID, algorithm: certificate.HashAlg.SHA256, }); signer.update(header + "." + payload); const signature = signer.sign({ outputEncoding: encode.Encoding.BASE_64_URL_SAFE }).replace(/=+$/, ""); const jwtToken = `${header}.${payload}.${signature}`; log.debug("Generated JWT Token", jwtToken); return jwtToken; } function getAccessToken() { try { const jwtToken = generateJWT(); const ACCOUNT_ID = "######"; const TOKEN_URL = `https://${ACCOUNT_ID}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token`; const body = `grant_type=client_credentials&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=${jwtToken}`; const headers = { "Content-Type": "application/x-www-form-urlencoded" }; log.debug("OAuth2 Request Body", body); const response = https.post({ url: TOKEN_URL, body: body, headers: headers, }); log.debug("OAuth2 Token Response", response.body); const responseBody = JSON.parse(response.body); if (responseBody.access_token) { log.debug("Access Token", responseBody.access_token); return responseBody.access_token; } else { throw new Error("Failed to retrieve access token: " + response.body); } } catch (error) { log.error("Access Token Error", error); throw error; } } return { getAccessToken: getAccessToken, }; });