This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

If all I have is a token (account, client, secret, token, secret), what’s the best way to find the email and role associated with it. 

I can’t seem to get the /rest/roles endpoint to work. Is there nothing OOTB, do I have to write my own restlet?

Tried:
`<https://rest.netsuite.com/rest/roles>`

But wondering if that doesn't support TBA (only NL/User-Password)?

Getting:
```{
    "error": {
        "code": "UNEXPECTED_ERROR",
        "message": "An unexpected error has occurred."
    }
}```
Wouldn't rule out a dumb mistake.

<https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/section_4757870223.html#bridgehead_4757929062>

The "Authentication" page from above states:
&gt; Each call to the REST roles service must include an NLAuth authorization header.
So thinking I'm SOL on that approach?

yeah you can't do that. if you could do that, it would be a massive security violation.

are you just trying to be able to make a rest call?

How would that be a security violation?

No - I'm just trying to construct a connection string to the SuiteAnalytics Connect using TBA. It requires the UserId and RoleId, in addition to the traditional TBA fields.

you could use it to find out that a certain client exists and what they're capable of, and it would be open to the world

Well, I'd only expect it to return the "self info" if the token auth is correct.

yeah I dunno how to do that then. the user/role should just be set up in netsuite though. can't you look that up and hardcode it?

I have a TBA token info. Works fine, can call restlets and REST Web Services just fine. But I haven't historically collected the UserId and RoleId associated with that token. NetSuite knows what it is. I'm just trying to find a way to query to get it based on the Token.

So yes, going forward, I could required that info to be provided at the time the token info is provided.

But just seems nice to be able to determine it on-the-fly.

Well, just read that actually I use *TBA* as the userid when using TBA.
<https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/article_163239887396.html>

So may not need this info after all (which makes sense when using TBA).

ah ok. yeah I thought that was a weird addition to the auth headers

You could use the token info to make a request, like find a sales order, then check the login audit trail to see what user and role just connected.

Yea, was wanting to make the determination programatically. Not needing manual UI access.


Can close out this thread though. My entire motivation was to use SuiteAnalytics Connect with TBA. Turns out you don't need the userid or role id in that scenario.

FYI there is a tokeninfo endpoint that you can use for this

<https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/chapter_157017286140.html#bridgehead_4718676594|NetSuite Applications Suite>

`https://&lt;accountID&gt;.<http://restlets.api.netsuite.com/rest/tokeninfo|restlets.api.netsuite.com/rest/tokeninfo>`

Yes! Thanks <@U29QCJQF3> !
I knew there had to be something for this, but couldn't track it down for the life of me.