What do customers need to check when they get an HTTP Error Code 401?
For the following error detail:
* Invalid Consumer Key
* Invalid / expired Token
* Invalid signature
* Invalid / used nonce
On HTTP response errors, inspect the body for a more specific error message.
- HTTP 401 Unauthorized
- Invalid Consumer Key - Make sure that the consumer key is the same value as given on the NetSuite SuiteSignOn record (Key is case sensitive).
- Invalid / expired Token - All Solution Providers such as NetSuite do set an expiration for security reasons. Same as the Inbound SSO token, this will be expired in 15 minutes if unused. Consumer should then re-generate one.
- Invalid signature - Indicates that the request is not being signed properly.
- PLAINTEXT signature method is over SSL, basically, when requesting an Access Token, the signature should be your consumer secret followed by a url-encoded ampersand.
I.e. 36PEuJegNY47i5Qw645PjV7bQeVwG79879%26.
This is under the rule of OAuth that oauth_signature is set to the concatenated encoded values of the Consumer Secret and Token Secret, separated by a '&' character (ASCII code 38), even if either secret is empty. The result MUST be encoded again. (Resource: http://oauth.net/core)
o Invalid / used nonce - Customers are required to generate a unique nonce value for each request with the same timestamp. When NetSuite verifies a Consumer signature including nonce, it will check the request nonce to ensure it has not been used in a previous Customer request.
No comments:
Post a Comment