OAuth 2.0 Code or Client Grant Flow for Website showing billing information?

I am a Developer upgrading an older OAuth 1.0 TBA setup to OAuth 2.0 without the TBA.

Now I have on the Sandbox, the Client Credentials Flow working, except with the refresh token expiring every seven days, I can’t create a backend script that somehow opens a Session on NetSuite (by login into NetSuite?), redirects the URL and gets the code parameter value so I can finally generate a new refresh token. All that so a customer can view their billing information online? That seems extreme and not secure.

Is there something I am missing on the whole token refresh? How to set up the first step of the Client Credentials Flow without doing the Session login?

Or am I just using the wrong  Flow, and should I go with the OAuth 2.0 Client Credentials Flow?

Some clarity on this would be greatly appreciated.



Rookie Asked on January 8, 2023 in SuiteTalk.
Add Comment
1 Answer(s)


What you describe sounds more like the standard OAuth flow rather than the Client Credentials M2M flow.

Is this definitely the method you’re using:

If so, you shouldn’t need user intervention or refresh token.



Intermediate Answered on January 13, 2023.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.
  • This site made possible by our sponsors:   Tipalti   Celigo   Become a Sponsor   Become a Sponsor