OAuth2 / REST related questions
We are able to get an access_token and refresh_token via the OAuth2 flow
- We are not able to refresh an access token (we always receive
invalid_request
):
curl -X POST -H “Content-Type: application/x-www-form-urlencoded” -d “grant_type=refresh_token&refresh_token=XXXX&client_id=XXX&client_secret=XXXX” https://REDACTED-sb1.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token {“error”:”invalid_request”}
2. Is it possible to fetch invoice documents (like an invoice pdf) via the REST API?
3. How to refresh a refresh_token? It seems to expire after 7 days?
4. In our other OAuth applications we can use 1 integration/application that we register as a company. We can use the same client_id
and client_secret
and the same authorization + token urls for ALL our clients, it seems this is not possible for Netsuite?Thank you very much in advance.
We also have the same question as https://netsuiteprofessionals.com/question/can-oauth-2-0-be-used-for-long-term-integrations/
“From what I’ve been able find in the Netsuite documentation, it seems that Netsuite’s implementation of OAuth 2.0 requires a manual re-authentication every 7 days when the refresh token expires. Is there any way to get around this limitation? I would like to be able to automate the retrieval of new refresh tokens so that an administrator only needs to set up the integration’s authentication once and the software integrating to Netsuite handles the rest.”
Thanks in advance
A couple of answers from @battk from slack:
At the moment the only open questions are:
-
- Is it possible to fetch invoice documents (like an invoice pdf) via the REST API?
- In other OAuth applications we can use 1 integration/application that we register as a company. We can use the same
client_id
andclient_secret
and the same authorization + token urls for ALL our clients, it seems this is not possible for Netsuite?
Thank you very much in advance.
Has anyone been able to solve this? We have an OAuth flow implemented but the refresh tokens stop working after a week. A human must go in and re-auth. This is not standard for systems integration flows.
Has anyone come up with a solution?
Thanks