SOAP – HMAC signature – TBA Token-Based Authentication – How to generate the signature?

Hi all,


i have a problem to generate the signature for the SOAP Call via TBA authentication

  • ConsumerKey and ConsumerSecret is done/valid/recreated many time
  • AccessToken and AccessToken is done/valid/recreated
  • Role is done and User have this role

I See the requests in NetSuite in the “SetupManager->Users/Role->Login Audit Trail Search” menue. The detail says always “Status: failed, Detail:invalidSignature”.


So I try to find the correct calculation of the signature. First way is the documentation of NetSuite ->

But with the information on the documentation they got the signature “fzGxUBu6SZvGqv5hk8P4ou2DPthSxXtJ4zJIeCBQK5A=” in the documentation with following datas:

<ns:tokenPassport soap:actor=”” soap:mustUnderstand=”0″ xmlns:ns=””>
<ns:signature algorithm=”HMAC_SHA256″>fzGxUBu6SZvGqv5hk8P4ou2DPthSxXtJ4zJIeCBQK5A=</ns:signature>

consumerSecret = “7278da58caf07f5c336301a601203d10a58e948efa280f0618e25fcee1ef2abd”

tokenSecret = “060cd9ab3ffbbe1e3d3918e90165ffd37ab12acc76b4691046e2d29c7d7674c2”


I tried many options in creating a signature, but never got the “fzGxUBu6SZvGqv5hk8P4ou2DPthSxXtJ4zJIeCBQK5A=” back!


Data for signature request = “1234567&71cc02b731f05895561ef0862d71553a3ac99498a947c3b7beaf4a1e4a29f7c4&89e08d9767c5ac85b374415725567d05b54ecf0960ad2470894a52f741020d82&6obMKq0tmY8ylVOdEkA1&1439829974”

Key for signature request = “7278da58caf07f5c336301a601203d10a58e948efa280f0618e25fcee1ef2abd060cd9ab3ffbbe1e3d3918e90165ffd37ab12acc76b4691046e2d29c7d7674c2”


But I tried many online HMAC generation tools and they gave me another signature back. Also  my programming function, which I use, gives mit different values back. “142821219a9735eb6e658f082d63851f4b9c75fcd03a602e2feabe905db5ccfb” and in base64 “FCghIZqXNetuZY8ILWOFH0ucdfzQOmAuL+q+kF21zPs=”

Is the documentation wrong, or which options I have to choose in creating the signature?

Can anybody help me and give me a feedback “documentation is right/wrong”?

many thanks for all, which tries to help



Rookie Asked on March 26, 2024 in SuiteTalk.
Add Comment
1 Answer(s)

Hi Armin,

This is always really difficult to debug.

Perhaps the best help I can provide is a Postman Pre-Request script that I know to work:

const account_id = pm.environment.get(‘account_id’).toUpperCase();

const realm = pm.environment.get(‘realm’);
const consumer_key = pm.environment.get(‘consumer_key’);
const consumer_secret = pm.environment.get(‘consumer_secret’);
const token = pm.environment.get(‘token’);
const token_secret = pm.environment.get(‘token_secret’);

const nonce = Math.random().toString().substring(2);
const timestamp = Math.floor( / 1000);

const base_string = account_id + ‘&’ + consumer_key + ‘&’ + token + ‘&’ + nonce + ‘&’ + timestamp;

console.log(‘base_string’, base_string)

const signing_key = consumer_secret + ‘&’ + token_secret;

console.log(‘signing_key’, signing_key)

const signature = CryptoJS.HmacSHA256(base_string, signing_key).toString(CryptoJS.enc.Base64);

pm.variables.set(‘nonce’, nonce);
pm.variables.set(‘timestamp’, timestamp);
pm.variables.set(‘signature’, signature);

console.log(‘signature’, signature)

Please let me know if you need any further assistance.



Intermediate Answered on April 2, 2024.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.
  • This site made possible by our sponsors:   Tipalti   Celigo   Become a Sponsor   Become a Sponsor