[bcarroll]

Hello,

We use the SuiteTalk web services SOAP API to interface directly with NetSuite. I’m refactoring our local integration to use Token Based Authentication and I’m running into what I consider to be a weird response from NetSuite; “You do not have permission to access web services feature.” Why this is weird is because the token is mapped to the same user that we’ve been using for the better part of a year to access NetSuite via the web API.

This is what I’ve done to set up TBA:Created a new integration
Created a new role, TBA User, added the “Log in using Access Tokens” permission to the role, and added that role to the current web services user
Created a new access token, mapped to the user in 2
Spiked a C# project with a web reference to the 2015_2 web service endpoint, I’ve attempted to create the session as follows:

Code:
NetSuiteService service = new NetSuiteService();
service.Timeout = 1000 * 60 * 60 * 2;
service.CookieContainer = new System.Net.CookieContainer();

string accountId = “*****”;
string consumerKey = “*****”;
string tokenKey = “*****”;
string nonce = “*****”;
long timestamp = (long)(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds;

string basestring = string.Format(“{0}&{1}&{2}&{3}&{4}”,
accountId,
consumerKey,
tokenKey,
nonce,
timestamp);

string consumerSecret = “*****”;
string tokenSecret = “*****”;

string key = string.Format(“{0}&{1}”,
consumerSecret,
tokenSecret);

// compute the hash
string signature;
using (HMACSHA1 sha1 = new HMACSHA1())
{
sha1.Key = Encoding.UTF8.GetBytes(key);
var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(basestring));

signature = Convert.ToBase64String(hash);
}

TokenPassportSignature sig = new TokenPassportSignature
{
algorithm = “HMAC-SHA1”,
Value = signature
};

TokenPassport tokenPassport = new TokenPassport
{
account = accountId,
consumerKey = consumerKey,
nonce = nonce,
signature = sig,
timestamp = timestamp,
token = tokenKey
};

service.tokenPassport = tokenPassport;

GetServerTimeResult result = service.getServerTime();
The “You do not have permission to access web services feature” SOAP fault is thrown at the line “GetServerTimeResult result = service.getServerTime();”. Does anyone have any ideas what might be the problem? I’m completely stumped. I’ve double-checked that the user is still in the list of web service users and that permissions haven’t changed. Have I missed something in how TBA is set up? Is the TokenPassportSignature object correct?

Note that if I revert to the old 2015_1 API and revert to using the old authentication scheme I can connect with no issue.

I appreciate all help.

Thanks!

_Bryan
This is a cached copy. Click here to see the original post.

[mjj]

Hi Bryan,

Did you ever figure this out?

Did you check “Token-Based Authentication” option on the integration? The nonce will need to be unique for each request. You also shouldn’t need a cookie container for token-based authentication.

Good luck!

[JETannenbaum]

Hi Bryan,

I just started looking into this myself. My first attempt was to upgrade an existing application to use the 2015_2 API. I got a strange error about a missing application id. I looked into it and found that I needed to add an application id to my NetSuiteService (see link). Once I created the application id and added it to the service variable, my application was able to communicate with our NetSuite instance. I noticed that your sample code does not set service.applicationInfo.

Hope that helps,

Jet

[JETannenbaum]

Hi Bryan,

Another update… No application id is needed for the TBA, so scratch that. As mjj noted, the nonce needs to be unique with each requests, as does the time stamp. I got my application running, and it looks similar to your application. I did find that the permissions were tighter when I used TBA.

Jet

[Author]

Posts