Subscribe
By Fedrianto Ramadhan in notes

Netsuite header login

I think this was the one that takes longer, instead of the others, there are not many examples about this, and most are in javascript and the most of examples or packages are not rest but soap, so to get this working I had to use postman to make OAuth 1, where you put in add auth data to the header, realm Netsuite id then add all required consumer token, etc.

$httpMethod = "POST";
$script = "xx";
$accountID = 'xxxxxx-sb1';
$realm = "xxxxxx_SB1";
$url = 'https://'.$accountID.'.restlets.api.netsuite.com/app/site/hosting/restlet.nl';
    $url_params = "?script=$script&deploy=1"; 
    $ckey = "xxxxxxxxxxxx"; //Consumer Key
    $csecret = "xxxxxxxxxxxx"; //Consumer Secret
    $tkey = "xxxxxxxxxxxx"; //Token ID
    $tsecret = "xxxxxxxxxxxx"; //Token Secret    
    $timestamp= time();
    $nonce=  uniqid(mt_rand(1, 1000));
    $baseString = $httpMethod . '&' . rawurlencode($url) . "&"
    . rawurlencode("deploy=1&oauth_consumer_key=" . rawurlencode($ckey)
        . "&oauth_nonce=" . rawurlencode($nonce)
        . "&oauth_signature_method=HMAC-SHA256"
        . "&oauth_timestamp=" . rawurlencode($timestamp)
        . "&oauth_token=" . rawurlencode($tkey)
        . "&oauth_version=1.0"
        . "&script=" . rawurlencode($script) 
    );
    $key = rawurlencode($csecret) . '&' . rawurlencode($tsecret);
    $signature = rawurlencode(base64_encode(hash_hmac('sha256', $baseString, $key, true)));
    $curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://xxxxxxx-sb1.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=xx&deploy=x',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS =>'{
    "customform": xx,
    "itemid": "xxxxxx xxxxxx xxxxx xxxx",
}',
  CURLOPT_HTTPHEADER => array(
    'Content-Type: application/json',
    'Authorization: OAuth realm="xxxxxxx_SB1",oauth_consumer_key="xxxxx",oauth_token="xxxxxxxx",oauth_signature_method="HMAC-SHA256",oauth_timestamp="'.time().'",oauth_nonce="'.$nonce.'",oauth_version="1.0",oauth_signature="'.$signature.'"'
  ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;

The main point is that nonce no need to be that fancy just some random number, and the time is a timestamp, uses sha256.

Subscribe to You Live What You Learn

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe