Error Messages for the TBA Authorization Flow

Warning:

As of 2027.1, no new integrations using TBA can be created for SOAP web services, REST web services, and RESTlets. Existing integrations will continue working. Use OAuth 2.0 for new RESTlets and REST web services integrations. For more information, see OAuth 2.0.

See the following table for information about resolving error messages for the TBA authorization flow.

Request Token Errors	Access Token Errors	Problem	Resolution
UnknownIntegration	UnknownIntegration	The appropriate integration record could not be found.	If the integration record exists, verify the following: Ensure the consumer key is correct. If this error occurs with a currently enabled application, you can attempt resetting the credentials (obtain new credentials). Important: This action might break other integrations using this application. You must update the credentials in all integrations where they are used. If there is no existing integration record for this application, create one. See Create Integration Records for Applications to Use TBA.
- Note: If the company ID parameter is specified in Step 1 of the TBA authorization flow, the value of the error is IntegrationBlocked.	IntegrationBlocked	The state of the integration record is Blocked.	Enable the application on the integration record. To enable the app: Go to Setup > Integration > Manage Integrations. Select the appropriate integration record, and click Edit. In the State field, change Blocked to Enabled. Save the record.
AuthorizationFlowRequired	AuthorizationFlowRequired	The integration application does not use the TBA authorization flow.	Ensure that the TBA: Authorization Flow box is checked in the corresponding integration record. For more information, see Create Integration Records for Applications to Use TBA.
InvalidTimestamp	InvalidTimestamp	The timestamp is not in the allowed range. The timestamp of the request must be within plus or minus five (+ or - 5) minutes of the server time.	Ensure that: Your computer clocks are synchronized using the NTP protocol. Requests are sent soon after generating the TBA header. Requests are not being queued before being sent to NetSuite.
InvalidSignature	InvalidSignature	The signature is incorrect.	See Generating the Signature for the TBA Authorization Flow for the correct method of signing a request. See also The Signature for Web Services and RESTlets.
InvalidCallback <<--callback-URL-specified-->>	-	The callback URL is not valid.	On the integration record, verify the callback URL and correct the request as needed.
MissingRequiredParameter	MissingRequiredParameter	The request is missing a required parameter.	Verify that all required parameters are included in the request. For more information, see the following topics: Step One Obtain An Unauthorized Request Token for Step One of the TBA flow. Step Three Exchange the Request Token for an Access Token for Step Three of the TBA flow.
NonceRejected	NonceRejected	The nonce was not long enough.	Nonce must be at least six characters long. An ideal nonce length is 20 characters.
NonceUsed	NonceUsed	The combination of nonce and timestamp has already been used by this user.	Ensure you generate a unique nonce for every request. Do not send the same request more than one time. If you must perform the same operation, you must generate a new TBA header for each subsequent request.
-	TokenRejected	The token could not be found.	Ensure that the token: Is correct. Is active. Is a token for the correct integration application.
-	EntityOrRoleDisabled	The entity or role is not usable.	This error may have many causes. Verify that the entity and role are both active in NetSuite. Verify the entity has access. Verify that the role has TBA permissions. Verify that the user has not made the role inactive on the user's View My Roles page.
FeatureDisabled	FeatureDisabled	The Token-based Authentication feature in NetSuite is not enabled.	Enable the feature. See Enable the Token-based Authentication Feature.
UnknownAlgorithm	UnknownAlgorithm	Potential reasons for this error message include: The algorithm used (such as HMAC-SHA1) is not supported for the TBA authorization flow. The signature method is not supported.	Potential resolutions include: Only the HMAC-SHA256 algorithm is supported for the TBA authorization flow See Generating the Signature for the TBA Authorization Flow for the correct method of signing a request.
VersionRejected	VersionRejected	The request uses an invalid value for OAuth version parameter.	The value for the OAuth version parameter must be 1.0.
-	InvalidVerifier	The value of the oauth_verifier parameter does not match the value provided in Step Two of the TBA flow.	Ensure that the value of the `oauth_verifier` parameter provided to the Callback URL in the application is used during Step Three.

Request Token Errors

Access Token Errors

Problem

Resolution

UnknownIntegration

The appropriate integration record could not be found.

If the integration record exists, verify the following:
- Ensure the consumer key is correct.
- If this error occurs with a currently enabled application, you can attempt resetting the credentials (obtain new credentials).
  
  Important:
  This action might break other integrations using this application. You must update the credentials in all integrations where they are used.
If there is no existing integration record for this application, create one. See Create Integration Records for Applications to Use TBA.

Note:

If the company ID parameter is specified in Step 1 of the TBA authorization flow, the value of the error is IntegrationBlocked.

IntegrationBlocked

The state of the integration record is Blocked.

Enable the application on the integration record.

To enable the app:

Go to Setup > Integration > Manage Integrations.
Select the appropriate integration record, and click Edit.
In the State field, change Blocked to Enabled.
Save the record.

AuthorizationFlowRequired

The integration application does not use the TBA authorization flow.

Ensure that the TBA: Authorization Flow box is checked in the corresponding integration record. For more information, see Create Integration Records for Applications to Use TBA.

InvalidTimestamp

The timestamp is not in the allowed range. The timestamp of the request must be within plus or minus five (+ or - 5) minutes of the server time.

Ensure that:

Your computer clocks are synchronized using the NTP protocol.
Requests are sent soon after generating the TBA header.
Requests are not being queued before being sent to NetSuite.

InvalidSignature

The signature is incorrect.

See Generating the Signature for the TBA Authorization Flow for the correct method of signing a request. See also The Signature for Web Services and RESTlets.

InvalidCallback <<--callback-URL-specified-->>

The callback URL is not valid.

On the integration record, verify the callback URL and correct the request as needed.

MissingRequiredParameter

The request is missing a required parameter.

Verify that all required parameters are included in the request. For more information, see the following topics:

Step One Obtain An Unauthorized Request Token for Step One of the TBA flow.
Step Three Exchange the Request Token for an Access Token for Step Three of the TBA flow.

NonceRejected

The nonce was not long enough.

Nonce must be at least six characters long. An ideal nonce length is 20 characters.

NonceUsed

The combination of nonce and timestamp has already been used by this user.

Ensure you generate a unique nonce for every request.
Do not send the same request more than one time. If you must perform the same operation, you must generate a new TBA header for each subsequent request.

TokenRejected

The token could not be found.

Ensure that the token:

Is correct.
Is active.
Is a token for the correct integration application.

EntityOrRoleDisabled

The entity or role is not usable.

This error may have many causes.

Verify that the entity and role are both active in NetSuite.
Verify the entity has access.
Verify that the role has TBA permissions.
Verify that the user has not made the role inactive on the user's View My Roles page.

FeatureDisabled

The Token-based Authentication feature in NetSuite is not enabled.

Enable the feature. See Enable the Token-based Authentication Feature.

UnknownAlgorithm

Potential reasons for this error message include:

The algorithm used (such as HMAC-SHA1) is not supported for the TBA authorization flow.
The signature method is not supported.

Potential resolutions include:

Only the HMAC-SHA256 algorithm is supported for the TBA authorization flow
See Generating the Signature for the TBA Authorization Flow for the correct method of signing a request.

VersionRejected

The request uses an invalid value for OAuth version parameter.

The value for the OAuth version parameter must be 1.0.

InvalidVerifier

The value of the oauth_verifier parameter does not match the value provided in Step Two of the TBA flow.

Ensure that the value of the oauth_verifier parameter provided to the Callback URL in the application is used during Step Three.

To enable the app:

Related Topics