Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Postman pre-request script to generate TBA variables for NetSuite Web Services
/*
Usage:
1. Define a NetSuite environment in Postman (https://www.getpostman.com/docs/postman/environments_and_globals/manage_environments)
with the following keys set: account, consumerKey, consumerSecret, tokenId, tokenSecret
2. Add this script to your "Pre Request Script" in Postman (https://www.getpostman.com/docs/postman/scripts/pre_request_scripts)
3. Add the Token Passport in your request with variable placeholders
<tokenPassport xmlns="urn: messages_2017_2.platform.webservices.netsuite.com" xmlns:ns1="urn:core_2017_2.platform.webservices.netsuite.com">
<ns1:account>{{account}}</ns1:account>
<ns1:consumerKey>{{consumerKey}}</ns1:consumerKey>
<ns1:token>{{tokenId}}</ns1:token>
<ns1:nonce>{{nonce}}</ns1:nonce>
<ns1:timestamp>{{timestamp}}</ns1:timestamp>
<ns1:signature algorithm="HMAC-SHA1">{{signature}}</ns1:signature>
</tokenPassport>
*/
let account = pm.environment.get("account");
let consumerKey = pm.environment.get("consumerKey");
let consumerSecret = pm.environment.get("consumerSecret");
let tokenId = pm.environment.get("tokenId");
let tokenSecret = pm.environment.get("tokenSecret");
let timestamp = new Date().getTime().toString().substring(0, 10);
let nonce = CryptoJS.lib.WordArray.random(10).toString();
let baseString = `${account}&${consumerKey}&${tokenId}&${nonce}&${timestamp}`;
let key = `${consumerSecret}&${tokenSecret}`;
let signature = CryptoJS.HmacSHA1(baseString, key).toString(CryptoJS.enc.Base64);
pm.environment.set("signature", signature);
pm.environment.set("nonce", nonce);
pm.environment.set("timestamp", timestamp);
@dbaghdanov
Copy link

dbaghdanov commented Jun 21, 2019

There's a typeo in line 17, causing a "1" to be appended to the signaure:

<ns1:signature algorithm="HMAC-SHA1">{{signature}}1</ns1:signature>

should be:

<ns1:signature algorithm="HMAC-SHA1">{{signature}}</ns1:signature>

@michoelchaikin
Copy link
Author

michoelchaikin commented Jun 23, 2019

There's a typeo in line 17, causing a "1" to be appended to the signaure:

<ns1:signature algorithm="HMAC-SHA1">{{signature}}1</ns1:signature>

should be:

<ns1:signature algorithm="HMAC-SHA1">{{signature}}</ns1:signature>

Thanks for catching that. I've fixed it in the gist.

@kheast
Copy link

kheast commented Aug 21, 2019

New to Postman and was stumped about how to use TBA with NetSuite/Postman. This works perfectly; thanks very much.

@michoelchaikin
Copy link
Author

michoelchaikin commented Oct 11, 2019

New to Postman and was stumped about how to use TBA with NetSuite/Postman. This works perfectly; thanks very much.

😄 Just stumbled on your write up here - https://blog.zuar.com/netsuite-api-exploring-soap/. It's really clear and easy to follow

@Sanathsunny444
Copy link

Sanathsunny444 commented May 18, 2021

Can we Replace the Algorithm from HmacSHA1 to HmacSHA256 in the XML part and the custom code we use?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment