Postman pre-request script to generate TBA variables for NetSuite Web Services

postmanNetSuiteTBA.js

/*

Usage:

1. Define a NetSuite environment in Postman (https://www.getpostman.com/docs/postman/environments_and_globals/manage_environments)
   with the following keys set: account, consumerKey, consumerSecret, tokenId, tokenSecret
   
2. Add this script to your "Pre Request Script" in Postman (https://www.getpostman.com/docs/postman/scripts/pre_request_scripts)

3. Add the Token Passport in your request with variable placeholders
      <tokenPassport xmlns="urn: messages_2017_2.platform.webservices.netsuite.com" xmlns:ns1="urn:core_2017_2.platform.webservices.netsuite.com">
        <ns1:account>{{account}}</ns1:account>
        <ns1:consumerKey>{{consumerKey}}</ns1:consumerKey>
        <ns1:token>{{tokenId}}</ns1:token>
        <ns1:nonce>{{nonce}}</ns1:nonce>
        <ns1:timestamp>{{timestamp}}</ns1:timestamp>
        <ns1:signature algorithm="HMAC-SHA1">{{signature}}</ns1:signature>
      </tokenPassport>

*/

let account = pm.environment.get("account");
let consumerKey = pm.environment.get("consumerKey");
let consumerSecret = pm.environment.get("consumerSecret");
let tokenId = pm.environment.get("tokenId");
let tokenSecret = pm.environment.get("tokenSecret");
    
let timestamp = new Date().getTime().toString().substring(0, 10);
let nonce = CryptoJS.lib.WordArray.random(10).toString();
let baseString = `${account}&${consumerKey}&${tokenId}&${nonce}&${timestamp}`;
let key = `${consumerSecret}&${tokenSecret}`;
let signature = CryptoJS.HmacSHA1(baseString, key).toString(CryptoJS.enc.Base64);

pm.environment.set("signature", signature);
pm.environment.set("nonce", nonce);
pm.environment.set("timestamp", timestamp);

There's a typeo in line 17, causing a "1" to be appended to the signaure:

<ns1:signature algorithm="HMAC-SHA1">{{signature}}1</ns1:signature>

should be:

<ns1:signature algorithm="HMAC-SHA1">{{signature}}</ns1:signature>

There's a typeo in line 17, causing a "1" to be appended to the signaure:

<ns1:signature algorithm="HMAC-SHA1">{{signature}}1</ns1:signature>

should be:

<ns1:signature algorithm="HMAC-SHA1">{{signature}}</ns1:signature>

Thanks for catching that. I've fixed it in the gist.

New to Postman and was stumped about how to use TBA with NetSuite/Postman. This works perfectly; thanks very much.

New to Postman and was stumped about how to use TBA with NetSuite/Postman. This works perfectly; thanks very much.

😄 Just stumbled on your write up here - https://blog.zuar.com/netsuite-api-exploring-soap/. It's really clear and easy to follow

Can we Replace the Algorithm from HmacSHA1 to HmacSHA256 in the XML part and the custom code we use?

@michoelchaikin @kheast would either of you happen to have a working example of sending a soap request via Postman to the SuiteTalk API? I'v been struggling to get past the SOAPAction header. Here's my full Post sample:

POST https://myaccount.suitetalk.api.netsuite.com/services/netsuiteport_2017_2
POST /services/netsuiteport_2017_2 HTTP/1.1
SOAPAction: getAll
Content-Type: text/xml
User-Agent: PostmanRuntime/7.36.0
Accept: /
Postman-Token: 4002c99b-c3f2-403f-8830-1132012d9e0e
Host: myaccount.suitetalk.api.netsuite.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 827

<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Header>
<tokenPassport>
<account>*******</account>
<consumerKey>*******</consumerKey>
<token>*******</token>
<nonce>bf8fa7d3a371d8309ceb</nonce>
<timestamp>1703358149</timestamp>
<signature algorithm="HMAC-SHA256">+NLBYMTJxjoDWctCA4hpujOsdr4TaMboj2wH1irOPQ7=</signature>
</tokenPassport>
</soap-env:Header>
<soap-env:Body>
<getAll xmlns="urn:messages_2017_1.platform.webservices.netsuite.com">
<record recordType="currency"/>
</getAll>
</soap-env:Body>
</soap-env:Envelope>

and the response:

HTTP/1.1 500 Internal Server Error
Content-Type: text/xml;charset=utf-8
Content-Length: 771
X-N-OperationId: 1b3d5a1d-f30e-4853-b79a-6215ef92e70e
NS_RTIMER_COMPOSITE: 1765551851:706172746E6572733232302E70726F642D6961642D6E6132302E636F72652E6E732E696E7465726E616C:80
Strict-Transport-Security: max-age=31536000
Vary: User-Agent
Date: Sat, 23 Dec 2023 19:02:30 GMT
Connection: close
Akamai-GRN: 0.65a83817.1703358150.1a28d3ba

ns1:ClientNo such operation 'getall'com.netledger.app.webservices.axis.NLAxisFault**No such operation 'getall'**

</ns3:stackTrace><ns4:hostname xmlns:ns4="http://xml.apache.org/axis/">partners220.prod-iad-na20.core.ns.internal</ns4:hostname></soapenv:Fault></soapenv:Body></soapenv:Envelope>