HMAC-SHA1 Deprecation for Token-based Authentication in version 2021.1
Important NetSuite authentication-related changes could affect your NetSuite instance in the next release.
Are your integrated SuiteApps using the Token-based Authentication method that uses HMAC-SHA1 as a signature method?
This January, NetSuite release 2021.1 will deprecate the Inbound SSO authentication interface. This deprecation means integrated SuiteApps that rely on this interface (including those that use the SuiteTalk SOAP mapSso() and ssoLogin() methods, and user interface redirect capability) will cease to operate correctly.
If you have not done so already, please migrate your integrated SuiteApps to use the Token-based Authentication interface (TBA) as the authentication method.
NetSuite is projected to deprecate using HMAC-SHA1 as the signature method for TBA in release 2021.2 this summer. SuiteApps using HMAC-SHA1 as the TBA signature method must migrate to HMAC-SHA256 prior to release 2021.2. You must change your integrated SuiteApps to use HMAC-SHA256 as the signature method. If you are already using HMAC-SHA256 as the signature method, or if your SuiteApps do not use Token-based Authentication, then this deprecation will not impact you.
What is Changing?
When customer accounts are upgraded to NetSuite 2021.2, any integrations that are using the Token-based Authentication feature with HMAC-SHA1 as a signature method will stop working. This applies to all integrations that use TBA for authentication including SOAP, REST, and RESTlet. The NetSuite 2021.2 release upgrade is targeted to occur between August and October of 2021.
Required Action: Before customer accounts are upgraded to NetSuite 2021.2, ensure that the TBA integrations in your SuiteApps are using HMAC-SHA256.
You must update the authorization header to use HMAC-SHA256. The value of the oauth_signature_method parameter must be changed from HMAC-SHA1 to HMAC-SHA256, and the value of the oauth_signature parameter must change accordingly. For more information, see the help topic Example OAuth Header (SuiteAnswers, ID 50996).
If you are using a library for signing, you must verify whether the library supports HMAC-SHA256, and update the library to use HMAC-SHA256, if needed. If your library does not support HMAC-SHA256, you must start using a library that supports HMAC-SHA256. Deprecation Schedule for HMAC-SHA1 as a Signature Method for TBA.
Other NetSuite Tips + Tricks Blogs:
1. How to Automatically Email Searches and Reports
2. Notice: Fake Invoice Emails Appear to be Coming From NetSuite
3. Choose What Notifications to Send Your Customers or Vendors
4. How to Define, Customize and Access a Saved Search
5. Learn NetSuite: Top NetSuite Training Resources For Self-Teaching
Want direct NetSuite Assistance? Have NetSuite Questions? Let’s talk!
Protelo’s expert consultants can help you prepare for the upcoming update!
We can help you to implement, service, and support NetSuite today! Protelo is a 5-star NetSuite partner and reseller here for your business. Our United-States based team can help your company get the most out of NetSuite or clean up a project that is over budget, over project timeline, or needs expert support. We work on-demand when you need us, without long-term contract requirements or minimum costs.
Whether you are looking for a one-stop-shop for all things NetSuite, or simply need answers to your questions, our NetSuite experts are here to make your business better.