Oauth implementation in netsuite using php

Here is some code I wrote for a PHP -> NS integration using Restlets and OAuth:

define("NETSUITE_URL", 'https://rest.netsuite.com/app/site/hosting/restlet.nl');
define("NETSUITE_SCRIPT_ID", 'XXXXXX');
define("NETSUITE_DEPLOY_ID", 'XXXXXX');
define("NETSUITE_ACCOUNT", 'XXXXXX');
define("NETSUITE_CONSUMER_KEY", 'XXXXXX');
define("NETSUITE_CONSUMER_SECRET", 'XXXXXX');
define("NETSUITE_TOKEN_ID", 'XXXXXX');
define("NETSUITE_TOKEN_SECRET", 'XXXXXX');

function sendOrderToNS($details) {
    $data_string = json_encode($details);

    $oauth_nonce = md5(mt_rand());
    $oauth_timestamp = time();
    $oauth_signature_method = 'HMAC-SHA1';
    $oauth_version = "1.0";

    $base_string =
        "POST&" . urlencode(NETSUITE_URL) . "&" .
        urlencode(
            "deploy=" . NETSUITE_DEPLOY_ID
          . "&oauth_consumer_key=" . NETSUITE_CONSUMER_KEY
          . "&oauth_nonce=" . $oauth_nonce
          . "&oauth_signature_method=" . $oauth_signature_method
          . "&oauth_timestamp=" . $oauth_timestamp
          . "&oauth_token=" . NETSUITE_TOKEN_ID
          . "&oauth_version=" . $oauth_version
          . "&realm=" . NETSUITE_ACCOUNT
          . "&script=" . NETSUITE_SCRIPT_ID
        );
    $sig_string = urlencode(NETSUITE_CONSUMER_SECRET) . '&' . urlencode(NETSUITE_TOKEN_SECRET);
    $signature = base64_encode(hash_hmac("sha1", $base_string, $sig_string, true));

    $auth_header = "OAuth "
        . 'oauth_signature="' . rawurlencode($signature) . '", '
        . 'oauth_version="' . rawurlencode($oauth_version) . '", '
        . 'oauth_nonce="' . rawurlencode($oauth_nonce) . '", '
        . 'oauth_signature_method="' . rawurlencode($oauth_signature_method) . '", '
        . 'oauth_consumer_key="' . rawurlencode(NETSUITE_CONSUMER_KEY) . '", '
        . 'oauth_token="' . rawurlencode(NETSUITE_TOKEN_ID) . '", '  
        . 'oauth_timestamp="' . rawurlencode($oauth_timestamp) . '", '
        . 'realm="' . rawurlencode(NETSUITE_ACCOUNT) .'"';

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, NETSUITE_URL . '?&script=' . NETSUITE_SCRIPT_ID . '&deploy=' . NETSUITE_DEPLOY_ID . '&realm=' . NETSUITE_ACCOUNT);
    curl_setopt($ch, CURLOPT_POST, "POST");
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Authorization: ' . $auth_header,
        'Content-Type: application/json',
        'Content-Length: ' . strlen($data_string)
    ]);

    curl_exec($ch);
    curl_close($ch);
}

I'd comment but am not able to yet. michoel's answer is correct but threw "invalid login attempt" errors when 'realm=...' was part of the $auth_header var. Taking that string out removed the issue.


Netsuite TBA Restlets won't support SHA1 anymore in 2021.1 release , you have to change PHP code to from $oauth_signature_method = 'HMAC-SHA1'; to $oauth_signature_method = 'HMAC-SHA256'; and from $signature = base64_encode(hash_hmac("sha1", $base_string, $sig_string, true)); to $signature = base64_encode(hash_hmac("sha256", $base_string, $sig_string, true));

define("NETSUITE_URL", 'https://rest.netsuite.com/app/site/hosting/restlet.nl');
define("NETSUITE_SCRIPT_ID", 'XXXXXX');
define("NETSUITE_DEPLOY_ID", 'XXXXXX');
define("NETSUITE_ACCOUNT", 'XXXXXX');
define("NETSUITE_CONSUMER_KEY", 'XXXXXX');
define("NETSUITE_CONSUMER_SECRET", 'XXXXXX');
define("NETSUITE_TOKEN_ID", 'XXXXXX');
define("NETSUITE_TOKEN_SECRET", 'XXXXXX');

function sendOrderToNS($details) {
    $data_string = json_encode($details);

    $oauth_nonce = md5(mt_rand());
    $oauth_timestamp = time();
    $oauth_signature_method = 'HMAC-SHA256';
    $oauth_version = "1.0";

    $base_string =
        "POST&" . urlencode(NETSUITE_URL) . "&" .
        urlencode(
            "deploy=" . NETSUITE_DEPLOY_ID
          . "&oauth_consumer_key=" . NETSUITE_CONSUMER_KEY
          . "&oauth_nonce=" . $oauth_nonce
          . "&oauth_signature_method=" . $oauth_signature_method
          . "&oauth_timestamp=" . $oauth_timestamp
          . "&oauth_token=" . NETSUITE_TOKEN_ID
          . "&oauth_version=" . $oauth_version
          . "&realm=" . NETSUITE_ACCOUNT
          . "&script=" . NETSUITE_SCRIPT_ID
        );
    $sig_string = urlencode(NETSUITE_CONSUMER_SECRET) . '&' . urlencode(NETSUITE_TOKEN_SECRET);
    $signature = base64_encode(hash_hmac("sha256", $base_string, $sig_string, true));

    $auth_header = "OAuth "
        . 'oauth_signature="' . rawurlencode($signature) . '", '
        . 'oauth_version="' . rawurlencode($oauth_version) . '", '
        . 'oauth_nonce="' . rawurlencode($oauth_nonce) . '", '
        . 'oauth_signature_method="' . rawurlencode($oauth_signature_method) . '", '
        . 'oauth_consumer_key="' . rawurlencode(NETSUITE_CONSUMER_KEY) . '", '
        . 'oauth_token="' . rawurlencode(NETSUITE_TOKEN_ID) . '", '  
        . 'oauth_timestamp="' . rawurlencode($oauth_timestamp) . '", '
        . 'realm="' . rawurlencode(NETSUITE_ACCOUNT) .'"';

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, NETSUITE_URL . '?&script=' . NETSUITE_SCRIPT_ID . '&deploy=' . NETSUITE_DEPLOY_ID . '&realm=' . NETSUITE_ACCOUNT);
    curl_setopt($ch, CURLOPT_POST, "POST");
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Authorization: ' . $auth_header,
        'Content-Type: application/json',
        'Content-Length: ' . strlen($data_string)
    ]);

    curl_exec($ch);
    curl_close($ch);
}