Question 8478 in PHP Versions Question posted in
You can find a list of all versions here.

Oauth with HMAC-SHA256 in Netsuite using PHP cURL GET – PHP Versions

I am at my wits end…
I have a working node.js implementation of this and trying to do the same in PHP I have run into a wall. I checked with hardcoded nonce and timestamp values and get the exact same signature in node.js and PHP but still the return value from Netsuite with PHP is always "{"error" : {"code" : "INVALID_LOGIN_ATTEMPT", "message" : "Invalid login attempt."}}" while the javascript version, with the exact same signature and headers returns valid data.

The Authorization header looks exactly the same in node.js and PHP, yet in PHP it always returns INVALID_LOGIN_ATTEMPT…

The code below is stitched together from several examples found here and there.

    $httpMethod ="GET"; 
    $projectid = "xxx";
    $taskid = "xxx";
    $script = "xxx";
    $accountID = 'xxxxx-sb1';
    $realm = "xxxxx_SB1";
    $url = 'https://'.$accountID.'.restlets.api.netsuite.com/app/site/hosting/restlet.nl';
    $url_params = "?script=$script&deploy=1&taskid=$taskid&projectid=$projectid";
    $ckey = "xxxxx"; //Consumer Key
    $csecret = "xxxxx"; //Consumer Secret
    $tkey = "xxxxx"; //Token ID
    $tsecret = "xxxxx"; //Token Secret
    $timestamp= time();
    $nonce= uniqid(mt_rand(1, 1000));
    $baseString = $httpMethod . '&' . rawurlencode($url) . "&"
        . rawurlencode("oauth_consumer_key=" . rawurlencode($ckey)
            . "&oauth_nonce=" . rawurlencode($nonce)
            . "&oauth_signature_method=HMAC-SHA256"
            . "&oauth_timestamp=" . rawurlencode($timestamp)
            . "&oauth_token=" . rawurlencode($tkey)
            . "&oauth_version=1.0"
            . "&projectid=" . rawurlencode($projectid) 
            . "&script=" . rawurlencode($script) 
            . "&taskid=" . rawurlencode($taskid) 
        );
        $key = rawurlencode($csecret) . '&' . rawurlencode($tsecret);

        $signature = rawurlencode(base64_encode(hash_hmac('sha256', $baseString, $key, true)));
        echo "signature: $signaturenn";
        $header = array(
            "Content-Type: application/json",
            "Authorization: OAuth realm="$realm", oauth_consumer_key="$ckey", oauth_token="$tkey", oauth_nonce="$nonce", oauth_timestamp="$timestamp", oauth_signature_method="HMAC-SHA256", oauth_version="1.0", oauth_signature="$signature"",
        );

        $curl = curl_init();

        curl_setopt_array($curl, array(
            CURLOPT_URL => $url . $url_params,
            CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0',
            CURLOPT_SSL_VERIFYPEER => 0,
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 0,
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => $httpMethod,
            CURLOPT_HTTPHEADER => $header,
        ));

        $response = curl_exec($curl);

        curl_close($curl);

        var_dump($response);

    }```
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Thanks to @bknights I finally managed to find the right solution for this. I was also missing the deploy=1 -parameter AND the realm needs have an underscore instead of hyphen.

    I literally spent two days on this...

        $projectid = "xxx";
    $taskid = "xxx";
    $script = "xxx";
    $accountID = 'xxx-sb1';
    $realm = "xxx_SB1";//NOTICE THE UNDERSCORE
    $url = 'https://'.$accountID.'.restlets.api.netsuite.com/app/site/hosting/restlet.nl';
    $url_params = "?script=$script&deploy=1&taskid=$taskid&projectid=$projectid";
    $ckey = "ccccc"; //Consumer Key
    $csecret = "sssss"; //Consumer Secret
    $tkey = "ttttt"; //Token ID
    $tsecret = "sssss"; //Token Secret    
    $timestamp= time();
    $nonce=  uniqid(mt_rand(1, 1000));
    $baseString = $httpMethod . '&' . rawurlencode($url) . "&"
        . rawurlencode("deploy=1&oauth_consumer_key=" . rawurlencode($ckey)
            . "&oauth_nonce=" . rawurlencode($nonce)
            . "&oauth_signature_method=HMAC-SHA256"
            . "&oauth_timestamp=" . rawurlencode($timestamp)
            . "&oauth_token=" . rawurlencode($tkey)
            . "&oauth_version=1.0"
            . "&projectid=" . rawurlencode($projectid) 
            . "&script=" . rawurlencode($script) 
            . "&taskid=" . rawurlencode($taskid) 
);
        $key = rawurlencode($csecret) . '&' . rawurlencode($tsecret);
        $signature = rawurlencode(base64_encode(hash_hmac('sha256', $baseString, $key, true)));
        $header = array(
            "Authorization: OAuth realm="$realm", oauth_consumer_key="$ckey", oauth_token="$tkey", oauth_nonce="$nonce", oauth_timestamp="$timestamp", oauth_signature_method="HMAC-SHA256", oauth_version="1.0", oauth_signature="$signature"",
            "Content-Type: application/json"
        );

        $curl = curl_init();

        curl_setopt_array($curl, array(
            CURLOPT_URL => $url . $url_params,
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 0,
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => $httpMethod,
            CURLOPT_HTTPHEADER => $header,
        ));

        $response = curl_exec($curl);

        curl_close($curl);

        var_dump($response);```

  2. 0

    pretty sure your realm should be:

    $realm = "xxxxx_SB1"; // underbar not dash

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search