Skip to Content

NetSuite HMAC-SHA1 deprecation

Summary

The HMAC-SHA1 signature algorithm will no longer be supported by NetSuite or the Harmony NetSuite connectors. Therefore you should change any Harmony projects that are presently using HMAC-SHA1 as the signature algorithm to use HMAC-SHA256 as soon as possible to avoid issues with those integrations.

Additional information

NetSuite is deprecating the HMAC-SHA1 signature algorithm as a valid signature method for token-based authentication (TBA) as of these versions:

  • Non-Production Accounts: NetSuite version 2021.2 and later.
  • Production Accounts: NetSuite version 2023.1 and later.

The deprecation of HMAC-SHA1 is independent of which WSDL version you specify in the configuration of the Harmony NetSuite endpoint.

In an upcoming Harmony release, the HMAC-SHA1 signature algorithm will be removed as a selection in Harmony NetSuite connectors for Integration Studio and Design Studio. Even though the end of support has been delayed, you should change any Harmony projects that are presently using HMAC-SHA1 as the signature algorithm to use HMAC-SHA256 instead as soon as possible to avoid issues with those integrations.

Key dates

Below is a summary of the key dates:

Key Date Event
July 21, 2021 NetSuite start of upgrade of SuiteCloud Developer Network (SDN) leading accounts to NetSuite version 2021.2.
July 30, 2021 NetSuite end of the upgrade of SDN leading accounts to NetSuite version 2021.2. The HMAC-SHA1 signature stopped working permanently on all SDN accounts.
Mid to late August 2021 NetSuite test window for customer production accounts, during which HMAC-SHA1 stopped working for 6 hours per region.
Spring 2022

NetSuite upgrade of customer production accounts to NetSuite version 2022.1.

NetSuite originally announced that the HMAC-SHA1 signature would permanently stop working with NetSuite version 2022.1; however, NetSuite later announced that the end of support for HMAC-SHA1 was postponed.

June 14, 2022 NetSuite test window for customer production accounts, during which HMAC-SHA1 will stop working for 24 hours per region.
February to April 2023 NetSuite upgrades of customer production accounts to NetSuite version 2023.1, at which time the HMAC-SHA1 signature method will permanently stop working.
To be determined An upcoming Harmony release will remove the HMAC-SHA1 selection from Integration Studio and Design Studio UI.

Required changes

Changes are required if a project is currently using HMAC-SHA1 as the signature algorithm for communication with NetSuite. Instructions are provided below for projects using the Integration Studio NetSuite connector or the Design Studio NetSuite connector. If a project connects to NetSuite using a method other than one of our NetSuite connectors and you need assistance updating the signature algorithm, contact Jitterbit support.

If a project is already using HMAC-SHA256 as the signature algorithm, no changes are required.

Integration Studio

To verify the signature algorithm in use by the Integration Studio NetSuite connector and to make the required changes, if necessary, follow these steps:

  1. Access Integration Studio through the Harmony portal at https://login.jitterbit.com.

  2. Open each project using the Integration Studio NetSuite connector.

  3. Open each NetSuite connection and locate the field Signature Algorithm. If the selection shows HMAC-SHA256, no changes are necessary. If the selection shows HMAC-SHA1 or if the selection is empty, use the dropdown to change the signature algorithm to HMAC-SHA256:

    NetSuite configuration signature algorithm

  4. Test, save, and redeploy each NetSuite connection where the signature algorithm was updated.

Design Studio

To verify the signature algorithm in use by the Design Studio NetSuite connector and to make the required changes, if necessary, follow these steps:

  1. In the Design Studio application, open each project using the Design Studio NetSuite connector.

  2. Open each NetSuite endpoint and locate the field Signature Algorithm. If the selection shows HMAC-SHA256, no changes are necessary. If the selection shows HMAC-SHA1, use the dropdown to change the signature algorithm to HMAC-SHA256:

    endpoint configuration TBA signature algorithm annotated

  3. Test, save, and redeploy each NetSuite Endpoint where the signature algorithm was updated.

If required changes are not made

If a Harmony project is still using HMAC-SHA1 when NetSuite deprecates that signature method for your NetSuite account, the integration will stop working.

An error similar to that shown below will occur when you test the endpoint or run an operation using HMAC-SHA1:

<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
        <soapenv:Fault>
            <faultcode>soapenv:Server.userException</faultcode>
            <faultstring>The request could not be understood by the server due to malformed syntax.</faultstring>
            <detail>
                <platformFaults:invalidCredentialsFault
                    xmlns:platformFaults="urn:faults_2019_2.platform.webservices.netsuite.com">
                    <platformFaults:code>USER_ERROR</platformFaults:code>
                    <platformFaults:message>The request could not be understood by the server due to malformed syntax.</platformFaults:message>
                </platformFaults:invalidCredentialsFault>
                <ns1:hostname
                    xmlns:ns1="http://xml.apache.org/axis/">example123
                </ns1:hostname>
            </detail>
        </soapenv:Fault>
    </soapenv:Body>
</soapenv:Envelope>

To resolve the error and fix the integration, see Required changes above to change the signature algorithm to HMAC-SHA256.