Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
icassiem
Post Patron
Post Patron

PowerBI NetSuite POST Rest API Create Client_Assertion token

Good Day,

With the help of Netsuite consultants, i manually coping the temp auth token key i can access Netsuite from API

I am trying to generate the authenticaion token, i was informed i need the assertion param value that postman uses as an example

 

1. The below is the javascript but how do i translate this to powerquery function?

 

pm.collectionVariables.set('companyId', pm.collectionVariables.get("NSCOMPID"));

var navigator = {}; // necessary as part of "eval" on jsrsasign lib
var window = {}; // necessary as part of "eval" on jsrsasign lib
eval(pm.globals.get("jsrsasign-js")); // grabbing jsrsasign lib, loaded in separate GET 

const cryptojs = require('crypto-js'); // using crypto js for base64 encoding

// Create JWT header
var jwtHeader = {
    alg: 'PS256', // Using PS256, which is one of the algorithms NetSuite supports for client credentials
    typ: 'JWT',
    kid: pm.collectionVariables.get("KID") // Certificate Id on the client credentials mapping
};

var stringifiedJwtHeader = JSON.stringify(jwtHeader);
console.log('jwtHeader: ' + stringifiedJwtHeader);
// Create JWT payload
var jwtPayload = {
    iss: pm.collectionVariables.get("CONSUMER_KEY"), // consumer key of integration record
    scope: ['restlets','rest_webservices'], // scopes specified on integration record
    iat: (new Date() / 1000),               // timestamp in seconds
    exp: (new Date() / 1000) + 3600,        // timestamp in seconds, 1 hour later, which is max for expiration
    aud: pm.collectionVariables.get("RESTLET_URL")
};

var stringifiedJwtPayload = JSON.stringify(jwtPayload);
console.log('jwtPayload: ' + stringifiedJwtPayload);
// The secret is the private key of the certificate loaded into the client credentials mapping in NetSuite
var secret = pm.collectionVariables.get("CERTIFICATE_PRIVATE_KEY");
console.log('secret: ' + secret);
var encodedSecret = cryptojs.enc.Base64.stringify(cryptojs.enc.Utf8.parse(secret)); // we need to base64 encode the key

// Sign the JWT with the PS256 algorithm (algorithm must match what is specified in JWT header).
// The JWT is signed using the jsrsasign lib (KJUR)
var signedJWT = KJUR.jws.JWS.sign('PS256',stringifiedJwtHeader,stringifiedJwtPayload,secret);

// The signed JWT is the client assertion (encoded JWT) that is used to retrieve an access token
pm.collectionVariables.set('clientAssertion', signedJWT);

 

 

2. Below is my WIP version but im missing the javascript library that postman uses and the KID Param values etc, 

 

let
    // Define your client ID and client secret
    clientId = "a0a...",
    clientSecret = "1b3c...",    
    // Construct the assertion payload
    assertionPayload = [
        iss = clientId,
        sub = clientId,
        aud = "https://xxx.suitetalk.api.netsuite.com", 
        exp = Number.ToText(Number.Round(DateTimeZone.FixedLocalNow() + #duration(0,0,1,0))),
        iat = Number.ToText(Number.Round(DateTimeZone.FixedLocalNow()))
    ],

    // Convert the assertion payload to JSON
    assertionPayloadJson = Json.FromValue(assertionPayload),
    // ConvertToBinary
    encodedPayload = Binary.ToText(assertionPayloadJson, BinaryEncoding.Base64),

    // Construct the assertion header
    assertionHeader = [
        alg = "MII...",
        typ = "JWT"
    ],

    // Convert the assertion header to JSON
    assertionHeaderJson = Json.FromValue(assertionHeader),    
    // Encode the header to base64    
    encodedHeader = Binary.ToText(assertionHeaderJson, BinaryEncoding.Base64),

    // Concatenate the encoded header, payload, and signature
    assertion = encodedHeader & "." & encodedPayload,

    // Sign the assertion using the client secret
    signedAssertion = assertion & "." & ""
in
    signedAssertion

 

 

Please Help, Any ideas or links of someone doing this before

2 REPLIES 2
v-zhengdxu-msft
Community Support
Community Support

Hi @icassiem 

 

A Client_Assertion token is typically used in server-to-server authentication scenarios. It's a way for an application (client) to authenticate itself to a server (like Microsoft Entra ID or Azure AD) using a signed JWT token (the assertion) instead of a client secret. This method is more secure and is particularly useful when you want to avoid storing secrets in your application.

 

Here are links about how to create the token for your reference:

Embed Power BI content in a Power BI embedded analytics application with service principal and a cer...

Generate an embed token in Power BI embedded analytics - Power BI | Microsoft Learn

 

Best Regards

Zhengdong Xu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi thank you @v-zhengdxu-msft 

Do I have to create an entrai d by registering netsuite api with azure?

 

I tied something similar where I ussed powerbi api and required reg the api in azure for service principal only for partner and admin struggling for days saying bit was not possible

 

Is there no other option than reg netsuite with azure?

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.