HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
{
	"error": "invalid_grant"
}

If you are getting the Netsuite invalid_grant error, here are the potential causes and solutions for fixing it.

1. Refresh Token is Invalid, Expired, or Revoked

A common source of this error is that NetSuite refresh tokens are only valid for 3 hours. This means that any request for a new token will fail if the refresh token is older than 3 hours.

Resolution

If you are getting a Netsuite invalid_grant error because of an expired refresh token, make sure that your application makes a POST request to the token endpoint periodically (e.g. every 30 minutes) in the background. Save the new access and refresh token from the HTTP response.

POST /services/rest/auth/oauth2/v1/token HTTP/1.1
Host: <accountID>

If you don't want to deal with building authentication and refresh token management for Netsuite, or any other SaaS integration, Paragon provides fully managed auth across all OAuth/API key based integrations.

2. Authorization Code is Invalid, Expired, or Revoked

It is possible that the authorization code that you received from the authorization request (the first step in the NetSuite OAuth 2.0 flow) is no longer valid.

Resolution

If you are getting an Netsuite invalid_grant error because of an invalid authorization code, try sending a new GET request to the authorization endpoint to get a new authorization code before making a request to the token endpoint.

GET /app/login/oauth2/authorize.nl
Host: <accountID>

3. Mismatched Redirect URI

The redirect URI specified in the authorization request does not match your application’s redirect URI.

Resolution

If you are getting a Netsuite invalid_granterror because of a mismatched redirect URI, make sure that the redirect URI in your authorization request is correct.

To view or modify your NetSuite app’s redirect URI:

1. Log in to your NetSuite account

2. Go to Setup > Integration > Manage Integrations > {{YOUR APP}}

Fully managed Netsuite auth

If you want to completely offload dealing with Netsuite's auth errors and their short refresh window when building a native Netsuite integration for your application, you can use Paragon.

With a single paragon.connect('netsuite'); call, you can embed a native JS modal where your users can configure and authenticate into their Netsuite accounts - the Paragon SDK will handle the entire Netsuite auth flow and refresh tokens as necessary so you don’t need to.

To see if Paragon can help streamline your product's native integration development process, check out our documentation and sign up for a free trial.

‍