If you are getting the Netsuite [.inline-code-highlight]invalid_grant[.inline-code-highlight] error, here are the potential causes and solutions for fixing it.
1. Refresh Token is Invalid, Expired, or Revoked
A common source of this error is that NetSuite refresh tokens are only valid for 3 hours. This means that any request for a new token will fail if the refresh token is older than 3 hours.
Resolution
If you are getting a Netsuite [.inline-code-highlight]invalid_grant[.inline-code-highlight] error because of an expired refresh token, make sure that your application makes a POST request to the token endpoint periodically (e.g. every 30 minutes) in the background. Save the new access and refresh token from the HTTP response.
If you don't want to deal with building authentication and refresh token management for Netsuite, or any other SaaS integration, Paragon provides fully managed auth across all OAuth/API key based integrations.
2. Authorization Code is Invalid, Expired, or Revoked
It is possible that the authorization code that you received from the authorization request (the first step in the NetSuite OAuth 2.0 flow) is no longer valid.
Resolution
If you are getting an Netsuite [.inline-code-highlight]invalid_grant[.inline-code-highlight] error because of an invalid authorization code, try sending a new GET request to the authorization endpoint to get a new authorization code before making a request to the token endpoint.
3. Mismatched Redirect URI
The redirect URI specified in the authorization request does not match your application’s redirect URI.
Resolution
If you are getting a Netsuite [.inline-code-highlight]invalid_grant[.inline-code-highlight] error because of a mismatched redirect URI, make sure that the redirect URI in your authorization request is correct.
To view or modify your NetSuite app’s redirect URI:
- Log in to your NetSuite account
- Go to Setup > Integration > Manage Integrations > {{YOUR APP}}
Fully managed Netsuite auth
If you want to completely offload dealing with Netsuite's auth errors and their short refresh window when building a native Netsuite integration for your application, you can use Paragon.
With a single [.inline-code-highlight]paragon.connect('hubspot');[.inline-code-highlight] call, you can embed a native JS modal where your users can configure and authenticate into their Netsuite accounts - the Paragon SDK will handle the entire Netsuite auth flow and refresh tokens as necessary so you don’t need to.
Here’s an example of our customer TL;DV that relies on Paragon to handle the entire OAuth flow for their application’s HubSpot integration.
To see if Paragon can help streamline your product's native integration development process, check out our documentation and sign up for a free trial.
