Skip to main content

Troubleshooting

Authentication failures

Symptom: "Could not obtain a token" or "Failed to get token" error

Causes:

  • Invalid certificate ID or client ID

  • Private key doesn't match public certificate

  • Integration record not enabled

  • Incorrect signature algorithm

  • Time synchronization issue: The time between the NetSuite server and Bravura Security Fabric server may be out of sync

Resolution:

  • Verify server time synchronization (ensure both servers have accurate system time)

  • Verify certificate ID and client ID are correct

  • Ensure the certificate and private key are a matching pair

  • Ensure integration record is enabled in NetSuite

  • See the Token troubleshooting section below for additional steps

Missing dependencies

Symptom: "Failed to import a required module" error

Causes: PyJWT or requests library not installed

Resolution: From the agent directory, run py -m pip install -r agtnetsuite_requirements.txt

Permission errors

Symptom: HTTP 403 Forbidden errors

Causes: Service account lacks required permissions

Resolution: Verify service account has Administrator role or custom role with REST API permissions

Account creation failures

Symptom: "Cannot create account" error

Causes:

  • Template account is inactive

  • Template account has no roles assigned

  • Password requirements not met

  • Required attributes missing

Resolution:

  • Ensure the template account is active (not marked as inactive)

  • Verify the template account has at least one role assigned

  • Check that the template account ID is correctly configured in Bravura Security Fabric target settings

  • Ensure password meets NetSuite requirements (complexity, length, etc.)

  • Verify all required attributes are provided (email, first name, last name, subsidiary, password)

Token troubleshooting

If you encounter authentication issues, verify the following:

  1. Certificate Configuration:

    • Public certificate uploaded to NetSuite integration record

    • Private key file accessible to Bravura Security Fabric

    • Certificate and key are a matching pair

    • Certificate ID matches the ID assigned by NetSuite

  2. Integration Record:

    • Integration is enabled

    • OAuth 2.0 is checked

    • Client Credentials Grant is checked

    • Scope includes REST WEB SERVICES

  3. Address Attributes:

    • Client ID is correct (matches integration record)

    • Certificate ID is correct (matches NetSuite-assigned ID)

    • Private key path is correct and file is accessible

    • Account ID format is correct (case-sensitive)

    • Signature algorithm matches key type (PS* for RSA, ES* for ECDSA)

  4. Service Account:

    • Account has "Give Access" enabled

    • Account has appropriate role permissions

    • Account is not inactive

  5. Network Connectivity:

    • Bravura Security Fabric can reach NetSuite API endpoint

    • No firewall blocking HTTPS traffic

    • DNS resolution working correctly

  6. Time Synchronization:

    • Ensure both servers have accurate system time synchronized via NTP

    • JWT tokens include timestamps and may be rejected if time is significantly out of sync

Note

Steps and menu locations may vary depending on your NetSuite version and edition.

In this section: