Scenario
Performing a SOAP webservices request to NetSuite using a previous working connection/integration and having the account in NetSuite versions 2021.1, suddenly the same requests that were working previously have stopped working and are returning an error response like the below example xml:
<platformFaults:code>USER_ERROR</platformFaults:code><platformFaults:message>The request could not be understood by the server due to malformed syntax.</platformFaults:message></platformFaults:invalidCredentialsFault><ns1:hostname xmlns:ns1=\"http://xml.apache.org/axis/\">partners022</ns1:hostname>
The message "The request could not be understood by the server due to malformed syntax", is under the fault of "invalidCredentialsFault" even dough the credentials are correct.
Solution
This is due to the deprecation of the signature algorithm method HMAC-SHA1. As stated in the Release Notes of version 2021.2, this algorithm method will no longer be supported on NetSuite version 2022.1 and as alternative we can use HMAC-SHA256 instead, please see excerpt below:
"The end of support for the HMAC-SHA1 signature method for the Token-based Authentication (TBA) feature has been postponed until 2022.1. Originally, the end of support was targeted for 2021.2. Even though the end of support has been delayed, you should update your integrations to use HMAC-SHA256 as soon as possible. When your account is upgraded to NetSuite 2022.1, any integrations using the TBA feature with HMACSHA1 as a signature method will stop working. The end of support and the request to change the signature method to HMAC-256 also applies to third-party integrations. You must use the HMAC-SHA256 signature method to create new integrations for use with TBA. Before 2022.1, you must update your authorization header to use HMAC-SHA256. To update the authorization header, change the values of the oauth_signature_method parameter and the oauth_signature parameter to HMAC-SHA256. For more information, see the following help topics"
Notes:Important: If you are using a library for signing, verify whether the library supports HMACSHA256, and if needed, update the library with HMAC-SHA256 support.
As such we need to adjust the XML for similar below example:
<tokenPassport>
<account xsi:type='xsd:string'>{{account}}</account><consumerKey xsi:type='xsd:string'>{{consumerKey}}</consumerKey><token xsi:type='xsd:string'>{{tokenId}}</token><nonce xsi:type='xsd:string'>{{nonce}}</nonce><timestamp xsi:type='xsd:long'>{{timestamp}}</timestamp><signature algorithm='HMAC-SHA256' xsi:type='platformCore:TokenPassportSignature'>{{signature}}</signature></tokenPassport>