Overview
NetSuite will no longer support the RSA PKCSv1.5 scheme in the OAuth 2.0 client credentials flow after March 1, 2025. Integrations that rely on this scheme will cease to function on that date.
You may have received the notice below from NetSuite if you are using eXtendFiles, eXtendFrame, or eXtendMobile.
You are receiving this notification because you are using the RSA PKCSv1.5 scheme in your algorithm for token signing for the OAuth 2.0 client credentials flow. The support for this scheme is ending March 1, 2025. It is still possible to use this scheme until March 1, 2025, but you should update your integrations as soon as possible.
What is Changing?
For security reasons, the support is ending for the RSA PKCSv1.5 scheme in algorithms used for token signing in the OAuth 2.0 client credentials flow. As of March 1, 2025, integrations using the RSA PKCSv1.5 scheme will no longer work.
Required Actions
Before March 1, 2025, you should update your integrations to use the RSA-PSS scheme. The length of the RSA key must be 3072 bits, or 4096 bits. Alternatively, you can use EC key instead. The length of the EC key must be 256 bits, 384 bits, or 521 bits.
If you use any integrations provided by a third party, you must inform the third party to update the integrations to use the RSSA-PSS scheme, or the EC key.
Any integration still using the RSA PKCSv1.5 scheme will stop working after March 1, 2025.
For more information and examples, see OAuth 2.0 Client Credentials Setup, SuiteAnswers ID 101101.
If you require assistance or more information, please contact NetSuite Customer Support.
Change Impact
eXtendTech has an certificate update process to address NetSuite's end of support for the RSA PKCSv1.5 scheme in the OAuth 2.0 client credentials flow. Learn more about the update process: Updating OAuth 2.0 Client Credentials (M2M).