Call API authentication with OAuth

Nate_H · November 16, 2023, 6:48pm

Second question of the day, look at me go…

Anyway, I am trying to connect Glide with a Netsuite API. Netsuite’s token based authentication is based on OAuth 1.0; is there a (secure) way to generate a signed Authorization header so that I can successfully use Glide’s Call API action to work with Netsuite?

Rev · November 17, 2023, 3:46am

I posted some steps on how I’ve integrated OAuth into my builds, hopefully this helps for your use case.

Nate_H · November 17, 2023, 12:58pm

Thank you! I’m going to tinker with this today and see if I can get it working.

Nate_H · November 17, 2023, 1:45pm

My use case is a bit different - I don’t need (or want) the user to authenticate with Netsuite, I just need Glide to be able to create a signed OAuth 1.0 header so I can POST a JSON into Netsuite based on a record in Glide. Pathfix is a no-go since it looks like they only support pre-defined services anyway.

I think it would be difficult to create a signature externally and somehow pass that back into Glide securely.

Of course I can continue using Zapier for this use case, the idea was to make it more secure and be able to get a response back from the endpoint directly into Glide.

Rev · November 18, 2023, 11:10am

I’m not familiar with Netsuite’s API to help out more, sorry. You may be able to use a template column to create the header. You could then use parts of the output in a Call API column. It may take a bit of creative thinking to get it to work in Glide without an external tool like Make to assist.

Nate_H · November 21, 2023, 7:45pm

I got this working and wanted to document here for anyone who might stumble across this later. I was able to generate and correctly sign an OAuth 1.0 header using a combination of templates, encode text, and JavaScript.

Major caveat, this is not secure. I understand that Glide executes Javascript locally and my code contains the private consumer and token secrets. I am comfortable with this for my use case as this is internal only and I have taken mitigating steps within the endpoint application.

After gathering keys, URLs, etc., into a helper table I created all the components of the OAuth 1.0 header and base string using template columns.

Format Date column to get a Unix timestamp
Javascript code to create the random nonce value.
Encode text to encode all the strings, values and URLs to percent-encoding

The signing was the missing piece - found this code snippet in this thread after trying a bunch of other things that didn’t work for various reasons.

Getting a error when trying to add my rep in experimental code column

const CryptoJS = await import('https://cdn.skypack.dev/crypto-js');

const message = 'hello';
const secretKey = 'secret';

const hmac = CryptoJS.HmacSHA1(message, secretKey);

const hashHex = CryptoJS.enc.Hex.stringify(hmac);

return hashHex;

There was a LOT of trial and error to finally get this to work, but it’s up and running now! Thanks @Rev for taking the time and pointing me in a direction which ultimately led to this solution.

I would love to see support for OAuth 1.0 and 2.0 in the Call API action - I think there would be a ton of value there.

Topic		Replies	Views
Oauth Authentication (possibly with Pathfix? Feature Requests api	10	641	November 26, 2024
Using Oauth2 with Glide Ask for Help	7	91	December 15, 2024
LinkedIn Lead Gen Forms action - Zap Integration Alternatives Ask for Help	7	352	August 10, 2022
HTTP Request In make Ask for Help	32	534	November 6, 2024
Microsoft 'OAuth' Feature Requests	2	456	May 21, 2022

Call API authentication with OAuth

Related topics