Token Based Authentication:
Instead of using user/password credentials to connect to NetSuite, token authentication can instead be used. This is available as an alternative to user/password due to the expiration that can be set on passwords. Tokens do not expire unless manually reset or removed by an admin. In order to perform Token authentication, do not set the User and Password. Instead, follow these steps to obtain a token and set the following values:
- In NetSuite, log in as an administrator role and navigate to Setup --> Company --> Enable Features --> SuiteCloud --> Manage Authentication. Make sure Token-Based Authentication is checked and save changes.
- Navigate to Setup --> Integration --> Manage Integrations.
- If you're unable to locate Setup --> Integration --> Manage Integrations, try this direct link - https://system.netsuite.com/app/common/integration/integrapplist.nl?whence=
- Create a new integration and select Token-Based Authentication.
- When the integration is created, the Consumer Key and Consumer Secret displayed will map directly to the OAuthClientId and OAuthClientSecret connection properties. Write these down.
- Create a token role by navigating to Setup --> User/Roles --> Manage Roles and either create a new role or edit an existing role.
- Under Permissions --> Setup, the role must have the User Access Token: Full, Access Token Management: Full, and Web Servies: Full permissions.
- Add the role to a user under Lists --> Employees --> Employees. Select to edit an employee and add the new token role under Access --> Roles.
- Navigate to Setup --> User/Roles --> Access Tokens and create a new access token. Select the application name as the integration that was created earlier, and the same user and role that were updated in the previous steps.
- After creating the access token, a Token Id and Token Secret will be displayed. These map directly to the OAuthAccessToken and OAuthAccessTokenSecret. Write these down.
After creating the access token, a connection can now be made using the values obtained from the previous steps. Specify these connection properties at a minimum to connect:
- AccountId specifying the account to connect to, instructions here - https://support.integratehubspot.com/support/solutions/articles/26000033985-netsuite-application-id
- OAuthClientId is the Consumer Key displayed when the application was created.
- OAuthClientSecret is the Consumer Secret displayed when the application was created.
- OAuthAccessToken is the Token Id when the access token was created.
- OAuthAccessTokenSecret is the Token Secret when the access token was created.
NetSuite Web Services Permissions
The driver communicates with NetSuite through the NetSuite Web services. This means that the user specified in the connection must have permissions on the specified AccountId to connect through NetSuite Web services. If the user does not already have Web services permissions, an exception stating "You do not have permission to access Web services features" will be thrown when trying to connect. If this happens, an administrator will need to grant Web services permissions to the user by doing the following:
- Create a Web services role
- Log into NetSuite and under Setup go to User/Roles -> Manage Roles -> New.
- Click Permissions -> Setup and add the "Web Services" role.
- Add other permissions that are needed for interacting with various entities and transactions.
- Under Setup, go to User/Roles -> Manage Users and select the user.
- On the Access tab, add the newly created role and save the user.
- Set the user's role to be the WebService default role (optional - can be provided in the connection instead):
- Log into NetSuite and under Setup go to Integration -> Web Service Preferences.
- Select the user in the Name menu. In the Web Services Default Role menu, select the newly created role.
- Click add and save to save changes.