This article describes how to configure the NetSuite Connection to use Token Based Authentication including the NetSuite application setup steps.
Token based authentication (TBA) allows you to generate secure, revocable, non-expiring tokens for integration clients such as the NetSuite Connector to use when connecting to NetSuite. This is strongly recommended instead of traditional user name and password because the end user credentials are never exposed and the password does not expire. Because a token is only used by a single application, it provides visibility into which applications are connecting to NetSuite and control to revoke access.
Token based authentication is available for web services using SuiteTalk version 2015.2 and above.
TBA can be used for both SuiteTalk and RESTLet web service calls.
- Enable TBA in your NetSuite account.
- Create a new Role and assign to a User.
- Create a new Integration record.
- Create an Access Token for the Integration record, User, and Role.
- Configure the tokens in the NetSuite Connector connection.
The following is a summary of the NetSuite setup steps involved. For complete, detailed step-by-step instructions please visit the NetSuite Help Center article Getting Started with Token-based Authentication.
- Obtain your NetSuite Account ID. Go to Setup > Integration > Web Services Preferences.
- Enable TBA for your NetSuite account. Go to Setup > Company > Enable Features > Suite Cloud > Manage Authentication and enable Token-Based Authentication.
- Create a new custom Role for use by the TBA user. Go to Setup > Users/Roles > Manage Roles > New.
- IMPORTANT You must create a new role. You cannot use one of the standard roles.
- On the Permissions subtab, grant the appropriate access to Transactions, Lists, and Custom Records as required for the integration scenario. For custom fields and custom records, you will need to grant a number of permissions under the Setup tab. See this article for details.
- On the Setup sub-subtab, select "Web Services" and "User Access Tokens" at a minimum.
- If using NetSuite OneWorld edition, ensure the role has access to the appropriate subsidiaries.
- If calling RESTlets, ensure "Web Services Only Role" is UNchecked.
- Assign the Role to the desired user. Go to Lists > Employees > Employees > edit user > Access tab > Roles subtab.
- Create a new Integration record for Dell Boomi AtomSphere. Go to Setup > Integration > Mange Integrations > New. Select State=Enabled and enable Token-Based Authentication.
- On the confirmation screen, note the Application ID, Consumer Key and Consumer Secret. Copy these values temporarily to a text editor for future reference
- IMPORTANT The Consumer Key and Secret are ONLY DISPLAYED ONCE. If you forget these values you will need to regenerate them and reconfigure the NetSuite Connector within AtomSphere.
- Create a new Access Token. Go to Setup > Users/Roles > Access Tokens > New. Select the Integration record, User, and Role created or referenced in the previous steps.
- On the confirmation screen, note the Token ID and Token Secret. Copy these values temporarily to a text editor for future reference.
- IMPORTANT The Token ID and Secret are ONLY DISPLAYED ONCE. If you forget these values you will need to regenerate them and reconfigure the NetSuite Connector within AtomSphere.
AtomSphere Connection Setup
- Create or edit a NetSuite Connection component using endpoint 2015.2 or above.
- Leave User and Password blank.
- Configure Account Number, Consumer Key, Consumer Secret, Token Id, Token Secret, and Application Id with the values generated during the NetSuite setup.
- use the connection to browse and exchange data with NetSuite as normal.
- Because you must create a custom Role, be sure to grant permissions to all the record types required by your integration scenario. See also Some custom fields not available when using NetSuite token based authentication.
- The Integration record provides a pre-filtered view of the web services usage logs for only that application.
- The token values cannot be used to log into the NetSuite UI.
- TBA uses request-level authentication which has slightly slower performance than session-based, however it allows the NetSuite data center to load balance subsequent requests. The NetSuite Connector currently uses request-level authentication for user credential-based authentication.
- Web service calls made using TBA are governed by the same API limits as non-TBA calls with respect to concurrency and request rates. You still must obtain a SuiteCloud Plus license from NetSuite to make more than one call at a time for a given Integration record.