Prior to establishing a NetSuite BizApp Connection in OneCloud, use the instructions below to create an integration user in NetSuite.

NetSuite connects via token-based authentication. In order to set up the Connection, you will need to generate an application ID, consumer key, a customer secret, a token ID. and a token secret.

In this section, we will go through how to get these.

  • Enable Web Services and Token-based Authentication in your NetSuite instance

  • Create an integration record

  • Create an integration role with required permission levels for your integration

  • Assign the integration role to the integration user

  • Create an access token for this integration user

Step 1: Enable Web Services Access in the NetSuite Instance

  • API Access and Token-based Authentication needs to be enabled in NetSuite.

  • Go to Setup ➡️ Company ➡️ Enable Features ➡️ SuiteCloud.

  • Go to the SuiteCloud tab and check the Client SuiteScript and Server SuitScript checkboxes.

  • Scroll down and under the SuiteTalk Web Services section

  • Check the SOAP Web Services checkbox.

  • Under the Manage Authentication section, check the Token-based Authentication checkbox.

For more information, refer to the NetSuite documentation on enabling the token-based authentication feature.

Step 2: Create an Integration Record

Create a NetSuite Integration Record to represent an external application connecting to NetSuite.

  • To create an integration record, go to: Setup ➡️ Integration ➡️ Manage Integrations ➡️ New.

  • Perform the following steps on the Integration page:

    • Name the Integration

    • Select Enabled from the State drop-down list

    • Check the Token-based Authentication checkbox

    • Uncheck TBA: Authorization Flow

  • Save the Integration.

  • After creating the Integration Record, save the consumer key and consumer secret that are displayed at the bottom of the page. You will need this information to connect OneCloud with NetSuite.

For more information, refer to the NetSuite documentation on how to create an Integration Record.

Step 3: Create an Integration Role

🌟 Create a separate integration role just to manage integrations. This integration role needs to have permissions to read and write to the records relevant for said integrations. This integration role also needs the ability to login through RESTlets or SuiteTalk (web services).

The minimum set of permissions needed for this user are:

  • Permissions to read/write to records required for integration

  • Web Services (Full level)

  • Log in using Access Tokens (Full level) or User Access Tokens (Full level) for more privileges to create and revoke own tokens

  • Set Up Company (Full level)

Assign Integration Specific Read/Write Permissions

Create a new role or make a copy of an existing role. Then assign or adjust the permissions required. To create new role for the integration role via Setup ➡️ Users/Roles ➡️ Manage Roles ➡️ New

Under the other tabs in Permissions, set up the permissions and permission levels you wish this role to have. In this example, we are creating an administrator roll with full permissions. Select all Transaction, Reports, List, etc, that the administrator needs to access.

For more information, refer to the NetSuite documentation on how to customize roles and permissions.

Assign Web Services Permissions to Integration Role

Check the Web Services Only Role checkbox if you don't want this role to have the ability to login to NetSuite (i.e. if you want this user to only have the ability to connect to NetSuite via the API).

Under Permissions ➡️ Setup, add the SOAP Web Services permissions with a Full level.

Assign Token-based Authentication Permissions to Integration Role

There are three types of token-based authentication permissions.

  • Access Token Management

  • User Access Tokens

  • Login using Access Tokens

At a minimum, we need the Login using Access Tokens permission to be able the user to authenticate via token-based authentication. If the integration user needs to be able to create and revoke access tokens for their own use, then assign User Access Tokens permissions. For better security maintenance integration users should not have the Access Token Management permissions.

  • To set up their permissions, go to Permissions ➡️ Setup, add the Login using Access Tokens permission with a Full level.

Assign Set Up Company Permissions to Integration Role

Lastly, add the Set Up Company (Full level) permissions to the integration role.

Step 4: Set Up and Integration User

With the newly created integration role, assign this role to the integration user.

  • To assign this role, go to Setup ➡️ Users/Roles ➡️ Manage Users to edit an existing user or create a new user.

📓 It's recommended to create a separate user for the integrations.

Step 5: Create an Access Token

Finally, create an access token for the integration user. Note that the integration user needs User Access Tokens permissions, to create and revoke their own tokens.

  • To create an Access Token, go to Setup ➡️ Users/Roles ➡️ Access Tokens ➡️ New.

It is important to note the Token ID and Token Secret as they are only displayed when initially created. If you did not retain this information, a new token will need to be created.

Step 6: Create a NetSuite Connection in OneCloud

Now, login to OneCloud to set up your NetSuite BizApp Connection.

Did this answer your question?