With the NetSuite® Token Authentication connector, you can use commands in chain to interact with NetSuite. For example, with this connector, you can:
- Download files from NetSuite
- List saved searches in NetSuite
- Retrieve data about a standard NetSuite record or saved search
Note: To interact with a NetSuite RESTlet using OAuth 2.0 authentication, use an HTTP Request connector instead.
To enable the connection, the connector uses the NetSuite REST API. To set up the connector, you'll need:
- NetSuite, with token-based authentication (TBA) enabled
- The ID of the NetSuite account to connect to
Note: To view your account ID in NetSuite, select Setup, Integrations, Web Services Preferences. The ID also typically appears in the first string of the URL, just before
- An integration record and access token created in NetSuite for the connector
- The integration record's consumer key and secret
Note: If you don't have the consumer secret or key, edit the integration record and reset its credentials.
- The access token's ID and secret
Note: If you don't have the access token's ID or password, create a new token.
Enable the integration in NetSuite
To enable the connector to interact with NetSuite, it requires token-based authentication (TBA) and its own integration record.
Step 1. Enable SOAP web services and token-based authentication
To enable SOAP web services and TBA for NetSuite:
- In NetSuite, select Setup, Company, Enable features.
- On the SuiteCloud tab, under SuiteScript, select Client SuiteScript and Server SuiteScript.
- Under SuiteTalk (Web Services), select SOAP web services.
- Under Manage authentication, select Token-based authentication.
- Click Save.
Step 2. Create an integration record
After you enable TBA, create an integration record for the connector:
- In NetSuite, select Setup, Integrations, Manage integrations, New.
- To help identify the integration, enter a unique name and description, such as Workiva Integration.
- Under Authentication, select Token-based authentication, and clear TBA: Authorization flow.
- Click Save, and record the consumer key and secret from the confirmation page.
Note: The consumer key and secret appear only on the integration record's confirmation page. Be sure to record these values for the connector's properties, and treat them like a password.
Step 3. Create an integration role
For security purposes, create a dedicated role in NetSuite to manage your integrations:
- Select Setup, Users/Roles, Manage roles, New.
- Under General, enter a unique name to help identify the role, such as Workiva/NetSuite Integration.
- Under Authentication, select Web services only role to enable the role to connect to only the NetSuite API, and not log in to NetSuite directly.
- Under Permissions, add the permissions to enable the integration, such as Full-level permissions to all relevant Transactions, Reports, and Lists in NetSuite.
- On the Setup tab under Permissions, add Full-level permissions for:
- SOAP web services
- Set up company
- Token-based authentication:
- To enable the role to only authenticate via access tokens, Login using access tokens
- To enable the role to create and revoke its own access tokens, User access tokens
- Click Save.
Step 4. Assign the role to the integration user
After you create integration role, assign it to the connector's integration user:
- In NetSuite, select Setup, Users/Roles, Manage users.
- Select or create the integration user for the connector.
Note: We recommend a separate user for each connector or integration.
- Under Roles, assign the integration role to the user.
Step 5. Create the integration user's access token
To create an access token for the integration user:
- In NetSuite, select Setup, Users/Roles, Access tokens, New.
- Click New access token.
- In Application name, select the integration record.
- In User, select the integration user.
- In Role, select the integration role.
- Click Save.
- Note the ID and secret created for the token; you'll need them for the connector's properties.
Note: For security purposes, the ID and secret appear only when the access token is created. Treat them as you would a password. If you don't have the token's ID or secret for the connector's properties, create a new token for the integration user.
Set up the NetSuite Token Authentication connector
Note: To make the connector available for use in your organization's chains, an org security administrator first enables it from Configuration.
- From Chain Builder, click Connections , and then Create at the top right.
- Under BizApp Connection, select NetSuite Token Authentication and the default CloudRunner.
- Enter a unique name and description to help identify the connection.
- Under Properties, enter the connection's details:
Property Details Account ID Enter the ID of the NetSuite account to connect to. Consumer key Enter the consumer key for the connector's integration record. Consumer secret Enter the secret for the Consumer Key property. Token ID Enter the ID of the connector's access token. Token secret Enter the secret for the Token ID property. Sandbox To connect to a sandbox NetSuite account, check this box.
Note: All sensitive credentials are automatically encrypted and stored at Advanced Encryption Standard (AES)-256 encryption.
- Select the environments to use the connection, and click Save.
- To test the connection, create and run a chain with the connector's List Saved Searches command, and verify it returns a valid output.
Please note that the NetSuite API cannot return custom fields. As an alternative, Data Prep can create transformations that mimic the logic of a Netsuite custom field.
If the connection to NetSuite fails:
- Check the account ID entered for the connector. To view the account ID in NetSuite, select Setup, Integrations, Web Services Preferences. The ID also typically appears just before
app.netsuite.comin the URL.
- Verify the consumer key and secret of the connector's integration record. If necessary, edit the integration record and reset its credentials to create a new consumer key and secret.
- Verify the ID and secret of the connector's access token. If necessary, create a new token for the connector.