Before you can set up your NetSuite BizApp Connection in OneCloud, use the instructions below to create an integration user in NetSuite.
NetSuite connects via token-based authentication. In order to set up the connection, you will need to generate an application ID, consumer key, a customer secret, a token ID. and a token secret.
In this section, we will go through how to get these.
- Enable Web Services and Token-based Authentication in your NetSuite instance
- Create an integration record
- Create an integration role with required permission levels for your integration
- Assign the integration role to the integration user
- Create an access token for this integration user
Step 1: Enable Web Services access in your NetSuite instance
First, API Access and Token-based Authentication needs to be enabled in NetSuite. Go to Setup > Company > Enable Features > SuiteCloud.
Next, go to the SuiteCloud tab and check the Client SuiteScript and Server SuitScript checkboxes.
Scroll down and under the SuiteTalk Web Services section, check the SOAP Web Services checkbox. Under the Manage Authentication section, check the Token-based Authentication checkbox.
For more information, refer to the NetSuite documentation on enabling the token-based authentication feature.
Step 2: Create an Integration Record
Create a NetSuite Integration Record to represent an external application connecting to NetSuite. To create an integration record, go to: Setup > Integration > Manage Integrations > New.
Next, perform the following steps on the Integration page:
- Name the Integration
- Select Enabled from the State drop-down list
- Check the Token-based Authentication checkbox
- Uncheck TBA: Authorization Flow
Don't forget to Save the Integration.
After creating the Integration Record, save the consumer key and consumer secret that are displayed at the bottom of the page. You will need this information to connect OneCloud with NetSuite.
For more information, refer to the NetSuite documentation on how to create an Integration Record.
Step 3: Create an Integration Role
We recommend that you create a separate integration role just to manage your integrations. This integration role needs to have permissions to read and write to the records relevant for your integrations. This integration role also needs the ability to login through RESTlets or SuiteTalk (web services).
The minimum set of permissions needed for this user are:
- Permissions to read/write to records required for integration
- Web Services (Full level)
- Log in using Access Tokens (Full level) or User Access Tokens (Full level) for more privileges to create and revoke own tokens
- Set Up Company (Full level)
1. Assign integration specific read/write permissions
Create a new role or make a copy of an existing role. Then assign or adjust the permissions required. To create new role, fo to your integration role via Setup > Users/Roles > Manage Roles > New
Under the other tabs in Permissions, set up the permissions and permission levels you wish this role to have. In this example, we are creating an administrator roll with full permissions. Select all Transaction, Reports, List, etc, that the administrator needs to access.
For more information, refer to the NetSuite documentation on how to customize roles and permissions.
2. Assign Web Services permissions to integration role
Check the Web Services Only Role checkbox if you don't want this role to have the ability to login to NetSuite (i.e. if you want this user to only have the ability to connect to NetSuite via the API).
Under Permissions > Setup, add the SOAP Web Services permissions with a Full level.
3. Assign token-based authentication permissions to integration role
There are 3 types of token-based authentication permissions.
- Access Token Management
- User Access Tokens
- Login using Access Tokens
At a minimum, we need the Login using Access Tokens permission to be able the user to authenticate via token-based authentication. If the integration user needs to be able to create and revoke access tokens for their own use, then assign User Access Tokens permissions. For better security maintenance integration users should not have the Access Token Management permissions. To set up their permissions, go to Permissions > Setup, add the Login using Access Tokens permission with a Full level.
4. Assign Set Up Company permissions to integration role
Lastly, add the Set Up Company (Full level) permissions to the integration role.
Step 4: Set Up and Integration User
Now that we have created an integration role, assign this role to our integration user. To assign this role, go to Setup > Users/Roles > Manage Users to edit an existing user or create a new user.
Note: it's recommended to create a separate user for your integrations.
Step 5: Create an Access Token
Finally, create an access token for the integration user. Note that the integration user needs User Access Tokens permissions, to create and revoke their own tokens. To create an Access Token, go to Setup > Users/Roles > Access Tokens > New.
It is important to note the Token ID and Token Secret as they are only displayed when initially created. If you did not retain this information, you will need to create a new token.
Step 6: Create a NetSuite Connection in OneCloud
Now, login to OneCloud to set up your NetSuite BizApp Connection.