Authentication in NetSuite

August 23, 2019

NetSuite provides a number of authentication types supported. For signing in to a NetSuite account in browser, it supports User Credentials authentication, Two-Factor Authentication, Google OpenID Single Sign-on, SAML 2.0, etc.

For API access it supports User Credentials (Basic) authentication and Token-based authentication. The latter is now a recommended way to integrate applications with NetSuite.

Basic Authentication in Skyvia

First, Skyvia supported only Basic authentication for NetSuite. This authentication requires the following connection parameters:

  • Account Id - NetSuite account id.
  • User - a NetSuite account email.
  • Password - a NetSuite account password.
  • Application Id - a the NetSuite CRM application ID created by using the integration record.
Connecting to NetSuite using Basic authentication

We will describe how to get these parameters below.

Token-based Authentication in Skyvia

In NetSuite 2018.2, NetSuite started enforcing two-factor authentication for highly privileged roles. For roles with two-factor authentication, basic API authentication is not supported. Users with such roles must use Two-Factor authentication.

In order to help users with such roles in NetSuite to integrate their data via Skyvia, we have supported Two-Factor authentication connections in Skyvia. You can select the authentication kind to use — Basic or Token-Based - via the Authentication parameter.

Connecting to NetSuite using Token-Based authentication

Token-Based authentication requires another set of parameters:

  • Account Id - NetSuite account id is required as well as for Basic authentication.
  • Consumer Key - a NetSuite consumer key from an integration record.
  • Consumer Secret - a NetSuite consumer secret from an integration record.
  • Token Secret - a authentication token secret, generated by a NetSuite user.

Configuring NetSuite for Token-Based Authentication

To connect to NetSuite using Token-Based authentication, first we need to make sure that this authentication is enabled in NetSuite.

  1. In your NetSuite account, point to Setup, then to Company, then click Enable Features.

    Enabling features in NetSuite
  2. Then click Suite Cloud.

    SuiteCloud settings
  3. Finally, in the Manage Authentication group, make sure that the Token-based Authentication check box is selected.

    Enabling Token-Based authentication in NetSuite

Besides, enabling token-based authentication in NetSuite, you will need the NetSuite user to have a role with privileges that are required for token-based authentication. These are at least the "Web Services" and "User Access Tokens" privileges.

Obtaining Parameters for Token-Based Authentication

Obtaining Account ID

Your Account Id can be obtained in NetSuite Web Services Preferences. To open them, sign in to your NetSuite account. Then point to Setup, then to Integrations, and then click Web Services Preferences.

Opening NetSuite Web Services Preferences

Under Primary Information, you will see your Account ID.

NetSuite Web Services Preferences

Obtaining Consumer Key and Consumer Secret

The user can get Consumer Key and Consumer Secret when creating an integration record in NetSuite. Token-Based authentication must be enabled for this integration record. They are displayed only once, when the integration record is created, so it's better to copy them to some text file and save for future use.

  1. Point to Setup, then to Integrations, then Manage Integrations, and then click New.

    Creating Integration Record in NetSuite
  2. On the opened page enter the Name for the application, for example, Skyvia.

    NetSuite Integration record parameters
  3. Make sure the Token Based Authentication check box is selected.

  4. Click Save.

  5. From the confirmation screen, copy the generated Consumer Key and Consumer Secret. Note that Consumer Key and Consumer Secret are displayed only once on this page. If you need them again, you will have to re-generate them, which make the old ones to stop working. You may reuse these values if you need multiple Skyvia connections to this NetSuite account.

Creating Access Token

After we have an integration record with Token-Based authentication enabled, we can generate an Access Token for a connection in Skyvia.

  1. In your NetSuite account, point to Setup, then to Users/Roles, then Access Tokens, and then click New.

    Creating Access Token in NetSuite
  2. Select the Integration record, User, and Role created on the previous steps.

    Access Token parameters
  3. From the confirmation screen, copy the generated Token ID and Token Secret. Note that Token ID and Token Secret are displayed only once on this page. If you need them again, you will have to re-generate them, which make the old ones to stop working.

Obtaining Parameters for Basic Authentication

Currently Token-Based authentication is the recommended way to connect to NetSuite, and is the only way to connect via API for users with highly privileged roles. However, if you still need to use basic authentication to connect to NetSuite, you will need NetSuite Account ID and Application ID.

NetSuite Account ID is obtained in the same way as described above for Token-Based Authentication. As for Application ID, you need to create an integration record in NetSuite for it. Unlike when creating an integration record for Token-Based Authentication, the Token Based Authentication check box must be NOT selected for Basic authentication.

  1. Point to Setup, then to Integrations, then Manage Integrations, and then click New.

    Creating Integration Record in NetSuite
  2. On the opened page enter the Name for the application, for example, Skyvia.

    NetSuite Integration record parameters
  3. Make sure the Token Based Authentication check box is NOT selected.

  4. Click Save.

  5. From the confirmation screen, copy the generated Application ID.