United States

Token based authentication in NetSuite

With the increasing need for security and eliminating the requirement for password rotation/management that can accompany web service integrations, NetSuite is able to support token-based authentication (TBA). This authentication mechanism enables client applications to use a token to access NetSuite through APIs – thus eliminating the need to store user credentials.

4 Steps to set up Token-Based Authentication in your NetSuite Account

  1. Enable TBA Feature
  2. Set up TBA Permission within appropriate Roles
  3. Assign Roles to Users
  4. Setup applications for token-based authentication

Enable TBA

Setup > Company > Enable Features

SuiteCloud subtab:

  • Client SuiteScript
  • Server SuiteScript (I Agree to TOS)
  • Token-based Authentication (I Agree to TOS)

Save Form.

Token-based Authentication Permissions

Add the following permissions to roles as appropriate:

  • Access Token Management
    - Create and revoke access tokens for other users with TBA-enabled role
    - Cannot create access tokens for their own use
    - Cannot use access tokens to log in through RESTlet or SuiteTalk
  • User Access Tokens
    - Can, through the Manage Access Tokens link in the Settings Portlet, or by calling the token endpoint, create and revoke access tokens for their own use.
    - Can use access tokens to log in through RESTlets or SuiteTalk
  • Log in using Access Tokens
    - Can use access tokens to log in through RESTlets or SuiteTalk
    - Cannot create their own access tokens through a link in the settings portlet, or by calling the token endpoint.

Assigning Users to Token-based Authentication Roles

Now that you have modified the roles with the appropriate token-based authentication permissions, you can assign users to those roles. (Employee Record > Access Subtab)

Creating Applications for Token-based Authentication

Applications must be created with the Integration record for use with token-based authentication before tokens can be created and assigned to users. Administrators or users assigned the Full level of the Setup Type Integration Application permission can create applications for use with token-based authentication.
To create an application using the Integration record:

  1. Go to Setup > Integration > Integration Management > Manage Integrations > New (Administrator)
  2. Enter a Name for your application.
  3. Enter a Description, if desired.
  4. The application State is Enabled by default. (The other option available for selection is Blocked.)
  5. Enter a Note, if desired.
  6. Check the Token-based Authentication box on the Authentication subtab.
  7. Click Save. A confirmation page displays the Consumer Key and Consumer Secret for this application.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.