MUBA Software
NetSuite integrations Table of contents: Articles

How to set up token-based authentication for NetSuite’s SuiteTalk REST API

There are several ways of setting up authentication to access NetSuite’s SuiteTalk REST API. The most common way is to use token-based authentication (TBA). Here’s what we need to do to set up TBA.

You need to log into NetSuite with an Administrator account.

You need to enable the REST API feature:

  • Go to Setup > Company > Enable Features.
  • Go to the SuiteCloud tab.
  • Go to the SuiteTalk (Web Services) section.
  • Enable REST Web Services.
  • You might want to use SOAP as well since the REST API is not functionally equivalent to the SOAP API. Some actions can still only be done with SOAP. In that case, enable SOAP Web Services as well.

You need to enable the Token-based Authentication feature:

  • Go to Setup > Company > Enable Features.
  • Go to the SuiteCloud tab.
  • Go to the Manage Authentication section.
  • Enable Token Based Authentication.

You need to set up a new role for the integration:

  • Go to Setup > Users/Roles > Manage Roles > New.
  • Type in a name for the new role: ‘Integration Role for XXXXXX’.
  • For Center Type choose Accounting center.
  • Go to the Authentication section.
  • Enable Web Services Only Role. This makes sure that the new role cannot access the NetSuite interface.
  • Not required.
  • Go to the Permissions tab and the Setup sub-tab and add these permissions:
    Setup – Log in using Access Tokens – Full
    Setup – REST Web Services – Full
    Setup – User Access Tokens – Full

  • You might want to use SOAP as well since the REST API is not functionally equivalent to the SOAP API. In that case, add this permission:
    Setup – SOAP Web Services – Full

  • Go to the Reports sub-tab and add this permission:
    Reports – SuiteAnalytics Workbook – Edit
    This allows you to run SuiteQL queries via the REST API.

  • Go through all the other sub-tabs and enable all the permissions that you think are needed for this integration.
  • For example, if you want the integration to have read-only access to the File Cabinet, you should choose this permission: Lists – Documents and Files and choose View.
  • It is best to limit the permissions to the bare minimum needed.
  • The access level determines what actions the integration can take. For our example permission of Lists – Documents and Files, this would mean:
    View: You can only view files and folders.
    Create: You can upload files to the File Cabinet.
    Edit: You can update or replace existing files.
    Full: You can delete files or folders.

  • Click Save.

You need to assign the new integration role to a user:

  • Go to Lists> > Employees > Employees
  • Find your user account and add the new role to your account.
  • Go to the Roles sub-tab.
  • Select the ‘Integration Role for XXXXXXX’ role. Click Add.
  • Click Save.

We need to create an integration application record:

  • Go to Setup > Integration > Manage Integrations.
  • Click New.
  • Type in a name for the integration: ‘Integration for XXXXXXX’.
  • Type in a description: ‘Integration that does XXXXXX’.
  • For State, choose Enabled.
  • Go to the Authentication tab.
  • Go to the Token-based Authentication section.
  • Enable Token-based Authentication
  • Everything else in the Authentication tab should not be enabled. TBA: Authorization Flow should not be enabled. Authorization Code Grant should not be enabled.
  • Click Save.
  • At the bottom of the screen, the confirmation page will display the Client Credentials, meaning the Consumer Key and Consumer Secret for this new integration application. This is only shown once so you need to copy and paste it and store it somewhere.

You need to create a token ID and token secret:

  • Go to Setup > Users/Roles > Access Tokens.
  • Click New Access Token.
  • The Access token page will display.
  • Select the Application Name: ‘Integration for XXXXXXXX’.
  • Select the User. This will be your user account.
  • Select the Role. This should be the new role that you created: ‘Integration Role for XXXXXXX’.
  • The Token Name will be populated by default with a concatenation of the Application Name, User, and Role.
  • Click Save.
  • At the bottom of the screen, the confirmation page will display the Token ID and Token Secret. This is only shown once so you need to copy and paste it and store it somewhere.

That’s it! The setup for token-based authentication is now done. You will use the consumer key, consumer secret, token ID and token secret in your code when connecting to the REST API.

Here are some articles to help with the next step, writing code to connect to the REST API:

How to connect to NetSuite’s SuiteTalk REST API using Python
How to connect to NetSuite’s SuiteTalk REST API using node.js