Primary Account Setup
- Enable Token based Authentication in Account
Setup > Company > Enable Features > Suite Cloud > Manage Authentication and enable Token-Based Authentication
2. Create a Role for use of token-based user
Go to Setup > Users/Roles > Manage Roles > New
Standard roles cannot be used for this purpose. So better to create a new role
On the Permissions subtab, grant the appropriate access to Transactions, Lists, and Custom Records as required for the integration scenario.
On the Setup sub-subtab, select “Web Services” and “User Access Tokens” at a minimum
If the NetSuite account one world, consider the subsidiary of the users too
If calling RESTlets, ensure “Web Services Only Role” is Unchecked.
3. Assign the created role to an employee
Lists > Employees > Employees > edit user > Access tab > Roles subtab
- Create an Integration Record
Setup > Integration > Mange Integrations > New.
Select State=Enabled and enable Token-Based Authentication.
Save the Record. Copy the consumer key and secret. (this will be shown only once)
- Create a new Access Token.
Go to Setup > Users/Roles > Access Tokens > New.
Select the Integration record, User, and Role created
Save The Record. Copy the token ID and token Secret. (this will be shown only once)
Authentication for API Call
For Authorization OAuth is been used. For authorization following data is to be added in Authorization header.
Example Header:
OAuth oauth_signature=”g4jGfPc2xDJhinKBpk9zx%2Bgsca8%3D”,oauth_version=”1.0″,oauth_nonce=”e8tD3SaJdUXKvHlQgwM2mroRibGP5IFI”,oauth_signature_method=”HMAC-SHA1″,oauth_consumer_key=”0363584b0bc106ae17978a983c75dfc09b4b3c1a48175a8cbb823000b0a85374″,oauth_token=”249648a81f2d73fd97d730701457d0fd32f29b3ab98e28099f65b6ffb967aed3″,oauth_timestamp=”1555740728″,realm=”4539762_SB1″
Signature — oauth_signature
For creating a signature, we need to add all the details of the current API call and encrypt these with a secret key. Details including the request type, script id, deployment id, Auth type, base URL.
By Concatenating these strings with ‘& ‘will create a string which is to be encrypted and then encoded
1.HTTPS Method
Example: GET, POST, PUT
2.Base url
Example : https://4539762-sb1.restlets.api.netsuite.com/app/site/hosting/restlet.nl
3.Deployment
Internal Id of the deployment record. Example: 1
4.Consumer Key — oauth_consumer_key
Example: 0363584b0bc106ae17978a983c75dfc09b4b3c1a48175a8cbb823000b0a85374
5.Nonce — oauth_nonce
A unique, randomly generated alphanumeric string of 6-64 characters. (It easy to use time in unix format)
Example: 1556190023002
6.Signature Method — oauth_signature_method
A hash algorithm that can be used to create an RFC 2104-compliant signature. Supported choices are: HMAC-SHA1 HMAC-SHA256.
Example: oauth_signature_method=HMAC-SHA1
7.Time Stamp — oauth_timestamp
A current timestamp in Unix format
Example: 1556190023002
8.Token Id — oauth_token
Token id received from NetSuite record
Example: 249648a81f2d73fd97d730701457d0fd32f29b3ab98e28099f65b6ffb967aed3
9.Auth Version — oauth_version
Auth version currently we use is 1.0
Example: oauth_version=1.0
10.Script Id
Internal id of the scripted record
Example: script=257
URL encode this string, since these strings may contain characters that cause issue
Example of a string to be send for auth header
POST&https%3A%2F%2F4539762-sb1.restlets.api.netsuite.com%2Fapp%2Fsite%2Fhosting%2Frestlet.nl&deploy%3D1%26oauth_consumer_key%3D0363584b0bc106ae17978a983c75dfc09b4b3c1a48175a8cbb823000b0a85374%26oauth_nonce%3DbbBTY7SFBLVucIVEyY4hAyphlXYOuD8m%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1556087893%26oauth_token%3D249648a81f2d73fd97d730701457d0fd32f29b3ab98e28099f65b6ffb967aed3%26oauth_version%3D1.0%26script%3D257
After Creating the string to be created as signature then we need to encrypt this string with secret key combined.
Secret key used for encryption is CONSUMER SECRET +’&’ + TOKEN SECRET
Example: ‘ef83376d8dee89f95f87dc94c9095222894d8395988272c19a92647ccfc869df’ + ‘&’ + ‘7d1c933b9cb7c0349c642d6283169e6b1ca8ac63630d50951d4af172643120cc’
For encrypting in NetSuite cryptoJS library is used
Example: CryptoJS.HmacSHA1(completeData, CONSUMER_SECRET + ‘&’ + TOKEN_SECRET);
After encrypting the string encode the sting in base 64
Example for signature:
N5LSueotlCbyJqvRo+g4G+rT2ck=
Auth Version — oauth_version
Auth version currently we use is 1.0
Example: oauth_version=1.0
Nonce — oauth_nonce
A unique, randomly generated alphanumeric string of 6-64 characters. (It easy to use time in unix format)
Use the same which is used in signature
Example: 1556190023002
Signature method — oauth_signature_method
A hash algorithm that can be used to create an RFC 2104-compliant signature. Supported choices are: HMAC-SHA1 HMAC-SHA256.
Example: oauth_signature_method=HMAC-SHA1
Consumer Key — oauth_consumer_key
The consumer key for the integration record being used to track the calling application. This string was created when you checked the Token-based Authentication box on the integration record and saved it
Example: 0363584b0bc106ae17978a983c75dfc09b4b3c1a48175a8cbb823000b0a85374
Token Key — oauth_token
A token that represents a unique combination of a user and an integration record. This string can be generated in multiple ways.
Example: 249648a81f2d73fd97d730701457d0fd32f29b3ab98e28099f65b6ffb967aed3
Time Stamp — oauth_timestamp
A current timestamp in Unix format.
Example: 1556190023002
Account Id – realm
NetSuite Account Id
Go to Setup > Integration > Web Services Preferences.
Example for Auth Header Generated:
OAuth oauth_signature=”N5LSueotlCbyJqvRo+g4G+rT2ck=”,oauth_version=”1.0″,oauth_nonce=”1556191546″,oauth_signature_method=”HMAC-SHA1″,oauth_consumer_key=”0363584b0bc106ae17978a983c75dfc09b4b3c1a48175a8cbb823000b0a85374″,oauth_token=”249648a81f2d73fd97d730701457d0fd32f29b3ab98e28099f65b6ffb967aed3″,oauth_timestamp=”1556191546″,realm=”4539762_SB1″
A Token has 60 seconds time as an expiration time. Once created this can be used until it is expired.