Step 1: Enable Token-Based Authentication (TBA)
Before generating access tokens, ensure that Token-Based Authentication (TBA) is enabled in your NetSuite account.
- Navigate to Setup > Company > Enable Features.
- Click the SuiteCloud tab.
- Under the Manage Authentication section, check Token-Based Authentication.
- Click Save.
Step 2: Create an Integration Record
An integration record defines how an external application interacts with NetSuite.
- Go to Setup > Integration > Manage Integrations > New.
- Enter a name for the integration (e.g., “Custom API Integration”).
- Under Authentication, select Token-Based Authentication and uncheck User Credentials.
- Note the Consumer Key and Consumer Secret displayed after saving. These are required for authentication.
- Click Save.
Step 3: Assign Token-Based Authentication Permissions
Permissions must be assigned to the user generating the access tokens.
- Go to Setup > Users/Roles > Manage Roles.
- Select the role that will be used for integration.
- Under Permissions > Setup, add:
- User Access Tokens
- SOAP Web Services (if applicable)
- REST Web Services (if applicable)
- Log in using Access Tokens
- Click Save.
Step 4: Create an Access Token
Once the integration record and permissions are set, you can generate an access token.
- Navigate to Setup > Users/Roles > Access Tokens > New.
- Select the Application Name (your integration record).
- Choose the User and Role with the required permissions.
- Click Save.
- Note the Token ID and Token Secret displayed after saving. These are needed for authentication.
Step 5: Using the Access Tokens for Authentication
The generated Consumer Key, Consumer Secret, Token ID, and Token Secret are required to authenticate API requests to NetSuite.
When making API calls, use OAuth 1.0 with the following credentials:
- Consumer Key & Consumer Secret (from the integration record)
- Token ID & Token Secret (from the access token record)
These credentials allow secure and authenticated interactions between your application and NetSuite.