Overview
Token-Based Authentication (TBA) in Oracle NetSuite enables secure API communication without exposing user passwords. This method uses generated credentials to authenticate API requests and access specific resources within your NetSuite account.
To establish communication with Oracle NetSuite, you must generate and securely store the following credentials:
- Consumer Key
- Consumer Secret
- Token ID
- Token Secret
When to Use Token-Based Authentication
Token-Based Authentication is recommended when integrating NetSuite with external applications, middleware platforms, or APIs requiring secure and automated access.
- When integrating NetSuite with external systems
- When using REST or SOAP web services
- When implementing secure API authentication
- When avoiding password-based authentication
- When enabling automated system-to-system communication
How It Works
Token-Based Authentication relies on a combination of application-level credentials (Consumer Key and Consumer Secret) and user-level credentials (Token ID and Token Secret).
- Create an integration record to generate Consumer credentials
- Create a dedicated role with required permissions
- Assign the role to a user
- Generate an access token linked to the integration and user
- Use generated credentials to authenticate API requests
How to Configure
Step 1: Creating Consumer Key and Consumer Secret
Log in to your NetSuite account and navigate to:
- Setup > Integration > Manage Integrations > New
Complete the integration details and configure the following:
- Under Authentication, select Token-based Authentication
- Save the integration record
After saving, the system will display:
- Consumer Key (Client ID)
- Consumer Secret (Client Secret)
Copy and securely store these credentials. They will not be accessible once you exit the screen.
Step 2: Generating a New Role
Navigate to:
- Setup > Users/Roles > Manage Roles > New
Configure the role with the following settings:
- In Subsidiary Restrictions, select All for Accessible Subsidiaries
- Under Authentication, choose Web Services Only Role
Within the Permissions tab, grant Full permission to:
- Transactions
- Lists
- Setup
Ensure all required privileges are set to Full. Additional permissions may be added as required.
Click Save to complete role creation.
Step 3: Assign Role to a User
For tracking and auditing purposes, it is recommended to create a dedicated user.
Navigate to:
- Lists > Employees > New
Complete employee details and proceed as follows:
- Go to the Access tab and select Give Access
- Choose either email notification or manual password assignment
- In the Roles section, select the role created in Step 2 and click Add
Under Global Permissions, add Full-level permissions for:
- Access Token Management
- SOAP Web Services
- Login using Access Token
Step 4: Generating an Access Token
Navigate to:
- Setup > Users/Roles > Access Tokens > New
Configure the following:
- Select the Application name (integration record)
- Select the created User
- Select the Role created in Step 2
Click Save.
The system will display:
- Token ID
- Token Secret
Copy and securely store both values. They will not be visible again after leaving the screen.
Step 5: Retrieving Account ID
To retrieve your NetSuite Account ID, navigate to:
- Setup > Company > Company Information
Copy the Account ID, as it is required for API endpoint configuration.
Troubleshooting
- Authentication Failed: Verify Consumer and Token credentials.
- Permission Error: Ensure Full permissions are granted.
- Access Token Not Visible: Confirm integration and role configuration.
- Login Using Access Token Fails: Verify Global Permissions.
- Invalid Account ID: Recheck Company Information settings.
Frequently Asked Questions
What is Token-Based Authentication in NetSuite?
Token-Based Authentication is a secure authentication mechanism that allows external applications to access NetSuite APIs using generated credentials instead of passwords.
