Overview
By adding a NetSuite connection to your workspace, you can:
Automatically import and sync sales transactions to your workspace
We support any SuiteQL query as long as we can incrementally retrieve data (details) Newly created NetSuite records will be synched to your workspace
Modified NetSuite records will be updated in your workspace
Deletion of NetSuite records will not result in any deletion in your workspace
NetSuite records no longer matching your SQL query will not result in any deletion in your workspace
Unlike most other CRM or Accounting platforms, NetSuite requires more significant setup to enable OAuth authorization.
We will show you:
How to enable NetSuite features
How to enable sufficient permissions
How to create an integration record
How to enable Machine-to-Machine authentication
Step 1 - In Sales Cookie, Create a NetSuite Connection
To create a connection to NetSuite:
Navigate to Settings > Connections using the left navigation bar
Click on NetSuite
You should see this screen:
Keep this browser window open, as you will copy/paste values from NetSuite.
Step 2 - In NetSuite, Enable Features
For OAuth authentication and REST Web Services to work, NetSuite requires certain features to be enabled (reference).
To enable those features:
Login to NetSuite
Go to Setup > Company > Enable Feature
Click on the 'SuiteCloud' tab
Enable SuiteScript > Client SuiteScript & Server SuiteScript
Enable SuiteTalk > Rest Web Services
Enable Manage Authentication > OAuth 2.0
Go to Setup > Company > Enable Feature
Click on the 'Analytics tab' tab
Enable SuiteAnalytics Workbook > SuiteAnalytics Workbook
Step 3 - In NetSuite, Ensure Sufficient Permissions
For OAuth authentication and REST Web Services to work, NetSuite requires your account to have sufficient permissions (reference, reference).
To grant permissions:
Login to NetSuite
Go to Setup > Users/Roles > Manage Roles
Edit a role already applied to your account
Or create a new role and make sure it's applied to your account
In the 'Permissions' section
Select Permissions > Reports
Grant permission 'SuiteAnalytics Workbook (edit)'
Select Permissions > Setup
Grant permission 'Log in using OAuth 2.0 Access Tokens'
Grant permission 'User Access Token'
Grant permission 'OAuth 2.0 Authorized Applications Management'
Grant permission 'REST Web Services (full)'
Grant permissions 'Custom Fields (view)' and 'Custom Lists (view)', 'Custom Record Types (view)'
Make sure the role you edited is applied to your user account
Step 4 - In NetSuite, Create An Integration Record
For OAuth authentication and REST Web Services to work, NetSuite requires creating an integration record representing the connected application (reference).
To create an integration record:
Login to NetSuite
Go to Setup > Integration > Manage Integrations > New
Name your integration 'Sales Cookie'
Ensure the 'State' is 'Enabled'
Uncheck 'Token-Based Authentication'
Under OAuth 2.0
Check 'Authorization Code Grant'
Ensure there is no trailing space or slash
Under 'Scope', check 'REST Web Services'
Check 'Client Credentials (Machine to Machine) Grant'
This step is required if you do not want to re-authenticate every week
Further details are provided in Step 6 below
Save your integration record
Save the displayed Client ID and Secret (you will need them later)
Step 5 - In Sales Cookie, Enter Credentials
You are now ready to test your connection in Sales Cookie:
Return to Sales Cookie (Settings > Connections > NetSuite)
Enter your Client ID and Secret from step 4
Enter your Account ID
Make sure to use the same casing as in your URL
Click on Save
You should see an 'Authorize Access' button
Click on the button and follow the workflow to authorize access
Important - this access method limits access to 1 week, after which manual re-authentication is required. For longer-lasting connections, please use the following additional steps.
Step 6 - In NetSuite, Enable Machine-to-Machine (M2M) Authentication
Without this step, you will need to manually re-authorize access in Sales Cookie every week as NetSuite OAuth only grants refresh tokens for 1 week (this cannot be extended). NetSuite offers a way to connect for longer periods of time. This is something called either 'Machine-to-Machine (M2M) Authentication' or 'OAuth 2.0 Client Credentials' (reference, video).
First, generate an X509 certificate (reference):
This is a tool to generate X509 certificates
Run this command
openssl req -new -x509 -newkey rsa:4096 -keyout private.pem -sigopt rsa_padding_mode:pss -sha256 -sigopt rsa_pss_saltlen:64 -out public.pem -nodes days 729
Enter your organization name, email, etc.
A public.pem and private.pem files should be generated
Note: our support team can generate a certificate for you.
Login to NetSuite
Go to Setup > Integration > Manage Authentication > OAuth 2.0 Client Credentials (M2M) Setup
Click on 'Create New'
For the 'Entity', select yourself
The selected account must have sufficient permissions - see step 3
For the 'Application', select the 'Sales Cookie' integration record
This assumes you named the integration 'Sales Cookie' - see step 4
Select a role with sufficient permissions
The selected role must have sufficient permissions - see step 3
Upload public.pem generated previously
Click on 'Save'
Save the displayed Certificate ID (you will need it later)
Step 7 - In Sales Cookie, Enable Machine-to-Machine (M2M) Authentication
Without this step, you will need to manually re-authorize access in Sales Cookie every week as NetSuite OAuth only grants refresh tokens for 1 week (this cannot be extended). NetSuite offers a way to connect for longer periods of time. This is something called either 'Machine-to-Machine (M2M) Authentication' or 'OAuth 2.0 Client Credentials' (reference, video).
Enable M2M authentication:
Return to Sales Cookie (Settings > Connections > NetSuite)
Click inside the dotted box
Upload private.pem generated previously
Paste your Certificate ID from step 6
Click on Save
Click on Test to verify the connection
Allocating Sufficient Capacity
NetSuite has a quota for the number of REST Web Service calls integrations can make (reference). Ongoing synchronization cycles will be small because only new or modified data is queried (incremental sync).
However, the initial synchronization cycle is heavier, as all your historical data must be synchronized.
To increase quotas:
Login to NetSuite
Go to Setup > Integration > Integration Management > Integration Governance
Increase concurrency limits
Troubleshooting Access Problems
There is an audit trail in NetSuite (reference):
Login to NetSuite
Go to Setup > Users/Roles > User Management > View Login Audit Trail
Check the 'Use Advanced Search' box
Click the 'Results' sub-tab
Add the following fields: 'Detail' and 'Token-based Application Name'
Click on Submit
The Detail column displays error messages for any OAuth 2.0 logins with a status of 'Failure'.
Related Articles
How Does MFA Impact SalesForce Logins?
If you want to establish a SalesForce connection within Sales Cookie, but your chosen SalesForce user account requires MFA (multi-factor authentication - also known as 2-factor authentication), authentication will fail. There are two ways to solve ...
How Can I Embed Dashboards Into SalesForce
This article explains how you can embed incentive dashboards within SalesForce. Sales Cookie also supports SalesForce Connect. This allows you to natively retrieve Sales Cookie objects such as plans, calculations, users, etc. However, simple ...
How Can I Invite Users?
There are two ways you can invite users: Send them an email yourself (recommended) Run the add user wizard Send Them An Email Yourself (Recommended) Invitation emails do NOT require any special invitation link. They can be sent directly by you to ...
How Can I Claw Back Commissions?
Sometimes, you may incur cancellations, non-payment, etc. There are 3 primary ways you can claw back previously paid commissions. In this article, we describe some pros and cons of each approach. Add a Negative Transaction Setup a Claw Back Formula ...
How Can I Show Withheld Commissions To My Reps?
This article applies if you declare potential commissions early (ex: as deals close), but only want to pay commissions when you get paid (ex: as invoices get paid). For more general considerations about this setup, please read our blog article. This ...