How Can I Setup A Connection To NetSuite Using Token-Based Authentication (TBA)?

How Can I Setup A Connection To NetSuite Using Token-Based Authentication (TBA)?

Overview
By adding a NetSuite connection to your workspace, you can:
  • Automatically import and sync sales transactions to your workspace
  • We support any SuiteQL query as long as we can incrementally retrieve data (details)
  • Newly created NetSuite records will be synched to your workspace
  • Modified NetSuite records will be updated in your workspace
  • Deletion of NetSuite records will not result in any deletion in your workspace
  • NetSuite records no longer matching your SQL query will not result in any deletion in your workspace
This article describes how to connect using Token-Based Authentication (TBA), which uses a pre-issued access token (Token ID and Token Secret) instead of an X509 certificate. TBA provides a long-lasting connection that does not require weekly re-authorization. If you prefer to use a certificate instead, please see How Can I Setup A Connection To NetSuite Using Certificates?

Unlike most other CRM or Accounting platforms, NetSuite requires more significant setup to enable authorization. 

We will show you:
  • How to enable NetSuite features
  • How to enable sufficient permissions
  • How to create an integration record
  • How to create an access token
  • How to enter your credentials in Sales Cookie

Step 1 - In Sales Cookie, Create a NetSuite Connection
To create a connection to NetSuite:
  • Login to your workspace
  • Navigate to Settings > Connections using the left navigation bar
  • Click on NetSuite
You should see this screen:

Keep this browser window open, as you will copy/paste values from NetSuite.

Step 2 - In NetSuite, Enable Features
For TBA and REST Web Services to work, NetSuite requires certain features to be enabled (reference).

To enable those features:
  • Login to NetSuite
  • Go to Setup > Company > Enable Features
  • Click on the 'SuiteCloud' tab
  • Enable SuiteScript > Client SuiteScript & Server SuiteScript
  • Enable SuiteTalk > Rest Web Services
  • Enable Manage Authentication > Token-Based Authentication
  • Click on the 'Analytics' tab
  • Enable SuiteAnalytics Workbook > SuiteAnalytics Workbook
  • Save

Step 3 - In NetSuite, Ensure Sufficient Permissions
For TBA and REST Web Services to work, NetSuite requires your account to have sufficient permissions (reference).

To grant permissions:
  • Login to NetSuite
  • Go to Setup > Users/Roles > Manage Roles
  • Edit a role already applied to your account
    • Or create a new role and make sure it's applied to your account
  • In the 'Permissions' section
    • Select Permissions > Reports
      • Grant permission 'SuiteAnalytics Workbook (edit)'
    • Select Permissions > Setup
      • Grant permission 'Access Token Management'
      • Grant permission 'User Access Tokens'
      • Grant permission 'REST Web Services (full)'
      • Grant permissions 'Custom Fields (view)', 'Custom Lists (view)', 'Custom Record Types (view)'
  • Make sure the role you edited is applied to your user account

Step 4 - In NetSuite, Create An Integration Record
For TBA to work, NetSuite requires creating an integration record representing the connected application (reference).
To create an integration record:
  • Login to NetSuite
  • Go to Setup > Integration > Manage Integrations > New
  • Name your integration 'Sales Cookie'
  • Ensure the 'State' is 'Enabled'
  • Uncheck 'TBA: Authorization Flow'
  • Check 'Token-Based Authentication'
  • Leave all OAuth 2.0 options unchecked
  • Save your integration record

Step 5 - In NetSuite, Create An Access Token
To create an access token (reference):
  • Login to NetSuite
  • Go to Setup > Users/Roles > Access Tokens > New
  • For 'Application Name', select the 'Sales Cookie' integration record
    • This assumes you named the integration 'Sales Cookie' - see Step 4
  • For 'User', select yourself
    • The selected account must have sufficient permissions - see Step 3
  • For 'Role', select a role with sufficient permissions
    • The selected role must have sufficient permissions - see Step 3
  • Click on 'Save'
  • Save the displayed Client ID and Secret (you will need them later)
    1. They are displayed at the end of the page after saving

Step 6 - In Sales Cookie, Enter Credentials
You are now ready to test your connection in Sales Cookie:
  • Return to Sales Cookie (Settings > Connections > NetSuite)
  • Enter your Account ID
  • Enter your Client ID and Client Secret from Step 4
  • Click on Show Advanced Options
  • Enter your Token ID and Token Secret from Step 5
  • Click on Save
  • Click on Test to verify the connection

Allocating Sufficient Capacity
NetSuite has a quota for the number of REST Web Service calls integrations can make (reference). Ongoing synchronization cycles will be small because only new or modified data is queried (incremental sync). However, the initial synchronization cycle is heavier, as all your historical data must be synchronized.

To increase quotas:
  • Login to NetSuite
  • Go to Setup > Integration > Integration Management > Integration Governance
  • Increase concurrency limits

Troubleshooting Access Problems
There is an audit trail in NetSuite (reference):
  • Login to NetSuite
  • Go to Setup > Users/Roles > User Management > View Login Audit Trail
  • Check the 'Use Advanced Search' box (customize the search)
  • Click the 'Results' sub-tab
  • Add the following fields: 'Detail' and 'Token-based Application Name'
  • Filter to 'Status' = 'Failure'
  • Click on Submit
The Detail column displays error messages for any TBA logins with a status of 'Failure'. For more information about defining Login Audit Trail searches, see Login Audit Trail Overview.


    • Related Articles

    • How Can I Setup A Connection To NetSuite Using Certificates?

      Overview By adding a NetSuite connection to your workspace, you can: Automatically import and sync sales transactions to your workspace We support any SuiteQL query as long as we can incrementally retrieve data (details) Newly created NetSuite ...

    • What Are The Benefits Of Using A Platform To Sign Up Or Login?

      When you log in or sign up for a Sales Cookie account, you have the option to login with Microsoft, Google, LinkedIn, etc. Or you can enter an email address and password. If you choose the email address and password option, you will receive an email ...

    • How Does MFA Impact SalesForce Logins?

      If you want to establish a SalesForce connection within Sales Cookie, but your chosen SalesForce user account requires MFA (multi-factor authentication - also known as 2-factor authentication), authentication will fail. There are two ways to solve ...

    • How Can I Enable SSO?

      You may want to restrict access to Sales Cookie and require Single-Sign-On (SSO). SSO Benefits SSO provides important benefits such as: Users disabled in your tenant cannot login to Sales Cookie Users do not need to configure a separate password to ...

    • How Can I Show Withheld Commissions To My Reps?

      This article applies if you declare potential commissions early (ex: as deals close), but only want to pay commissions when you get paid (ex: as invoices get paid). For more general considerations about this setup, please read our blog article. This ...