Skip to main content
Netsuite - Token-Based Authentication

Setting up Netsuite User Roles to get Access Tokens for linking.

Updated over 6 months ago

Step One: Finding your NetSuite Account ID

1.) Log into your NetSuite portal.

2.) Copy the subdomain of the URL at the top of your browser and enter it within the linking flow.

  • Your NetSuite Account ID is the combination of letters or numbers before "app.netsuite.com"

  • For example, if your URL is "https://7600508.app.netsuite.com/app/center/card.nl?sc=-29&whence=", the value to input within the linking flow is 7600508


Step Two: Enable Web Services

If you have not yet enabled REST and SOAP Web Services:

1.) In your Netsuite account, go to Setup > Company > Enable Features.

  • You must be an Administrator of your Netsuite account to see this option.

2.) Under SuiteCloud, check the boxes next to SOAP WEB SERVICES and REST WEB SERVICES.


Step Three: Setup a Role with All Transactions and Setup Permissions

**If you know that you already have a user role with access to all transactions (all setup permissions below must be selected with a full access), you can skip these steps. To check, go to Setup, Users/Roles, Manage Roles, and search through your user roles.

1.) In your Netsuite account, go to Setup > Users/Roles > Manage Roles, and click the New option.

  • You must be an Administrator of your Netsuite account to see this option.

2.) If you have a Multi Subsidiary NetSuite application, ensure the Role has access to All Subsidiaries and has the Allow Cross-Subsidiary Record Viewing box checked.

3.) Add each of the below permissions to the Role:

  • In Transactions, add each of the below permissions:

TRANSACTIONS PERMISSION

LEVEL

Audit Trail

View

Bill Purchase Orders

Full

Bills

Full

Cash Sale

Full

Cash Sale Refund

Full

Check**

Full

Credit Card

Full

Credit Card Refund

Full

Credit Memo

Full

Credit Returns

Full

Currency Revaluation

View

Customer Deposit

Full

Customer Payment

Full

Customer Refund

Full

Deposit

Full

Deposit Application

Full

Enter Opening Balances

Full

Enter Vendor Credits

Full

Estimate

Full

Expense Report

Full

Finance Charge

Full

Find Transaction

Full

Invoice

Full

Invoice Approval

Full

Invoice Sales Orders

Full

Item Fulfillment

Full

Item Receipt

Full

Make Journal Entry

Full

Pay Bills

Full

Pay Sales Tax

Full

Post Vendor Bill Variances

Full

Posting Period on Transactions

Full

Purchase Order

Full

Receive Order

Full

Receive Returns

Full

Reconcile

Edit

Refund Returns

Full

Return Auth. Approval

Full

Return Authorization

Full

Sales Order

Full

Sales Order Approval

Full

Statement Charge

Full

System Journal

Full

Transfer Funds

Full

Vendor Bill Approval

Full

Vendor Payment Approval

Full

Vendor Return Auth. Approval

Full

Vendor Return Authorization

Full

Vendor Returns

Full

View Payment Events

Full

  • In Setup, add each of the below permissions:

SETUP PERMISSIONS

LEVEL

Accounting Lists

Full

Custom Record Types

View

Custom Segments

Full

Deleted Records

Full

Log in using Access Tokens

Full

Manage Accounting Periods

View

Other Lists

Full

REST Web Services

Full

SOAP Web Services

Full

  • In Lists, add each of the below permissions:

LISTS PERMISSIONS

LEVEL

Accounts

Full

Address List in Search

Full

Classes

Full

Companies

Full

Contacts

Full

Currency

Full

Custom Record Entries

Full

Customers

Full

Departments

Full

Items

Full

Locations

Full

Perform Search

Full

Subsidiaries

Full

Tax Records

Full

Vendors

Full

  • In Reports, add each of the below permissions:

REPORTS PERMISSIONS

LEVEL

SuiteAnalytics Workbook

Edit

** Considerations:

  • "Check" may be renamed to "Cheque" depending on your NetSuite environment.

  • If you have renamed any records through Setup > Company > Rename Records/Transactions (i.e. renamed "Class" to "Business Unit") the permission names may be different.

  • If you have custom transactions or record types that you want to sync, you may need to add each record under the "Custom Record" section.

4.) Save the Role.


Step Four: Assign User to Token-based Authentication Role

1.) Navigate to Setup > Users/Roles > Manage Users.

2.) In Manage Users, either select a user to assign the Role to or create a new user.

  • To create a new user, go to Lists > Employees > Employees > New. Create the user and grant them NetSuite access by going to the Access tab in the Employee record and select 'Give Access'.

3.) In the user's employee record, click Edit and go to the Access tab. In your Access tab, go to Roles and select the Role you just created with all the correct transactions and setup permissions.

4.) Click Save to apply these changes.


Step Five: Create an integration to obtain your Consumer Key and Secret

1.) Once the user and the role are set up, navigate to Setup > Integration > Manage Integrations > New.

2.) Create the integration. Select the boxes selected below.

  • NOTE:

    • Ideally, the CONCURRENCY LIMIT should be set to null. If a value must be specified, the minimum value set should be 3. If neither is an option, the highest possible concurrency limit should be used.

    • Ensure the REST WEB SERVICES box is checked under SCOPE

    • Fill in the TBA AUTHORIZATION FLOW and REDIRECT URI with a value of https://app.merge.dev/oauth/callback

3.) Once the integration is saved, you will receive a Consumer Key and Consumer Secret (at the bottom of the confirmation screen). This will only be shown once, so keep them in a secure place!


Step Six: Creating an Access Token to Obtain your Token ID and Secret.

1.) In your Setup tab, go to Users/Roles, Access Tokens, and create a New one.

2.) Create a New Access Token.

  • The Application Name should be the name of the Integration created in the prior step.

  • The User should be the User the Role was added to in the prior steps.

  • The User Role should be the Role created/used in the prior steps.

3.) Copy these credentials and store them in a safe place. They will only be shown once!


Step Seven: Paste your Netsuite Consumer Key and Secret, and Token ID and Secret in the linking flow.

  1. CONSUMER_KEY: Confirmation screen after creating the integration (Step Five)

  2. CONSUMER_SECRET: Confirmation screen after creating the integration (Step Five)

  3. TOKEN_ID: From confirmation screen after creating your Access Token (Step Six)

  4. TOKEN_SECRET: From confirmation screen after creating your Access Token (Step Six)

Did this answer your question?