How to Authenticate to NetSuite’s SuiteTalk REST Web Services API

Modern Treasury integrates with NetSuite to support our Continuous Accounting product. We do so using LedgerSync, an open source library that allows us to connect to any ledger like NetSuite, QuickBooks Online, etc.

Earlier this year, NetSuite released their new REST API called SuiteTalk REST Web Services. While still incomplete, this API provides a much friendlier interface for developers than its predecessors, the SOAP API and RESTlets. We chose to use the new REST API, because we believe it is the future for building integrations to NetSuite. The REST standard is widely adopted, used in some of the largest and most popular APIs. It also comes with many resources across many languages and frameworks.

There are two protocols for authenticating to the NetSuite REST API. We chose to use Token-Based Authentication. Below is a breakdown of how each works and why we picked it.

Options for Authentication

The REST API offers two types of authentication: Token-Based Authentication (TBA) and OAuth 2.0. Let’s explore the similarities and differences:

Token-Based Authentication (TBA)

Token-Based Authentication is an older method of authenticating to NetSuite. TBA is based on OAuth 1.0. To authenticate, you need to generate a request header that includes a signature created using tokens retrieved from the NetSuite dashboard and the OAuth 1.0 protocol. Retrieving the tokens from NetSuite requires the following records and actions to be taken:

Integration Record

To start, you need to create an Integration Record. The integration record represents an application that is to be connected to your account. At the end of creating the record, you will be given a Consumer Key and Consumer Secret, which you will need to give to the application you wish to connect.

Role

Roles are NetSuite’s version of permissions. Roles are assigned to users, and they give accounts high-fidelity control over who has access to what. Setting up the role can be one of the tricker pieces, as you need to ensure you select the necessary permissions for the integration to work. The permissions will vary by application, based on what objects they need access to and what they need to do with them.

Access Token

Finally, when you have created your Integration Record and Role, you can create an Access Token. The token essentially connects the integration record, the role, and a user. At the end of the process you will be given a Token ID and a Token Secret. These values will also need to be given to the application you wish to connect.

Realm

The realm is simply your Account ID, with some potential slight transformations if it includes a hyphen and/or letters.

OAuth 2.0

OAuth 2.0 is a popular authentication protocol, offering a more user-facing workflow that often does not require the copy and pasting of tokens. In many cases, it is set up once by a developer and then used without further configuration by users wishing to authenticate.

However, given how NetSuite works, using OAuth 2.0 still requires some input values and then users are redirected to NetSuite where they will complete the setup. The only distinction between OAuth 2.0 and TBA is that you do not need to create an Access Token in the dashboard.

You are still required to set up the Integration Record and Role. You will provide the consumer tokens from the integration and the realm to the application. Instead of providing an Access Token, you will be redirected to NetSuite, where you will login and select the role you wish to connect. You are more or less creating an Access Token on the fly, which will be sent to the application when you are redirected back.

A Comparison

Another way to view the differences is the table below:

Our Preference

Given that our customers would still need to create some records in NetSuite, we chose to use Token-Based Authentication for the REST NetSuite client in LedgerSync. Our analysis is that OAuth 2.0, while graphical and typically more user-friendly, does not eliminate the more complicated steps in TBA.

We chose to provide our customers with detailed guides on how to connect NetSuite to Modern Treasury. We also are always happy to help our customers set up the Continuous Accounting integration step by step.

Bonus

Our work did not end by only choosing the method of authentication. As major contributors to LedgerSync, we needed to build out the functionality in the open-source library. Unfortunately, due to a lack of documentation, we had to overcome a few time-consuming hurdles. You can read more about how to programmatically authenticate using Token-Based Authentication in our post on the LedgerSync blog.‍

Conclusion

We know some of our customers will need our help, regardless of the authentication method, so we chose a route where our team can be most efficient and helpful.

If you would like to learn more about Modern Treasury’s NetSuite integration, please contact us.