NetSuite

1 Connecting to NetSuite

1.1 SuiteTalk vs SuiteQL

SuiteTalk is the older SOAP based service we use to communicate with NetSuite. It has broad support for a lot of entities and full support for insert/update/delete. However, the tools offered for selecting data are fairly weak, which yields very poor performance during a SELECT. There is not a great way to join tables. Grouping and aggregating data is unavailable with this API, which means to support them they must be done entirely client side.

SuiteQL is the newer API. It offers a SQL like method of communicating with the service, which allows for more rich join support, as well as group by and aggregations. It also fully supports retrieving only the columns you want to select. This makes it much more performant for selecting data vs SuiteTalk. However, it only supports selecting data.

You may specify which API to connect to by setting Schema. It is recommended to use SuiteQL if you are just retrieving data, and SuiteTalk if you need to both retrieve and modify. Please be aware that each API has different available connection options as described below.

1.2 NetSuite Web Services Permissions

The provider communicates with NetSuite through the NetSuite Web services. This means that any connecting user must have permissions on the specified AccountId to connect through NetSuite Web services.

Permissions may be configured for a role in NetSuite under Setup --> Users/Roles --> Manage Roles. This page contains two lists of permissions, first the most commonly required, and then other permissions for fuller support. Please be aware that it is not possible for us to provide an exhaustive list of permissions as NetSuite adds support for new entities and permissions with each version.

1.2.1 Most Commonly Required Permissions

Note: Most of the following permissions fall under the Permissions --> Setup section for a role.

1.2.2 Other Permissions

Create or edit a role for Web services permissions

  • Log into NetSuite and under Setup go to User/Roles -> Manage Roles -> New. Alternatively, edit an existing role.

  • Click Permissions -> Setup and add the "SOAP Web Services" and "REST Web Services" permissions.

  • Add other permissions that are needed for interacting with various entities and transactions.

  • Under Setup, go to User/Roles -> Manage Users and select the user.

  • On the Access tab, add the newly created role and save the user.

2 Authenticating to NetSuite

2.1 Basic Authentication

Note: This section is only applicable to SuiteTalk. SuiteQL requires OAuth or Token Authentication.

As of 2020.2, NetSuite will no longer support user / password connections. While the connector will continue to support User/Password connections for Version set to values lower than 2020.2, it is recommended that all customers migrate to OAuth and Token Based Authentication mechanisms described below. Set the AuthScheme to Basic to support user / password credentials, but also be aware that due its removal in newer versions, you must also manually specify a lower Version to use it.

2.2 Token Based Authentication

Token Based Authentication or TBA may be used with either SuiteTalk or the SuiteQL Schema. Set the AuthScheme to Token to support TBA. Token Based Authentication is performed by creating the OAuthClientId, OAuthClientSecret, OAuthAccessToken and OAuthAccessTokenSecret directly within the NetSuite UI by an administrator with permissions to do so.

An older model that may still be used by admins is to simply create and assign a token directly in the NetSuite UI. Doing this will allow you to bypass the normal steps for generating an OAuth Access Token. This may be desireable if you would like to have more direct control over giving access, although it will always require manual steps to be taken in the UI each time. Instead, follow these steps to create a token in the UI:

  • In NetSuite, log in as an administrator role and navigate to Setup --> Company --> Enable Features --> SuiteCloud --> Manage Authentication. Make sure Token-Based Authentication and TBA: Authorization Flow are checked and save changes.

  • Navigate to Setup --> Integration --> Manage Integrations.

  • Create a new integration and select Token-Based Authentication.

  • When the integration is created, the Consumer Key and Consumer Secret displayed will map directly to the OAuthClientId and OAuthClientSecret connection properties. Write these down.

  • Create a token role by navigating to Setup --> User/Roles --> Manage Roles and either create a new role or edit an existing role.

  • Under Permissions --> Setup, the role must have the User Access Token: Full, Access Token Management: Full, and Web Services: Full permissions.

  • Add the role to a user under Lists --> Employees --> Employees. Select to edit an employee and add the new token role under Access --> Roles.

  • Navigate to Setup --> User/Roles --> Access Tokens and create a new access token. Select the application name as the integration that was created earlier, and the same user and role that were updated in the previous steps.

  • After creating the access token, a Token Id and Token Secret will be displayed. These map directly to the OAuthAccessToken and OAuthAccessTokenSecret. Write these down.

After creating the access token, a connection can now be made using the values obtained from the previous steps. Specify these connection properties at a minimum to connect:

  • AccountId specifying the account to connect to.

  • OAuthClientId the Consumer Key displayed when the application was created.

  • OAuthClientSecret the Consumer Secret displayed when the application was created.

  • OAuthAccessToken the Token Id when the access token was created.

  • OAuthAccessTokenSecret the Token Secret when the access token was created.

2.3 OAuth Authentication

To support OAuth, set the AuthScheme to OAuth. NetSuite offers two forms of OAuth authentication: 1.0, and 2.0. Token Based Authentication is actually just OAuth 1.0 with the OAuthAccessToken and OAuthAccessTokenSecret created within the NetSuite UI instead of at runtime. OAuth 1.0 is available for both SuiteTalk and SuiteQL. OAuth 2.0 is only available to SuiteQL. For this reason, OAuthVersion defaults to empty, meaning that if you set Schema to SuiteTalk, OAuth 1.0 will be used, and if you set Schema to SuiteQL, OAuth 2.0 will be used. This can be overridden by explicitly setting the OAuthVersion connection property, which may be desireable if switching between SuiteTalk and SuiteQL, or for users upgrading from a previous version where only OAuth 1.0 was supported for SuiteQL.

Be aware that even though you may change the OAuthVersion, OAuth 2.0 is not available on SuiteTalk even if you set it with Schema set to SuiteTalk since the API does not support it.

Register your NetSuite app on Setup --> Integrations --> Manage Integrations. Select the checkbox for each of Token-Based Authentication and TBA: Authorization Flow for OAuthVersion 1.0 support. Check the checkboxes for Authorization Code Grant, Restlets, and Rest Web Services for OAuthVersion 2.0 and set an appropriate Redirect URI. Then, obtain the following connection properties:

  • OAuthClientId: Set this to the Consumer Key assigned when you registered your app.

  • OAuthClientSecret: Set this to the Consumer Secret assigned when you registered your app.

  • CallbackURL: Set this to the Redirect URI defined when you registered your app such as http://localhost:33333. Note that this must be an exact match including any trailing '/' characters.

Set Callback URL to http://localhost:portnumber and set CallbackURL to match. You can specify any port available.

3 Concurrent Requests

NetSuite allows only a certain amount of concurrent requests per account, which is configurable per integration connection (generally defaulting to 5). If the maximum, concurrent requests are currently in use when another one is attempted to be used, an error stating "Only one request may be made against a session at a time" may be thrown on the next connection. The provider will attempt to account for this and stagger additional requests so as not to exceed the concurrent request limit. But it is not always possible to do this correctly if the account is being connected to from multiple machines or applications.

4 Asynchronous Services

Slow NetSuite response times extend to inserts, updates, and deletes as well. This can be especially noticeable when using batch processing. When inserting, updating, or deleting multiple records at a time, it may be worthwhile to set UseAsyncServices to true.

5 PROPERTIES

The following are the connection properties for NetSuite_SuiteQL. Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.

Last updated