Important Nexla Help Center Update:
Nexla's Zendesk Help Center pages are being deprecated and will soon no longer be available.
Nexla Documentation is now the home for Nexla's User Guides, with improved formatting and categories that are easier to navigate, providing a better overall user experience.
Please update any bookmarks to the new Nexla Documentation site (docs.nexla.com/user-guides).
_______________________________________________
This article describes how to connect to Oracle NetSuite and set up token-based authentication for Oracle NetSuite via REST API. Setting up NetSuite token-based authentication (TBA) for use with Nexla requires a Consumer Key, Consumer Secret, Access Token, and Access Token Secret, and this guide also covers how to obtain these parameters from your NetSuite account.
For the version of this article pertaining to the previous Nexla UI, click here.
Important: It is recommended to have Notepad or a similar app open to copy/paste the authentication details listed above while following this tutorial, as these keys cannot be re-accessed once the screen on which they are shown is exited.
Contents:
1. Configure Oracle NetSuite to Connect to Nexla
2. Set Up Roles
3. Assign Roles
4. Generate Keys (New Integration)
5. Create an Access Token
6. Add the Credential in Nexla
7. FAQs
1. Configure Oracle NetSuite to Connect to Nexla
- Log into Oracle NetSuite.
- Navigate to Setup-->Company-->Enable Features.
- Under the Analytics category, for SuiteAnalytics Workbook, check the box next to "SuiteAnalytics Workbook".
As noted in NetSuite, this setting enables SuiteAnalytics Workbook, which allows your NetSuite data to be queried, explored, and visualized.
- Under the SuiteCloud category, for SuiteScript, check the boxes next to "Client SuiteScript", "Server SuiteScript", and "SuiteScript Server Pages".
As noted in NetSuite, "Client SuiteScript" and "Server SuiteScript" enable the use of industry-standard JavaScript to perform advanced client-side customization of forms and business processes, respectively. "SuiteScript Server Pages" enables the creation of interactive web applications with customizable SuiteScript.
- Under the SuiteCloud category, for Suite Talk(Web Services), check the box next to "REST Web Services".
As noted in NetSuite, "REST Web Services" enables the use of a standard REST-based programming interface to integrate external systems with NetSuite and migrate data.
2. Set Up Roles
Under the Setup tab, Token-Based Authentication roles can now be configured to ensure that only authorized users can access your NetSuite Cloud.
- In the Setup tab, create a new role by selecting Setup-->User/Roles-->Manage Roles-->New, and click Add to access the window that allows permissions selection to enable token-based access.
- Under the General category, enter "Token Based Authentication" in the Name field.
- Under the Subsidiary Restrictions category, check the box next to "User Subsidiary".
Important: The records and transactions that employees can view and edit for subsidiaries are limited by the complete set of permissions defined for their assigned roles. For example, by default, employees of a specific subsidiary are able to view and edit data only for that subsidiary. If a role is customized to include multiple subsidiaries using a Subsidiaries List, employees assigned to this role can view and edit data for all listed subsidiaries. If the box next to "Allow Cross-Subsidiary Record Viewing" is also checked, employees assigned to this role can view data for all subsidiaries.
Please read the information provided here for more about Subsidiary Restrictions.
- Under the Authentication category, select "Not Required" from the Two-Factor Authentication Required dropdown menu on the right.
Menu location:
- Select the tab from the menu near the bottom of the screen, and perform the following actions under this category:
- Select the tab from the submenu, and add "REST Web Services" and "Log in using Access Tokens".
- Select the tab from the submenu, and add "Suite Analytics Workbook".
- Select the tab from the submenu, and add "Departments", "Locations", and "Customers".
These are the endpoints to which this role will have access. They can be varied and should be chosen accordingly.
Multiple TBA roles can be created if employees require access to different endpoints.
- Select the tab from the submenu, and add "REST Web Services" and "Log in using Access Tokens".
- Click on the left at either the top or bottom of the screen.
3. Assign Roles
- Navigate to Lists, and select the Employees tab.
- Click Edit next to an employee for whom TBA permissions should be added.
- Select the tab.
- Ensure that the box next to "Give Access" at the top of menu window is checked.
- Select the tab from the submenu, and add the "Token Based Authentication" role created in Section 2.
- Repeat Steps 2-5 above for each employee to whom TBA authentications permissions should be assigned.
4. Generate Keys (New Integration)
- Navigate to Setup-->Integrations-->Manage Integrations.
- Click New, and enter the desired integration name in the Name field.
- Select the tab, and check the box next to "Token-Based Authentication".
- Optional: If users should only be able to authenticate using tokens, uncheck the box next to "User Credentials".
- Uncheck the box next to "TBA: Authorization Flow".
- Save the integration.
- Important: Immediately copy and paste the Consumer Key and Consumer Secret generated after the integration is saved in a safe location.
Once this screen is exited, these keys cannot be accessed again without repeating the steps in this section and Section 4 to create a new integration.
5. Create an Access Token
The steps in this section should be completed by the user who will be using access tokens in Nexla.
- Navigate to Setup-->User/Roles-->Access Tokens-->New.
- Select the name of the integration created in Section 4.
- Select a user to whom you would like to give token authentication permissions, corresponding to the roles assigned in Section 3.
- Select the new role created in Section 2.
- Optional: Edit the name of the token.
- Important: Immediately copy and paste the Token ID and Token Secret generated after the token is created in a safe location.
Once this screen is exited, these keys cannot be accessed again without repeating the steps in this section and Section 4 to create a new integration.
6. Add the Credential in Nexla
This section assumes that Oracle NetSuite has previously been added as a data source in Nexla via the NetSuite REST API connector. For instructions on how to add NetSuite as a new data source via REST API, see Connect to Oracle NetSuite via REST API.
- Log into Nexla with your provided credentials.
If you need credentials, contact support@nexla.com.
- Navigate to the Integrate section by selecting from the platform menu on the left side of the screen.
- Click at the top of the Integrate toolbar on the left.
- Select the Oracle NetSuite REST API source that has been added in Nexla.
- Enter the name of the NetSuite credential in the Credential Name field.
- Optional: Enter the desired description of the credential in the Credential Description field.
- Enter the NetSuite account ID to be used with this credential in the NetSuite Account ID field.
Your NetSuite account ID can be found by navigating to Setup-->Company-->Company Information. It can also be found in your URL, as follows: https://<accountid>.app.netsuite.com/app/center/card.nl?. While leveraging NetSuite REST API services, please capitalize all letters in the account ID.
Your account ID will include a hyphen and other characters. For example, it may be shown in the above locations as "<12345>-sb1". However, please capitalize all letters when entering the account ID in Nexla. The preceding example should be entered as "<12345>_SB1".
- Paste the Consumer Key copied in Section 4, Step 7 into the OAuth1 Consumer Key field.
- Paste the Consumer Secret copied in Section 4, Step 7 into the OAuth1 Consumer Secret field.
- Paste the Token ID copied in Section 5, Step 6 into the OAuth1 Access Token field.
- Paste the Token Secret copied in Section 5, Step 6 into the OAuth1 Access Token Secret field.
- Optional: Enter the appropriate NetSuite realm ID in the OAuth1 Realm (Account ID/Company Identifier) field.
The realm ID is the NetSuite Account ID. This can be found in your account if you are using a sandbox or test-drive account. When entering the realm ID in Nexla, replace any hyphens shown in these locations with underscores, and capitalize all letters. If the realm ID is shown as "<12345>-sb1", enter "<12345>_SB1".
- Click .
If the above tasks were performed successfully and the information was entered correctly, Nexla should now save the credential and authenticate to the associated NetSuite account.
- On the next screen, select the appropriate API endpoint from the Endpoint dropdown menu.
- Click to finish connecting Nexla to NetSuite.
- Optional: Click to test the endpoint connection.
7. FAQs
1. Verifying Account and Realm IDs
- Your NetSuite account ID can be found by navigating to Setup-->Company-->Company Information. It can also be found in your URL, as follows: https://<accountid>.app.netsuite.com/app/center/card.nl?. While leveraging NetSuite REST API services, please capitalize all letters in the account ID.
- Your account ID will include a hyphen and other characters. For example, it may be shown in the above locations as "<12345>-sb1". However, please capitalize all letters while following this guide. The preceding example should be entered as "<12345>-SB1".
- The realm ID is the NetSuite Account ID. This can be found in your account if you are using a sandbox or test-drive account. While following this guide, replace any hyphens shown in these locations with underscores, and capitalize all letters. If the realm ID is shown as "<12345>-sb1", enter "<12345>_SB1".
2. Resolving an "Account ID is Invalid" Error in Nexla
If the below error is encountered in Nexla,
"detail": "Invalid login attempt. Your Account ID is invalid, or your account has been disabled. Provide a valid Account ID.", "o:errorCode": "INVALID_LOGIN"
- Please verify your account and realm IDs as described in FAQ #1.
- If the account and realm IDs are correct, ensure that all alphabetical characters are capitalized. Both the account ID and realm ID should always be capitalized when used in Nexla.
3. Verifying that Token-Based Authentication Is Enabled in Your NetSuite Account
To verify that TBA is enabled in your NetSuite account, log into NetSuite, and
- Navigate to Setup-->Users/Roles-->Access Tokens. Ensure that the "Access Tokens" feature is enabled in NetSuite.
- Navigate to Setup-->Company-->Enable Features, and select the "SuiteCloud" tab. Under "Manage Authentication", enable "Token-Based Authentication".
4. Creating Your NetSuite Token Authentication Information
Your integration will require token authentication details provided by NetSuite. We recommend keeping a Notepad-type app open and copying/pasting the required token values to/from there, as these values cannot be re-accessed after the screen on which they are initially shown is closed.
The four token values generated by NetSuite are the:
- Consumer Key
- Consumer Secret
- Token ID
- Token Secret
Comments
0 comments
Please sign in to leave a comment.