Security Considerations for Control Center Endpoints

The Control Center API Endpoints let you automate Control Center actions, making it easier to manage your SuiteApps. When using the endpoints, it's important for SuiteApp Release Managers to follow security best practices. This document outlines key security considerations and the recommended authentication approach to help keep data and systems safe.

Key Concepts

• Control Center Endpoints: The API endpoints that allow approved external integrations to communicate with NetSuite's backend functions for SuiteApp management and operations.

• SuiteApp Release Manager role: This is a permission-customized NetSuite role designed for managing SuiteApp releases and related integrations. Use of this role helps restrict and monitor sensitive activities without granting full administrative privileges.

• Authentication: The process used to verify a user's identity and grant access to resources. For more information, see OAuth 2.0.

Why Role-Based Security Matters

Administrator access gives users unrestricted capabilities, increasing potential risk if the credentials are compromised. The SuiteApp Release Manager role is designed for controlled situations to access only the permissions needed for SuiteApp operations.

Avoid using the Administrator role for integrations or endpoint access. Instead, assign the SuiteApp Release Manager role to select users to perform these operations. This minimizes the chances of accidental data exposure or unauthorized changes within your NetSuite account.

Setting up Authentication for Control Center API Endpoints

To set up access to the Control Center API endpoints, an administrator must:

1. Assign the SuiteApp Release Manager role to the appropriate user. For more information about user roles, see NetSuite Roles Overview.

2. Create an integration record to generate a Client ID and Secret. The SuiteApp Release Manager will use these credentials to authenticate and obtain an access token.

The SuiteApp Release Manager can now use the access token to make calls to the Control Center API endpoints.

Each request must include an Authorization header set to Bearer <TOKEN>, where <TOKEN> is the access token created in step 2.

Related Topics:

• SuiteApp Control Center
• Control Center API Endpoints
• Getting Started with SuiteApp Control Center API Endpoints

General Notices