Create Integration Records for Applications to Use TBA
Before creating and assigning tokens to users, an integration record must be created for each application that will use token-based authentication. Administrators or users assigned the Integration Application permission can create integration records.
-
For more information about the integration record, see Integration Management.
-
For more information about using token-based authentication with SOAP web services, see Token-Based Authentication Details.
The following procedure briefly describes completing an integration record. You should create a separate integration record for each application.
To create an integration record for an application:
-
Go to Setup > Integration > Manage Integrations > New
-
Enter a Name for your application.
-
Enter a Description, if preferred.
-
The application State is Enabled by default. (The other option available for selection is Blocked.) The value of this field is always specific to one NetSuite account.
-
Enter a Note, if preferred. The value of this field is always specific to one NetSuite account.
-
On the Authentication tab, check (or clear) the appropriate boxes for your application.
In some cases, more than one method of authentication may be specified on an integration record.
Important:You should transition from user credentials to TBA or OAuth 2.0. Specifying more than one method on a record can be useful when making the transition from user credentials to TBA.
-
For accessing SOAP web services, both the Token-based Authentication (TBA) and the User Credentials boxes can be checked.
-
For accessing REST web services, both the Token-based Authentication (TBA) and the OAuth 2.0 boxes can be checked.
-
For accessing RESTlets, the Token-based Authentication (TBA), the OAuth 2.0, and the User Credentials boxes can be checked.
Fields on the Authentication tab:
Effect when the box is checked:
Token-based Authentication (TBA)
-
This box must be checked to enable use of either the TBA authorization flow or the issuetoken endpoint.
-
When creating a new integration record, this box is checked by default.
-
Allows creation of tokens through the UI only. Use the tokens created to access RESTlets or SOAP and REST web services.
TBA: IssueToken Endpoint
For more information, see The IssueToken Endpoint.
-
Allows programmatic creation of tokens using the issuetoken endpoint.
-
This box is checked for integration records that existed before your account was upgraded to 2019.2.
Important:Check this box only if it is not possible to implement the TBA authorization flow in your integration.
TBA: Authorization Flow
For more information, see The Three-Step TBA Authorization Flow.
-
When creating a new integration record, this box is checked by default.
-
Allows creation of tokens using the TBA authorization flow.
Callback URL
-
Enter the appropriate valid callback URL for your application.
-
The callback URL is validated when you save the integration record.
Note:As of 2020.1, the callback URL supports multiple ports on a localhost (
http://localhost:*).As of 2020.2, the callback URL supports using asterisk (*) as a part of a domain name.
There are various ways to use the asterisk (*) in a domain name:
-
https://*.xyz.example.com/callback
Following examples illustrate correct and incorrect callback URLs:
-
Correct: https://myaccount.xyz.example.com/callback
-
Incorrect: https://myaccount.prefix.xyz.example.com/callback
-
Incorrect: https://myaccount.example.com/callback
-
-
https:// *.example.com/callback
Following examples illustrate correct and incorrect callback URLs.
-
Correct: https://myaccount.example.com/callback
-
Incorrect: https://myaccount.prefix.example.com/callback
-
Incorrect: https://example.com/callback
-
You can use asterisk (*) as a first part of the domain name only.
User Credentials
Important:New integrations should use another method, such as TBA, rather than user credentials.
-
Clear this box to ensure this application will authenticate only using tokens and not with user credentials.
-
-
Click Save.
The confirmation page displays the Client Credentials (Consumer Key and Consumer Secret) for this application. The application developer will need this information. These Client Credentials do not expire.
Warning:The system displays the client ID and client secret only the first time you save the integration record. In cases where an application previously used user credentials as an authentication method, you must reset the client ID and client secret. Resetting the client ID and client secret invalidates the previous client ID and client secret.
After these basic setup tasks are complete, you are almost ready to begin using token-based authentication in your account. Users must create tokens. See Manage TBA Tokens in the NetSuite UI.
Whether using The Three-Step TBA Authorization Flow, or calling The IssueToken Endpoint, an integration record is created and automatically installed in your account. The Require Approval during Auto-Installation of Integration preference affects whether this new record is automatically enabled. You can manage the preference at Setup > Integration > SOAP Web Services Preferences.
If the Require Approval during Auto-Installation of Integration box is not checked (set to false) the State field on the new application is automatically set to Enabled, and all requests are permitted. However, if the box is checked (set to true) the State field on the new integration record is set to Waiting for Approval. In the latter case, you must manually edit the record and set the State to Enabled. Until you set the state to Enabled, all requests sent by that application are blocked.
To view a list of integration records in this account, go to Setup > Integration > Integration Mangement > Manage Integrations.