Authentication and Session Management for REST Web Services

NetSuite supports two mechanisms that increases overall system security. OAuth 2.0 and token-based authentication (TBA), robust, industry standard-based mechanisms. These authentication mechanisms enable client applications to use a token to access NetSuite through APIs, eliminating the need for integrations to store user credentials.

REST web services do not support login through user credentials. For general information about TBA, see Token-based Authentication (TBA).

For general information about OAuth 2.0, see OAuth 2.0.

Note:

OAuth 2.0 is the preferred authentication method. You should consider using OAuth 2.0 instead of TBA whenever possible.

Setting Up OAuth 2.0 Authentication for REST Web Services

To set up OAuth 2.0, see Getting Started with OAuth 2.0.

To be able to use REST web services with OAuth 2.0, you must create an application using an integration record. See Create Integration Records for Applications to Use OAuth 2.0. As the last step of this procedure, make sure you note the client ID and client secret.

After you create the integration application, continue with a set up of an application for use with OAuth 2.0. For more information, see OAuth 2.0 for Integration Application Developers. After the application is set up, you can manage the authorized applications. For more information, see Managing OAuth 2.0 Authorized Applications.

Setting Up Token-Based Authentication (TBA) for REST Web Services

To set up TBA, see Getting Started with Token-based Authentication.

To be able to use REST web services with TBA, you must create an application using an integration record. See Create Integration Records for Applications to Use TBA. As the last step of this procedure, make sure you note the consumer key and consumer secret.

After creating the integration application, continue with creating tokens for your users. Issue a new token for at least one of your users, and note its token ID and token secret. For details, see Access Token Management – Create and Assign a TBA Token.

After creating tokens, you use the token ID and token secret in your REST web services Postman environment. For information about setting up your environment, see Importing and Setting Up a Postman Environment.

For detailed information about using TBA in integration applications, see The Three-Step TBA Authorization Flow.

Concurrency Governance and Session Management

To optimize NetSuite application and database servers, the system employs certain mechanisms to control the consumption of web services.

Concurrency for REST web services is governed in a way that each request counts towards the account limit. The account governance limit applies to the combined total of web services and RESTlet requests. For detailed information about concurrency governance, see Web Services and RESTlet Concurrency Governance.

Additionally, if a request takes more than 15 minutes to complete, it automatically times out.

These mechanisms ensure the following:

• Requests are monitored and controlled to ensure that the user experience is not excessively impacted.

• The burden of heavy web services users is not shared among all users.

You can use APM to monitor the concurrency usage of your REST web services integration. For information, see Monitoring Web Services and RESTlet Concurrency.

Related Topics

• SuiteTalk REST Web Services Overview and Setup
• REST Web Services Request Processing
• Working with REST Web Services Using Postman
• Working with Resource Metadata
• Working with Records
• Working with Sublists
• Working with Subrecords
• Record Filtering and Query
• Error Handling and Logging in REST Web Services

General Notices