1. Account Administration
  2. Authentication
  3. OAuth 2.0
  4. OAuth 2.0 Tasks for Administrators
  5. Getting Started with OAuth 2.0
  6. Create Integration Records for Applications to Use OAuth 2.0

Create Integration Records for Applications to Use OAuth 2.0

Before users can authorize an OAuth 2.0 application, an integration record must be created, or edited for the application. Administrators or users with the Integration Application permission can create, or edit integration records. For more information, see Integration Management.

To create an integration record for an application:

  1. Go to Setup > Integration > New.

  2. Enter a name for your application in the Name field.

  3. Enter a description in the Description field, if preferred.

  4. Select Enabled in the State field.

  5. Enter a note in the Note field, if preferred.

    Note:

    Values of the State , Note, and OAuth 2.0 Consent Policy fields are specific to one NetSuite account. If you install a record in a different account, the values may change. Values of the Name and Description fields are read-only if the record is installed in a different account. For more information, see Auto-Installation of Integration Records.

  6. On the Authentication tab, check the appropriate boxes for your application:

    Field on the Authentication tab, under OAuth 2.0:

    Function of the field:

    Authorization Code Grant

    For more information, see OAuth 2.0 for Integration Application Developers.

    Check this box if you want to implement the OAuth 2.0 authorization code grant flow for this integration.

    Note:

    You can check both the Authorization Code Grant box and the Client Credentials (Machine to Machine Grant) box.

    Redirect URI

    • Enter the valid redirect URI for your application, on which the authorization code will be handled.

    • The redirect URI is validated when you save the integration record.

    Important:

    The redirect URI must be configured as either the https:// scheme or a custom URL scheme (for example, myapp://callback). The http:// scheme is not supported.

    The transport layer security must be guaranteed on the redirect URI.

    Public Client

    (Optional). Check this box if you want to allow OAuth 2.0 public clients with this integration.

    Important:

    The Client Credentials (Machine to Machine) Grant does not support the use of public clients.

    Client Credentials (Machine to Machine) Grant

    For more information, see OAuth 2.0 for Integration Application Developers.

    Check this box if you want to implement the OAuth 2.0 client credentials flow for this integration.

    Note:

    You can check both the Authorization Code Grant box and the Client Credentials (Machine to Machine Grant) box.

    RESTlets

    For more information, see OAuth 2.0 for RESTlets.

    Check this box if your OAuth 2.0 integration application requires accessing RESTlets.

    REST Web Services

    For more information, see OAuth 2.0 for REST Web Services.

    Check this box if your OAuth 2.0 integration application requires accessing REST web services.

    SuiteAnalytics Connect

    Check this box if your OAuth 2.0 integration application requires accessing SuiteAnalytics Connect.

    Application Logo

    (Optional). You can select a file from your File Cabinet. Supported formats are JPEG, PNG and GIF.

    Application Terms of Use

    (Optional). You can select any PDF file from your File Cabinet.

    Application Privacy Policy

    (Optional). You can select any PDF file from your File Cabinet.

    OAuth 2.0 Consent Policy

    Select an option from the list. See the following for more details about these options:

    • Always Ask - This is the default option. The consent screen appears every time the OAuth 2.0 code grant flow is initiated.

    • Never Ask - The consent screen does not appear during the OAuth 2.0 code grant flow. The integration is autoapproved by the Administrator.

    • Ask First Time - The consent screen only appears the first time the OAuth 2.0 code grant flow is initiated. The consent screen also appears if:

      • The system does not know which role or account to choose for the user to log in with

      • The application requires a different set of scopes and needs a new consent

    Integration application developers can adjust the consent screen option using the prompt parameter in Step One of the OAuth 2.0 code grant flow. For more information, see Step One GET Request to the Authorization Endpoint. See also Integration Record and Prompt Parameter Combinations.
    Note:

    If you do not want use the Token-based Authentication feature for your integration, clear the TBA: Authorization Flow box, then clear the Token-based Authentication.

  7. Click Save.

    Warning:

    The system displays the client ID and client secret only the first time you save the integration record. After you leave this page, these values cannot be retrieved from the system. If you lose or forget the client ID and client secret, you will have to reset them on the Integration page, to obtain new values. Treat these values as you would a password.

Related Topics

OAuth 2.0
OAuth 2.0 Tasks for Administrators
Getting Started with OAuth 2.0
OAuth 2.0 for Integration Application Developers
Troubleshooting OAuth 2.0

General Notices