Table of Contents
- Purposes
- Introduction
- Generating Key Pairs
- Creating an Integration Record in the NetSuite Dashboard
- Creating a Client Credentials (M2M) Setup in the NetSuite Dashboard
- Setting Up the HTTP Authentication in the Alumio Dashboard
- What to Do When the Current Pair of Certificates is Expiring
Purposes
This article explains how to connect Alumio to NetSuite using Client Credentials Flow.
Introduction
Oracle NetSuite provides a few authentication options to access its API. One of them is the Client Credentials Flow. The flow allows you to get the OAuth2.0 access token without interacting with the NetSuite authorization page. That is why the flow is labeled Machine to Machine.
Supported Algorithms
NetSuite OAuth 2.0 supports the following JWT signing algorithms:
- RSA-PSS (Probabilistic Signature Scheme)
- PS256
- PS384
- PS512
- EC (Elliptic Curve)
- ES256
- ES384
- ES512
Generating Key Pairs
RSA-PSS Key Generation
To generate an RSA-PSS key pair with the PS256 algorithm.
openssl req -new -x509 -newkey rsa:4096 -keyout private.pem -sigopt rsa_padding_mode:pss -sha256 -sigopt rsa_pss_saltlen:64 -out public.pem -nodes -days 730
Note: NetSuite has announced that RSA PKCSv1.5 will be deprecated by March 1, 2025. Use the RSA-PSS scheme (PS256, PS384, or PS512) instead.
EC Key Generation
To generate an EC key pair with the EC256 algorithm.
openssl req -new -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -nodes -days 730 -out public.pem -keyout private.pem
Creating an Integration Record in the NetSuite Dashboard
- Go to Setup > Integration > New.
- Enter a name for your application in the Name field.
- Enter a description in the Description field, if preferred.
- Select Enabled in the State field.
- Enter a note in the Note field, if preferred.
- Uncheck all options in the Token-based Authentication section.
- Check only Client Credentials (Machine to Machine) Grant, and check all preferred scopes.
- Click Save.
- Copy the generated Consumer key and Consumer secret and keep them safe.
Creating a Client Credentials (M2M) Setup in the NetSuite Dashboard
- Go to Setup > Integration > Manage Authentication > OAuth 2.0 Client Credentials (M2M) Setup. The OAuth 2.0 Client Credentials Setup page appears.
- To create a new mapping, click the Create New button.
- In the popup window, choose the entity, role, and application to be mapped (the previous Integration Record created). Upload the public key from your computer.
- Click Save.
- Keep the Certificate ID as it is needed in the next phase.
Setting Up the HTTP Authentication in the Alumio Dashboard
- Go to Clients > HTTP Authentications > New.
- Choose "Oauth2 authentication as the Settings.
- Choose “Netsuite” as the Provider.
- Choose the preferred JWT algorithm.
- Enter the Certificate ID copied previously.
- Enter the Consumer Key copied previously.
- Enter the required scopes (comma-separated).
- Enter the Authentication URL, for example,
https://yourid.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token - Enter the private key that has been created previously.
- Click the Retrieve an access token key button.
- Once the access token key is retrieved, save the HTTP authentication.
You can choose the HTTP authentication you created in an HTTP client or any configurations you need to allow you to fetch resources from NetSuite API.
What to Do When the Current Pair of Certificates is Expiring
- Create a new pair of certificates
- Create a new Client Credentials (M2M) Setup as described in the previous section. Choose the same entity, role, and application as the same as the previous one created, but this time, upload the newly created certificate.
- In the Alumio dashboard, update the private key of the HTTP authentication with the newly created private key.
- Save the HTTP authentication.
Alumio will then use the new private key to retrieve the token from NetSuite when the current access token expires.