1. SuiteCloud Platform
  2. SuiteTalk Web Services
  3. SuiteTalk REST Web Services API Guide
  4. Working with REST Web Services Using Postman
  5. Setting Up Token-Based Authentication (TBA) -Tutorial

Setting Up Token-Based Authentication (TBA) -Tutorial

This tutorial walks you through the setup for token-based authentication (TBA) in both NetSuite and Postman. When you're set up, you'll be able to perform CRUD actions on elements of your NetSuite account.

Note:

OAuth 2.0 is the preferred authentication method. You should consider using OAuth 2.0 instead of TBA whenever possible.

Prerequisites

Before starting, you need the proper roles, permissions, and features set up in your NetSuite account. Additionally, you need to install the Postman desktop application. See the following help topics for information about these steps:

Creating an Integration Record

After setting up the prerequisites, continue with creating an integration record for your application. For detailed information about integration records, see Integration Record Overview.

To create an integration record:

  1. In your NetSuite account, create a new integration record. Don't save it yet. For information about creating an integration record to be used with TBA, see Create Integration Records for Applications to Use TBA. An integration record is what allows for a connection between Postman and your NetSuite account.

  2. In the Authentication tab, set up your integration record.

    Under Token-based Authentication, make sure that the Token-based Authentication box is checked. You can leave the rest of the options unchanged.

  3. Before clicking Save, note that when you do, the client ID and secret will be displayed at the bottom of the page. Make note of both the ID and secret, as you'll need them later and you won't be able to access them again.

Warning:

The system displays the client ID and client secret only the first time you save the integration record. After you leave this page, these values cannot be retrieved from the system. If you lose or forget the client ID and client secret, you will have to reset them on the Integration page, to obtain new values.

Treat these values as you would a password. Never share these credentials with unauthorized individuals and never send them by email.

Creating a TBA Token

After setting up the integration record, you must create and assign a TBA token for the REST web services user.

To create and assign a TBA token:

  1. Log in as a user with the Access Token Management permission.

  2. Go to Setup > Users/Roles > User Management > Access Tokens.

  3. On the Access Tokens page, click New Access Token.

    The Access token page appears.

  4. On the Access Token page:

    1. Select the Application Name.

    2. Select the User.

    3. Select the Role.

    4. The Token Name is already populated by default with a concatenation of Application Name, User, and Role. Enter your own name for this token, if preferred.

    5. Click Save.

      The confirmation page displays the Token ID and Token secret.

Warning:

For security reasons, the only time the Token ID and Token Secret values are displayed is on the confirmation page. After you leave this page, these values cannot be retrieved from the system. If you lose or forget these credentials, you will need to create a new token and obtain new values.

Treat these values as you would a password. Never share these credentials with unauthorized individuals and never send them by email.

Setting Up TBA in Postman

For setting up TBA in Postman, follow the steps listed in Importing and Setting Up a Postman Environment.

After setting up your authentication, you're ready to start working with REST through Postman. For detailed information, see Working with Records.

Related Topics

General Notices