I’ve been looking for documentation that could help me set up a connection to NetSuite using OAuth 2.0 Machine-to-Machine, but I haven’t been able to find any. I already have all the OAuth 2.0 information ready with me; I’m just not sure what information should be entered in the integrator.io connection setup.
Is it even possible?
I've been attempting to do this and it seems feasible, but I've been unsuccessful. I'll check internally to see what we're missing.
With the help of our awesome engineer @yashmodi, we were able to get NetSuite OAuth 2.0 Client Credentials (Machine-to-Machine) working with a Celigo HTTP connection. Below is the full setup.
Out of curiosity, what is driving you to use OAuth 2.0 with NetSuite as opposed to OAuth 1.0 or using our native NetSuite connector?
In NetSuite, create a new integration record:
Setup → Integration → Manage Integrations → New
Enable Client Credentials (Machine To Machine) Grant
Enable the scopes you will need (make note of which ones)
Save the record, then copy and save the Client ID
Generate a key pair and certificate. NetSuite doc:
https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/subsect_162755332391.html
Example command (this is what I used):
openssl req -new -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt ec_param_enc:named_curve -nodes -days 365 -out public.pem -keyout private.pem
Go to:
Setup → Integrations → OAuth 2.0 Client Credentials (M2M) Setup → Create New
public.pem)Create a new HTTP connection in Celigo:
Base URI
https://<accountid>.suitetalk.api.netsuite.com
Auth type: OAuth 2.0
Create a new iClient
Grant type: Client Credentials
Enable Use JWT
Signature method: use the one matching your cert (mine was ES256)
Paste your private key contents (private.pem) into the private key field
Use the following JWT payload (update <accountid> and scope to match what you enabled on the Integration record):
{
"iss": "{{{iClient.oauth2.encrypted.clientId}}}",
"aud": "https://<accountid>.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token",
"iat": {{{dateFormat 'X' (timestamp) 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}},
"exp": {{{dateFormat 'X' (dateAdd (timestamp) '2700000' 'UTC') 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}},
"scope": "rest_webservices,restlets"
}
Notes:
scope values here are enabled on the NetSuite integration record.exp above is set to about 45 minutes after iat (2700000 ms).{
"typ": "JWT",
"alg": "ES256",
"kid": "{{{iClient.oauth2.encrypted.certificateId}}}"
}
alg must match the signature method you chose (for example, ES256).Access token URL:
https://<accountid>.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token
Under OAuth 2.0 overrides:
Headers
content-type: application/x-www-form-urlencoded
Body
{
"grant_type": "client_credentials",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": "{{{iClient.jwt.token}}}"
}
In Advanced → Encrypted fields, add:
{
"certificateId": "",
"clientId": ""
}
…and populate those values with:
certificateId = the NetSuite Certificate ID from the M2M setup recordclientId = the NetSuite Integration record Client IDIn the connection test:
HTTP method: GET
Relative URI:
/services/rest/record/v1/metadata-catalog
Thanks Tyler, this is perfect, I will try this and let you know what is the result.
It’s just a personal preference, I just don’t want to do the flow(me being lazy 
)
@tylerlamparter Works perfectly. Thanks for the detailed steps.
