NetSuite Machine to Machine (M2M) integration authentication guide

This guide will walk you through setting up OAuth 2.0 Client Credentials Flow (M2M) in NetSuite. This process involves creating a new integration in NetSuite, generating a client ID and client secret, and using OpenSSL to create a certificate for secure communication.

To know what M2M is in NetSuite when to use M2M, and how difficult it is to implement, please read the FAQs at the bottom of the article.

Prerequisites

  • Administrative access to NetSuite.
  • OpenSSL is installed on your machine. If you don’t have then follow these guides for downloading OpenSSL installation for Windows, MAC, or Linux.

Steps to Set Up OAuth 2.0 Client Credentials Flow (M2M)

  1. Create a New Integration in NetSuite

    1. Log in to your NetSuite account.
    2. Navigate to Setup > Integration > Manage Integrations.
    3. Click on New to create a new integration.
  2. Enter Integration Details

    1. Fill in the necessary details as shown in the screenshot below:
      Screenshot of an integration configuration page from a software system, showing settings for authentication and OAuth 2.0. Key fields include Name, Client ID, and Client Secret, with options to enable/disable. For detailed steps, refer to the attached authentication guide for NetSuite M2M integration.
    2. Click Save.
    3. After saving, you will be provided with a Client ID and Client Secret. Make sure to copy and save these values before leaving the page as you won’t be able to access them again.
      Screenshot of an integration confirmation page for a registration, showing various details such as status, activation details, and system logs. The Satva Solutions logo is displayed in the bottom right corner.
  3. Install OpenSSL

    Check the below FAQ for Download and install OpenSSL for Windows, MAC, Linux

  4. Generate Certificate Using OpenSSL

    1. Open the command prompt and navigate to the OpenSSL installation folder.
    2. Run the following command to generate a private key and a certificate:
      • openssl req -x509 -newkey rsa:3072 -keyout sw2021d_key.pem -out sw2021d_cert.pem -days 365 -nodes
    3. The files generated are as follows
      • sw2021d_key.pem: The private key file.
      • sw2021d_cert.pem: The certificate file.
    4. You will be prompted to enter details for the certificate. You can enter values or leave them blank.
  5. Upload Certificate to NetSuite

    1. Log back into your NetSuite account.
    2. Navigate to Setup > Integration > OAuth 2.0 Client Credentials Setup.
    3. Click on Create New.
      Screenshot of an OAuth 2.0 Client Credentials Setup page showing an option to Create New and a list of credentials with details like certificate ID, algorithm, application, entity, role, and validity dates.
    4. Fill in the following details:
      • User: Select the user for this integration.
      • Role: Select the appropriate role for the user.
      • Application: Select the integration you created earlier.
      • Certificate: Upload the sw2021d_cert.pem file generated by OpenSSL.
        Screenshot of a dialog box titled 'Create a New Client Credentials Mapping' with fields for Entity, Role, Application, and Certificate file upload, alongside a Save button. SATVA Solutions logo is visible.
      • Click Save.
  6. Verify the Setup

    1. After saving, you should see your new OAuth 2.0 Client Credentials setup listed.
    2. Make sure all the details are correct and the status is active.

Certificate Management: NetSuite’s certificates are valid for 90 days. The system generates new certificates 30 days before the current ones expire, and these certificates are company-specific.

For more details, you can refer to the official NetSuite documentation

  1. https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/section_158255317571.html#subsect_160828987108
  2. https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/section_162730264820.html#subsect_160828987108

Conclusion

You have successfully set up OAuth 2.0 Client Credentials Flow (M2M) in NetSuite. This setup allows secure communication between your application and NetSuite using the generated client ID, client secret, and certificate. If you encounter any issues, refer to the screenshots and steps above or request for consultation by the Netsuite Integration Advisor.

 

Also Read: NetSuite: Mastering OAuth 2.0 Client Credentials Flow in .NET Framework

Faqs of M2M in NetSuite:

What’s M2M in NetSuite?
M2M (Machine-to-Machine) in NetSuite stands for the OAuth 2.0 Client Credentials Flow. This method helps servers talk to each other without needing a person to step in. It’s perfect for systems working behind the scenes that need to chat with NetSuite. Here’s how it works: an app uses its login info to ask for a special pass (called an access token) from a token spot. Then, it uses this pass to prove it’s allowed to use NetSuite’s tools like REST web services, RESTlets, and SuiteAnalytics Connect.
When to Use M2M Authentication Flow in NetSuite?
M2M authentication flow is suitable in scenarios where two backend systems need to communicate securely without user involvement. Examples include Automated data transfers between NetSuite and other systems. Backend processes that require access to NetSuite data.Integration scenarios where user credentials are not practical or secure to manage, such as in scheduled tasks or services that need continuous access to NetSuite APIs.
How Difficult is NetSuite M2M Compared to Other Authentication Methods?
Implementing M2M in NetSuite is generally considered more complex compared to other methods like Token-Based Authentication (TBA) or OAuth 2.0 Authorization Code Grant. The complexity arises from the need to generate and manage RSA certificates, handle JWT (JSON Web Tokens), and configure detailed integration settings. Each NetSuite account and environment (production, sandbox) requires a separate setup, which can be cumbersome during the development and testing phases.
 However, M2M offers more robust security and is better suited for automated, server-to-server integrations where user credentials are not suitable. While the initial setup might be more involved, it provides a more secure and scalable solution for long-term integrations.
 How much time does the Netsuite M2M authentication setup take?
Setting up NetSuite M2M authentication for the first time typically takes 8-14 hours.

  1. This includes 1-2 hours for preparation and prerequisites, such as installing necessary libraries and ensuring permissions.
  2. Certificate creation takes about 30 minutes to 1 hour.
  3. NetSuite setup, including creating integration records and uploading certificates, takes 1-2 hours.
  4. Coding and integration for handling JWT tokens and API requests take 2-4 hours.
  5. Finally, testing, debugging, documentation, and deployment require another 3-6 hours.
Where can I download OpenSSL for different operating systems?
Windows

  1. Shining Light Productions: https://slproweb.com/products/Win32OpenSSL.html
  2. OpenSSL Official Site: https://www.openssl.org/source/
  3. GitHub Releases: https://github.com/openssl/openssl/releases
Mac

  • Homebrew: https://formulae.brew.sh/formula/openssl
Linux

  1. Ubuntu/Debian:
    
    sudo apt-get update
    sudo apt-get install openssl 
    
  2. Fedora:
    
    udo dnf install openssl
    
  3. Arch Linux:
    
    sudo pacman -S openssl
    
  4. OpenSSL Official Site: https://www.openssl.org/source/
Article by

Jignasha Rathod

Jignasha Rathod is a Technical Analyst with over a decade of experience in the IT industry. She excels in .NET, CI/CD, GitHub, Azure. and has a proven track record in project management, leadership, API integrations, and Azure AI and ML.net . Jignasha is focused on performance enhancement and possesses deep domain expertise in open source CMS ( umbraco, orchard cms ) accounting, CRM, ERP (SAP, NetSuite, Business Central) and e-commerce. Her extensive experience spans across both B2B and B2C e-commerce platforms, and she is leveraging AI and ML technologies to drive innovation and efficiency in client projects.