如何在NetSuite中设置RESTlet API的oAuth2.0认证

更新于 分类于 阅读次数: 7 阅读时长 ≈ 25 分钟

了解和设置NetSuite的oAuth2.0

本文从如何获取一个oAuth2.0的token展开, 让您可通过了解oAuth2.0的认证来进一步实现跨系统操作NetSuite数据

有什么用

了解和设置NetSuite的oAuth2.0

本文从如何获取一个oAuth2.0的token展开, 让您可以通过了解oAuth2.0的认证, 来进一步跨系统访问NetSuite数据

比如, 在获取了token以后, 您可以进一步使用NetSuite的原生RestLet API来跨系统操作NetSuite数据库

怎么用

NetSuite REST API Browser: Record API v1

你可以直接呼叫restlet节点, 从而NetSuite数据库中的信息, 比如:

image-20251110205900396

调试工具(举例):

1.  https://hoppscotch.io/
1.  postman

咨询服务

We provide people-friendly NetSuite development and consulting services for all sizes of business and projects.

We specialize in customizing NetSuite to better fit your specific business processes. Our philosophy is that in everything we do, people are the most important aspect. We believe that NetSuite is an incredible system and our goal is to help your company utilize NetSuite to its greatest potential, delivering you incredible value.

image-20251110210430326

服务流程

image-20251109195518962

服务内容

image-20251109195734192

image-20251109195806782

服务案例

Signatures for NetSuite

Signatures for NetSuite is a “Built-for-NetSuite” approved eSignature tool that enables you to sign any record in NetSuite. Users can sign using a touchscreen (Chromebook, iPad, etc.), mouse, or Topaz USB signature pad. Screenshots:

Automated Process Testing

This modules gives users the ability to create test cases in NetSuite for their processes. The test cases can be run automatically (on a schedule) so that administrators can find out when something changes or something breaks.

SMS (Text Messaging) Integration

What would having automated SMS communication to and from NetSuite enable you to do? The possibilities are endless, but a few of the examples that the tools in this bundle enable you to do are: appointment reminders, quote approvals, shipment notifications, and bulk customer satisfaction surveys.

Easy Payment Suitelet

This tool enables your customers to pay their invoices securely online (via NetSuite) without having to log into anything

Easy Sale Suitelet

This tool enables users to easily make purchases online from a simple product catalog, resulting in a sales order or cash sale in your NetSuite.

Matrix Item Entry

For clothing companies, the standard NetSuite item entry process on an order can be slow and tedious. Use this simple tool to quickly enter matrix items organized by standard size scales (S-M-L-XL-XXL, etc).

Advanced Reporting Requirements

Are you having trouble getting the data you need from a report or saved search? We can help create advanced saved searches or visual data representation using the new SuiteAnalytics module.

Contract Renewals

We’ve done a lot of work with software companies to automate and enhance managing contracts and contract items. If you’re experiencing challenges or process bottlenecks with contracts in NetSuite, get in touch and let’s talk through it.

Advanced PDF Templates

Need some highly-tailored PDF printout templates created? We are experts in Freemarker templates and BFO PDF creation.

相关内容

oAuth2.0配置详情

  1. 创建Netsuite的Integration记录
    1. 开启Enable Feature中的oAuth 2.0功能
    2. 新建Integration记录(勾选下面的字段)
      1. 其中Redirect URI是oAuth发来第一个get请求时, 必需匹配的; 否则会直接报错无法走流程
    3. 保持记录后会生成Consumer Key / Client ID 和 Consumer Secret / Client Secret
    4. 要记录这2个重要的信息(后面需要用到)

image-20251109201714581

  1. 打开网页https://hoppscotch.io/

    1. 填写内容:
    2. Grant type: Select Authorization Code.
    3. Authorization Endpoint https://{accountid}.app.netsuite.com/app/login/oauth2/authorize.nl
    4. Token Endpoint: https://{accountid}.app.netsuite.com/services/rest/auth/oauth2/v1/token
    5. Client ID, Client Secret 上一步在NetSuite中获取的内容
    6. Scopes: rest_webservices restlets
      1. 或者仅填写Scope: rest_webservices
    7. State: [optiona可选]This can be any random string of ASCII characters. It must include at least 22 characters.
    8. Pass By: Headers
      1. Client Authentication: Send as Basic Auth header
    9. 点击 Request Token/Get New Access Token

    image-20251109202334178

  2. 工具会打开的授权页面, 确认登陆

    1. 如果当前浏览器是已登陆NetSuite的状态, 会自动跳转到如下画面, 直接进行授权确认
    2. 点击Continue后, NetSuite会会传一个

image-20251109201813996

如果你需要一个你当前系统的rest的sample, 你在登陆系统的状态下可以下载到

You can download the REST API Postman environment template and collection of sample requests from the SuiteTalk tools download page at https://.app.netsuite.com/app/external/integration/integrationDownloadPage.nl.

NetSuite oAuth 2.0步骤

1. 发送Get请求到NetSuite的Authorization节点

OAuth 2.0授权获取Token的第一步是发送一个Get请求携带特定的URL参数, 用户手工授权登陆后, 用于获取NetSuite的返回一个code从而进行下一步的验证流程.

  1. 节点地址: https://.app.netsuite.com/app/login/oauth2/authorize.nl

  2. 参数:

    Request Parameter Description
    response_type The value of the response_type parameter is always code.
    client_id Identifies the client.The value of the client ID is provided when the integration record is created.
    redirect_uri The application uses the valid redirect URI to handle the authorization code.The value of the redirect URI parameter must match the redirect URI in the corresponding integration record.
    这里面的内容要encode
    encodeURIComponent(‘https://hoppscotch.io/oauth‘)
    scope The scope for which the application is requesting access. Values are restlets, rest_webservices, suite_analytics, or mcp. You can use any combination of the scopes, except the mcp. The mcp value for the scope parameter can only be used on its own. For more information about the NetSuite AI Connector Service, see Connect to NetSuite AI Connector Service.
    举例说明: 注意下面的例子要根据你实际情况调整
    https://.app.netsuite.com/app/login/oauth2/authorize.nl?response_type=code&redirect_uri=https%3A%2F%2Fhoppscotch.io%2Foauth&scope=rest_webservices&client_id=e184757ca95d8f73160983f17d01337d65d74149cc858e839df184a26aa3597e

页面加载后, 如果报错,就要根据情况调整get的URL请求中的参数, 确保数据的准确性, 比如redirect_uri要吻合NetSuite中的记录对应redirect_uri的字段内容, 并且要encodeURIComponent后放到URL地址里面

image-20251110203726123

当授权成功后, NetSuite会跳转页面到该redirect_uri的页面, 并且携带一些额外的参数, 参数内容及说明如下:

第一步授权成功后的重定向页面参数Redirect Parameters for Step One

After authorization, NetSuite initiates a redirect to the Redirect URI, with the following parameters:

Redirect Parameter Description
state The state parameter in the redirect matches the state parameter in the request in Step One.ImportantTo avoid cross-site request forgery (CSRF) attacks, you must conform to the OAuth 2.0 specification. For more information, see RFC6749 Section 10.12.
code A randomly generated string that is used for request verification in Step Two.The code parameter is only generated if the application was authorized.You must use the value of the code parameter immediately after it is generated. The value for the code parameter has limited time validity.
role Indicates the user’s role for which the access token and refresh token are granted in Step Two.The role parameter is a NetSuite-specific parameter.
entity The ID of the user who authorizes the application or interrupts the flow.The entity parameter is a NetSuite-specific parameter.
company NetSuite account ID (company identifier).The company parameter is a NetSuite-specific parameter.
error The error parameter is only used when an error occurs during the flow. For information about error values, see Troubleshooting OAuth 2.0.

授权成功的跳转URL地址举例: 

1
https://myapplication.com/netsuite/oauth2callback?state=ykv2XLx1BpT5Q0F3MRPHb94j&role=1000&entity=12&company=1234567&code=70b827f926a512f098b1289f0991abe3c767947a43498c2e2f80ed5aef6a5c50

授权失败的跳转URL地址举例: 

1
https://myapplication.com/netsuite/oauth2callback?state=ykv2XLx1BpT5Q0F3MRPHb94j&role=1000&entity=12&company=1234567&error=access_denied

主要我们关注的就是一个code的参数; 这个参数将要用在下一步的POST请求中.

2.发送Post请求到NetSuite的Token节点

程序(可以是自定义的任何程序, 或者Postman, 或者hoppscotch.io这种特定的工具)紧接着要发送一个POST请求到NetSuite的token节点. 这个POST请求必需包含特定的header内容和body内容. 这个步骤完成后的最后将会获取可访问NetSuite系统数据库的Access Token(和Refresh Token 用于刷新Access Token来确保token在失效后获取新的Access Token). 而如果用hoppscotch.io这类的工具, 在配置正确后(详细可见上一步的配置详情), 会自动帮您加密clientid:clientsecret等, 然后发出该post, 然后就会在UI上获取NetSuite的access_token反馈.

2.1 节点地址: https://.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token

2.2 节点post所需的参数

Request Parameter Description
code 这是第一个get跳转后获取到的code. The code parameter value obtained in Step One.
redirect_uri 这是后台校验用的, redirect_uri必需吻合NetSuite Integration记录中的设置, 和第一个发送的redirect_uri参数内容. The value of the redirect_uri parameter must match the value entered in the corresponding integration record and the value in the request in Step One.
grant_type 这是固定内容authorization_code The value of the grant_type parameter in Step Two is authorization_code.
code_verifier 必须吻合第一步中放回的code_verifier参数内容。The value of the code_verifier must match the value generated in Step One. If the values don’t match, HTTP 400 Bad Response error is returned. For more information, see https://tools.ietf.org/html/rfc7636, sections 4.5 and 4.6.
  • Request parameters must be encoded based on the HTML specification for the application/x-www-form-urlencoded media type. For more information, see URL Specification 5.1
  • The client authentication method used in the header of the request follows the HTTP Basic authentication scheme. For more information, see RFC 7617. The format is clientid:clientsecret. The string value is Base64url encoded. The following code provides an example.
1
2
3
4
5
6
POST /services/rest/auth/oauth2/v1/token HTTP/1.1
Host: <accountID>.suitetalk.api.netsuite
Authorization: Basic Njc5NGEzMDg2ZTRmNjFhMTIwMzUwZDAxYjg1MjdhZWQzNjMxNDcyZWYzMzQxMjIxMjQ5NWJlNjVhOGZjOGQ0YzpjZGM3YWMyMjE4M2VmNTAyNGU4MWIwZmNlOGVmNDYxYzQ0ZDU4OTZhMWYxODA1ZDRiMzcyY2E2MWM0ZDMyNmFl
Content-Type: application/x-www-form-urlencoded

code=70b827f926a512f098b1289f0991abe3c767947a43498c2e2f80ed5aef6a5c50&redirect_uri=https%3A%2F%2Fmyapplication.com%2Fnetsuite%2Foauth2callback&grant_type=authorization_code&code_verifier=abFOm_isZAwm7PpI9BtJRMEuiMqhU6sUqZlVWSsAAf1QutgIOD~on78mu-JdpbKc_RA7IEcf2e~q0XrKlJ1tE.8Un64PXLKQG16G4lwW-a5de_0aeU2mHnyVPg.Or8cE

第二步中NetSuite返回值

JSON Response Fields Description
access_token The value of the access_token parameter is in JSON Web Token (JWT) format. The access token is valid for 60 minutes.
refresh_token The value of the refresh_token parameter is in JSON JWT format. The refresh token is valid for seven days.ImportantIf you use public clients for OAuth 2.0, the refresh token is only valid for two days by default and is for one-time use only. You can change this value on the integration record. The accepted values are between one hour and 720 hours (thirty days in hours).
expires_in The value of the expires_in parameter is always 3600. The value represents the time period during which the access token is valid, in seconds.
token_type The value of the token_type parameter is always bearer.
id_token This parameter is a part of OAuth 2.0, but it is used only in the NetSuite as OIDC Provider feature flow. You don’t need to configure the token_id parameter as a part of the OAuth 2.0 feature flow. For more information, see Step Two POST Request to the Token Endpoint.

下面是一个response 的例子 in JSON JWT 格式:

1
2
            {"access_token":"eyJraWQiOiJzLlNZU1RFTS4yMDIwXzEiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIzOzciLCJhdWQiOlsiNkFDQkQ1MUMtNTE0Qi00RjU5LUIxQzMtQ0IzNUZGN0U5QTZBOzQwMzAwNTkiLCI0Nzc2MWI3NzY1MjJlMTg2ZmNkNzdmMTNjMjVlOGNjZjk5YWY5MDFhNjc4YTY2ZTcwMGIxNjFlZWZlOGZhODhkIl0sInNjb3BlIjpbInJlc3Rfd2Vic2VydmljZXMiLCJyZXN0bGV0cyJdLCJpc3MiOiJodHRwczpcL1wvc3lzdGVtLm5ldHN1aXRlLmNvbSIsIm9pdCI6MTYxMTA2NzY1NSwiZXhwIjoxNjExMDcxMjU1LCJpYXQiOjE2MTEwNjc2NTUsImp0aSI6IjQwMzAwNTkuYS41YjMyMzZiOS1mZmVlLTQyZDMtYmQ1Ny00YmU3YjQ0MzlhMzdfMTYxMTA2NzY1NTM1OS4xNjExMDY3NjU1MzU5In0.TVpquJSRujxyZpp9ydnkfQFy8fq2eTRIt-7mA6B9nGvftEQ2pJCu-15qfxYoe6iKU1JEpOhuvA-MAzdI-TvM1ndHT37VRdpcEa3R_kdZuDIT5hAS0G5VRVOQVF6bseHTKm4HIe0bFy8vCIaS6utQ46crF0LnQK_bxYXsQz8nFEwGlk4mOmsKje5ZB_0vzXpHEuYh9sBFdwxhMNUO3P_tFiAF0f0oXXJzAzYTEjA9pH_tr1ymGFoLWCIfKiR1RUavvVVGeL-jiQdZSRNr5cQj4Nz8iixn9bR2R1rEtcoXBzAJ2pSVU9yimLe2bPmzxBggJr839PDUP4IlKwkvzMUoLw",
"refresh_token":"eyJraWQiOiJzLlNZU1RFTS4yMDIwXzEiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIzOzciLCJhdWQiOlsiNkFDQkQ1MUMtNTE0Qi00RjU5LUIxQzMtQ0IzNUZGN0U5QTZBOzQwMzAwNTkiLCI0Nzc2MWI3NzY1MjJlMTg2ZmNkNzdmMTNjMjVlOGNjZjk5YWY5MDFhNjc4YTY2ZTcwMGIxNjFlZWZlOGZhODhkIl0sInNjb3BlIjpbInJlc3Rfd2Vic2VydmljZXMiLCJyZXN0bGV0cyJdLCJpc3MiOiJodHRwczpcL1wvc3lzdGVtLm5ldHN1aXRlLmNvbSIsIm9pdCI6MTYxMTA2NzY1NSwiZXhwIjoxNjExNjcyNDU1LCJpYXQiOjE2MTEwNjc2NTUsImp0aSI6IjQwMzAwNTkuci41YjMyMzZiOS1mZmVlLTQyZDMtYmQ1Ny00YmU3YjQ0MzlhMzdfMTYxMTA2NzY1NTM1OS4wIn0.BbSQ86Phg6CKLMJ9gJQurs1NK6niSxFzF2EBFT--KFysI2AV9S1llZgxsRNIrMXsDioaepdWsGzrKepJXq25t5Sr7f-jBwTLK9g9SkFAvvEFsVJCYbdA4_BNZkHKlCC-1mA_yFNZWBYPdfCMGDX39iIDd7LVkaj-oPjpnuRnnK1ntNzxHx0coJiXwj3KfOI0PK7xfG1zbVSW14XOlatWbi80MY0ZQCgF41nFs-Rv-a7r-b51mMrm6kKZx-0MXfKRYT60H3gPXCk2QzkKovKy3kBVjajbtVPNS2tF_SbFNWOXJrn4MFzvnnDy0qsxT_Ijy3S5LTgk4YLrlwKv_XoE7A","expires_in":"3600","token_type":"bearer"}

最终我们POST后获取到的这个access_token内容就是整个oAuth2.0的最终最重要需获取到的access_token.

有了这个access_token(背后是携带这登陆者的用户信息以及角色和权限的), 我们就可以进步访问和操作NetSuite的数据.

Access_Token应用到NetSuite REST API

NetSuite提供标准的RESTLet访问节点, 所支持操作的记录以及操作类型都罗列在文档中:

image-20251110204904637

举例, 我们可发送Get请求来实时获取NetSuite系统中的会计科目信息:

image-20251110204501694

当然REST的操作远远不止于此,可根据实际企业的业务流程展开.

抛砖引玉 希望对于您有所帮助, 如需相关NetSuite协助, 可移步闲鱼下单前期启动

image-20251110210430326

灵感与文档

Create Integration Records for Applications to Use OAuth 2.0

NetSuite Tutorial: Using Postman with OAuth 2.0

NetSuite REST API Browser

(请输入关键字以后回车,检索内容涵盖全局站点)

个性化需求沟通 扫客服加V加群: