# OAuth 2 (client credentials) authentication ## Introduction When a user chooses to [add a connector instance](/product-documentation/connectors-and-instances/working-with-instances/adding-an-instance.md) using **OAuth 2 (client credentials)** authentication, they are required to enter the following credentials: | Credential | Notes | | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `Consumer key` | Generated in Netsuite as part of your initial Patchworks integration. For more information see [Stage 1: Gather NetSuite credentials](#stage-1-gather-netsuite-credentials). | | `Account id` |

This is always the first element of the URL that you can see having logged into NetSuite. For more information see Stage 1: Gather NetSuite credentials.

Note that this value is case sensitive and must be entered exactly as it shows in your NetSuite URL. For example, in NetSuite where the account ID is 1234567-SB1 we must use whatever shows in the URL, which generally changes upper to lowercase (e.g. 1234567-sb1).

| | `Private key` | Paste in the entire contents of the private key (`auth-key.pem`) that has been generated for NetSuite. For more information see [Stage 2: Create a certificate](#stage-2-create-a-certificate). | | `Certificate id` | Paste in the **certificate id** associated with the certificate file (`auth-cert.pem`) that has been uploaded to NetSuite. For more information see [Stage 3: Upload certificat](#stage-3-upload-certificate-to-netsuite)e. | {% hint style="warning" %} If you are using a custom version of our prebuilt NetSuite connector (i.e. if authentication method and/or endpoint settings have been updated after the original installation), please be aware that your settings and requirements may vary. {% endhint %} ## Setting up OAuth 2 (client credentials) authentication In order to add connector instances for NetSuite using OAuth 2 (client credentials) authentication, you must have completed all generic setup detailed in our [Preparing your NetSuite environment to work with Patchworks](/product-documentation/connectors-and-instances/patchworks-connectors/netsuite-prebuilt-connector/preparing-your-netsuite-environment-to-work-with-patchworks.md) guide. Then, please complete the steps detailed in the following sections to enable OAuth 2 (client credentials) authentication: * [Stage 1: Gather NetSuite credentials](#stage-1-gather-netsuite-credentials) * [Stage 2: Create a certificate](#stage-2-create-a-certificate) * [Stage 3: Upload certificate to NetSuite](#stage-3-upload-certificate-to-netsuite) * [Stage 4: Add/install a custom script](#stage-4-add-install-a-custom-script) * [Stage 5: Apply the pre-request script](#stage-5-apply-the-pre-request-script) ## Stage 1: Gather NetSuite credentials ### Consumer key If you have followed our [Preparing your NetSuite environment to work with Patchworks](/product-documentation/connectors-and-instances/patchworks-connectors/netsuite-prebuilt-connector/preparing-your-netsuite-environment-to-work-with-patchworks.md) guide, you will have added a Patchworks integration and saved your client credentials (`consumer key`/`client id` and `consumer secret`/`client secret`) to a password manager. Make sure that you have these to hand. If you can't find these credentials, you can generate a new set.

Show me

![](/files/53vi5yxtLCo2zL5TC62O)

{% hint style="danger" %} Be aware that if you reset credentials that have already been used to configure Patchworks [connector instances](/product-documentation/connectors-and-instances/working-with-instances/adding-an-instance.md), process flows will fail until you [apply the new credentials](/product-documentation/connectors-and-instances/working-with-instances/updating-an-instance.md). {% endhint %} ### Account ID This is always the first element of the URL that you can see having logged into NetSuite. For example, with the following URL: \ \ `https://tstdrv1431250.app.netsuite.com/app/center/card.nl?sc=-29&whence=` ...the **account id** would be:\ \ `tstdrv1431250` ## Stage 2: Create a certificate Follow the steps below: **Step 1**\ From a command line or terminal window, use the command below to generate a certificate: {% code lineNumbers="true" %} ```bash openssl req -x509 -newkey rsa:4096 -sha256 -keyout auth-key.pem -out auth-cert.pem -nodes -days 730 ``` {% endcode %} **Step 2**\ You'll be prompted to enter information such as company name, email, etc. Complete each prompt as appropriate and press Enter. **Step 3**\ Two files will be generated: * auth-cert.pem * auth-key.pem {% hint style="info" %} For more information about certificate requirements in NetSuite, please see the following NetSuite article: {% embed url="" %} {% endhint %} ## Stage 3: Upload certificate to NetSuite Follow the steps below: **Step 1**\ Log into NetSuite as an admin user. **Step 2**\ Navigate to **setup** > **integration** > **OAuth 2.0 Client Credentials (M2M) Setup**:

**Step 3**\ Click the **create new** button:

...the **create a new credentials mapping** page is displayed:

**Step 4**\ Select your name (or a preferred alternative) from the **entity** dropdown field, followed by the **role** (this should be **administrator**) and finally the **application** (the name of your Patchworks integration). **Step 5**\ Click the **choose a file** button:

**Step 6**\ Upload the **auth-cert.pem** file that you generated in [Stage 1](#stage-1-create-certificate):

**Step 7**\ Add the **certificate id** to your password manager - you'll need this to add connector instances for NetSuite later:

## Stage 4: Add/install a custom script {% hint style="info" %} We've added the required to our [script marketplace](/product-documentation/developer-hub/custom-scripting/accessing-custom-scripts.md), so you can download it directly from there if preferred. To do this, select **scripts** from the left-hand navigation bar, then install the **Netsuite Prereq Oauth2 CC** script:\ \ ![](/files/yjJ7Bnljqt7K3McqpQVL) Having done this, you can go straight to [Stage 5](#stage-5-apply-the-pre-request-script). {% endhint %} Follow the steps below if you want to create the script manually: **Step 1**\ Log into the Patchworks dashboard and select **scripts** from the left-hand navigation menu. **Step 2**\ Click the **create script** button:

**Step 3**\ In the **name** field, type the following: {% code lineNumbers="true" %} ``` NetSuite OAuth 2 - Generate Client Assertion ``` {% endcode %} **Step 4**\ In the **description** field, type the following: {% code lineNumbers="true" %} ``` NetSuite OAuth 2 - Generate Client Assertion ``` {% endcode %} **Step 5**\ Click in the **language** field and select **JavaScript**:

**Step 6**\ Click the **create** button. **Step 7**\ The script is created and opened in edit mode - select and remove any placeholder code:

**Step 8**\ Paste in the code below.

Pre-request script code

{% code lineNumbers="true" %} ```php /** * @param data * @param {string} data.payload the payload as a string|null * @param {Object.} data.variables any variables as key/value * @param {Object.} data.meta any meta as key/value */ module.exports = async function (data) { const rs = require('jsrsasign') const jwtHeader = { alg: 'PS256', typ: 'JWT', kid: data.variables['certificate_id'], // Certificate Id on the client credentials mapping } // Create JWT payload const jwtPayload = { iss: data.variables['client_id'], // consumer key of integration record scope: ['restlets', 'rest_webservices'], // scopes specified on integration record iat: new Date() / 1000, exp: new Date() / 1000 + 3600, aud: `https://${data.variables['accountid']}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token`, } const signedJWT = rs.KJUR.jws.JWS.sign( 'PS256', JSON.stringify(jwtHeader), JSON.stringify(jwtPayload), data.variables['client_secret'], ) // The signed JWT is the client assertion (encoded JWT) that is used to retrieve an access token data.variables['client_assertion'] = signedJWT return data; } ``` {% endcode %}

**Step 9**\ Click the **save and deploy** button:

## Stage 5: Apply the pre-request script **Step 1**\ From the Patchworks dashboard, select **connectors and instances** from the left-hand navigation menu to access your installed connectors. **Step 2**\ If the NetSuite connector is not already installed, [install it now](/product-documentation/connectors-and-instances/working-with-connectors/installing-a-connector.md). **Step 3**\ Find your NetSuite connector and click the **settings** icon:

**Step 4**\ Click the **authentication** option:

**Step 5**\ Select the **Netsuite OAuth2 Auth Client Credentials** authentication method. **Step 6**\ Select the **pre-request script** tab:

**Step 7**\ Click in the **select script** field and select your **NetSuite OAuth 2 - Generate Client Assertion** script::

**Step 8**\ Select the latest version:

**Step 9**\ Save changes:

**Step 10**\ You can now [add connector instances](/product-documentation/connectors-and-instances/working-with-instances/adding-an-instance.md) for NetSuite using OAuth 2 (client credentials) authentication. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.wearepatchworks.com/product-documentation/connectors-and-instances/patchworks-connectors/netsuite-prebuilt-connector/oauth-2-client-credentials-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.