> For the complete documentation index, see [llms.txt](https://doc.wearepatchworks.com/product-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://doc.wearepatchworks.com/product-documentation/connectors-and-instances/patchworks-connectors/netsuite-prebuilt-connector/oauth-2-client-credentials-authentication.md).

# OAuth 2 (client credentials) authentication

## Introduction

When a user chooses to [add a connector instance](/product-documentation/connectors-and-instances/working-with-instances/adding-an-instance.md) using **OAuth 2 (client credentials)** authentication, they are required to enter the following credentials:

| Credential       | Notes                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `Consumer key`   | Generated in Netsuite as part of your initial Patchworks integration. For more information see [Stage 1: Gather NetSuite credentials](#stage-1-gather-netsuite-credentials).                                                                                                                                                                                                                                                                                                                                                                        |
| `Account id`     | <p>This is always the first element of the URL that you can see having logged into NetSuite. For more information see <a href="#stage-1-gather-netsuite-credentials">Stage 1: Gather NetSuite credentials</a>. </p><p></p><p>Note that this value is case sensitive and must be entered <strong>exactly as it shows in your NetSuite URL</strong>. For example, in NetSuite where the account ID is <code>1234567-SB1</code> we must use whatever shows in the URL, which generally changes upper to lowercase (e.g. 1<code>234567-sb1</code>).</p> |
| `Private key`    | Paste in the entire contents of the private key (`auth-key.pem`) that has been generated for NetSuite. For more information see [Stage 2: Create a certificate](#stage-2-create-a-certificate).                                                                                                                                                                                                                                                                                                                                                     |
| `Certificate id` | Paste in the **certificate id** associated with the certificate file (`auth-cert.pem`) that has been uploaded to NetSuite. For more information see [Stage 3: Upload certificat](#stage-3-upload-certificate-to-netsuite)e.                                                                                                                                                                                                                                                                                                                         |

{% hint style="warning" %}
If you are using a custom version of our prebuilt NetSuite connector (i.e. if authentication method and/or endpoint settings have been updated after the original installation), please be aware that your settings and requirements may vary.
{% endhint %}

## Setting up OAuth 2 (client credentials) authentication

In order to add connector instances for NetSuite using OAuth 2 (client credentials) authentication, you must have completed all generic setup detailed in our [Preparing your NetSuite environment to work with Patchworks](/product-documentation/connectors-and-instances/patchworks-connectors/netsuite-prebuilt-connector/preparing-your-netsuite-environment-to-work-with-patchworks.md) guide.&#x20;

Then, please complete the steps detailed in the following sections to enable OAuth 2 (client credentials) authentication:

* [Stage 1: Gather NetSuite credentials](#stage-1-gather-netsuite-credentials)
* [Stage 2: Create a certificate](#stage-2-create-a-certificate)
* [Stage 3: Upload certificate to NetSuite](#stage-3-upload-certificate-to-netsuite)
* [Stage 4: Add/install a custom script](#stage-4-add-install-a-custom-script)
* [Stage 5: Apply the pre-request script](#stage-5-apply-the-pre-request-script)

## Stage 1: Gather NetSuite credentials

### Consumer key

If you have followed our [Preparing your NetSuite environment to work with Patchworks](/product-documentation/connectors-and-instances/patchworks-connectors/netsuite-prebuilt-connector/preparing-your-netsuite-environment-to-work-with-patchworks.md) guide, you will have added a Patchworks integration and saved your client credentials (`consumer key`/`client id` and `consumer secret`/`client secret`) to a password manager. Make sure that you have these to hand.

If you can't find these credentials, you can generate a new set.

<details>

<summary><img src="/files/JOYoP4EdSu7WJ3CMdAAS" alt="" data-size="line"> Show me</summary>

![](/files/53vi5yxtLCo2zL5TC62O)

</details>

{% hint style="danger" %}
Be aware that if you reset credentials that have already been used to configure Patchworks [connector instances](/product-documentation/connectors-and-instances/working-with-instances/adding-an-instance.md), process flows will fail until you [apply the new credentials](/product-documentation/connectors-and-instances/working-with-instances/updating-an-instance.md).&#x20;
{% endhint %}

### Account ID

This is always the first element of the URL that you can see having logged into NetSuite. For example, with the following URL: \
\
`https://tstdrv1431250.app.netsuite.com/app/center/card.nl?sc=-29&whence=`

...the **account id** would be:\
\
`tstdrv1431250`

## Stage 2: Create a certificate

Follow the steps below:

**Step 1**\
From a command line or terminal window, use the command below to generate a certificate:

{% code lineNumbers="true" %}

```bash
openssl req -x509 -newkey rsa:4096 -sha256 -keyout auth-key.pem -out auth-cert.pem -nodes -days 730
```

{% endcode %}

**Step 2**\
You'll be prompted to enter information such as company name, email, etc. Complete each prompt as appropriate and press Enter.&#x20;

**Step 3**\
Two files will be generated:

* auth-cert.pem
* auth-key.pem

{% hint style="info" %}
For more information about certificate requirements in NetSuite, please see the following NetSuite article:

{% embed url="<https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/section_162686838198.html#subsect_162755332391>" %}
{% endhint %}

## Stage 3: Upload certificate to NetSuite

Follow the steps below:

**Step 1**\
Log into NetSuite as an admin user.&#x20;

**Step 2**\
Navigate to **setup** > **integration** > **OAuth 2.0 Client Credentials (M2M) Setup**:

<div align="left"><figure><img src="/files/04jtBIuyJKIHwuPK2NXf" alt="" width="375"><figcaption></figcaption></figure></div>

**Step 3**\
Click the **create new** button:

<div align="left"><figure><img src="/files/O8R3FdwLmN6I2OdkHJWN" alt=""><figcaption></figcaption></figure></div>

...the **create a new credentials mapping** page is displayed:

<div align="left"><figure><img src="/files/1Zy8VDMbF2z2yEtbkgY6" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 4**\
Select your name (or a preferred alternative) from the **entity** dropdown field, followed by the **role** (this should be **administrator**) and finally the **application** (the name of your Patchworks integration).

**Step 5**\
Click the **choose a file** button:

<div align="left"><figure><img src="/files/4iW3oXMV2t5uAjA8SjSp" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 6**\
Upload the **auth-cert.pem** file that you generated in [Stage 1](#stage-1-create-certificate):

<div align="left"><figure><img src="/files/lQhN8zgk00cimufzXHZ7" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 7**\
Add the **certificate id** to your password manager - you'll need this to add connector instances for NetSuite later:

<div align="left"><figure><img src="/files/mJ6dnlbTTb8Ncwu1S88x" alt="" width="563"><figcaption></figcaption></figure></div>

## Stage 4: Add/install a custom script

{% hint style="info" %}
We've added the required to our [script marketplace](/product-documentation/developer-hub/custom-scripting/accessing-custom-scripts.md), so you can download it directly from there if preferred. To do this, select **scripts** from the left-hand navigation bar, then install the **Netsuite Prereq Oauth2 CC** script:\
\
![](/files/yjJ7Bnljqt7K3McqpQVL)

Having done this, you can go straight to [Stage 5](#stage-5-apply-the-pre-request-script).
{% endhint %}

Follow the steps below if you want to create the script manually:

**Step 1**\
Log into the Patchworks dashboard and select **scripts** from the left-hand navigation menu.&#x20;

**Step 2**\
Click the **create script** button:

<div align="left"><figure><img src="/files/oZJFosmiz2vUpw5CjC1V" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 3**\
In the **name** field, type the following:

{% code lineNumbers="true" %}

```
NetSuite OAuth 2 - Generate Client Assertion
```

{% endcode %}

**Step 4**\
In the **description** field, type the following:

{% code lineNumbers="true" %}

```
NetSuite OAuth 2 - Generate Client Assertion
```

{% endcode %}

**Step 5**\
Click in the **language** field and select **JavaScript**:

<div align="left"><figure><img src="/files/Uxt2hxk66z7hvk5g4ygR" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 6**\
Click the **create** button.

**Step 7**\
The script is created and opened in edit mode - select and remove any placeholder code:

<div align="left"><figure><img src="/files/o2nUSWRrWLxqO4kkOTZq" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 8**\
Paste in the code below.

<details>

<summary><img src="/files/4iYjBn9HEfUXX4ZSP1vh" alt=""> Pre-request script code</summary>

{% code lineNumbers="true" %}

```php
/**
 * @param data
 * @param {string} data.payload the payload as a string|null
 * @param {Object.<string, any>} data.variables any variables as key/value
 * @param {Object.<string, any>} data.meta any meta as key/value
 */
module.exports = async function (data) {
  const rs = require('jsrsasign')

  const jwtHeader = {
    alg: 'PS256',
    typ: 'JWT',
    kid: data.variables['certificate_id'], // Certificate Id on the client credentials mapping
  }

  // Create JWT payload
  const jwtPayload = {
    iss: data.variables['client_id'], // consumer key of integration record
    scope: ['restlets', 'rest_webservices'], // scopes specified on integration record
    iat: new Date() / 1000,
    exp: new Date() / 1000 + 3600,
    aud: `https://${data.variables['accountid']}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token`,
  }

  const signedJWT = rs.KJUR.jws.JWS.sign(
    'PS256',
    JSON.stringify(jwtHeader),
    JSON.stringify(jwtPayload),
    data.variables['client_secret'],
  )

  // The signed JWT is the client assertion (encoded JWT) that is used to retrieve an access token
  data.variables['client_assertion'] = signedJWT

  return data;
}
```

{% endcode %}

</details>

**Step 9**\
Click the **save and deploy** button:

<div align="left"><figure><img src="/files/wwYfEUmSAlZZHvxcefXR" alt="" width="563"><figcaption></figcaption></figure></div>

## Stage 5: Apply the pre-request script

**Step 1**\
From the Patchworks dashboard, select **connectors and instances** from the left-hand navigation menu to access your installed connectors.

**Step 2**\
If the NetSuite connector is not already installed, [install it now](/product-documentation/connectors-and-instances/working-with-connectors/installing-a-connector.md).

**Step 3**\
Find your NetSuite connector and click the **settings** icon:

<div align="left"><figure><img src="/files/gmU1XpzFUU7dAhkVUutM" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 4**\
Click the **authentication** option:

<div align="left"><figure><img src="/files/ayv3MOuffr2HD8yuQgAq" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 5**\
Select the **Netsuite OAuth2 Auth Client Credentials** authentication method.

**Step 6**\
Select the **pre-request script** tab:

<div align="left"><figure><img src="/files/aCYfrWgERXmyFTmtP7Xz" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 7**\
Click in the **select script** field and select your **NetSuite OAuth 2 - Generate Client Assertion** script::

<div align="left"><figure><img src="/files/SPQVQQMNNwCjFfXY1oHX" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 8**\
Select the latest version:

<div align="left"><figure><img src="/files/0mlS3dkCqk8HR10fj9SB" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 9**\
Save changes:

<div align="left"><figure><img src="/files/juK0k5YDmIXAt8SYJWSM" alt="" width="563"><figcaption></figcaption></figure></div>

**Step 10**\
You can now [add connector instances](/product-documentation/connectors-and-instances/working-with-instances/adding-an-instance.md) for NetSuite using OAuth 2 (client credentials) authentication.
