OAuth 2 (client credentials) authentication

Introduction

When a user chooses to add a connector instance using OAuth 2 (client credentials) authentication, they are required to enter the following credentials:

Credential Notes

Credential	Notes
`Consumer key`	Generated in Netsuite as part of your initial Patchworks integration. For more information see Stage 1: Gather NetSuite credentials.
`Account id`	This is always the first element of the URL that you can see having logged into NetSuite. For more information see Stage 1: Gather NetSuite credentials. Note that this value is case sensitive and must be entered exactly as it shows in your NetSuite URL. For example, in NetSuite where the account ID is `1234567-SB1` we must use whatever shows in the URL, which generally changes upper to lowercase (e.g. 1`234567-sb1`).
`Private key`	Paste in the entire contents of the private key (`auth-key.pem`) that has been generated for NetSuite. For more information see Stage 2: Create a certificate.
`Certificate id`	Paste in the certificate id associated with the certificate file (`auth-cert.pem`) that has been uploaded to NetSuite. For more information see Stage 3: Upload certificate.

Consumer key

Generated in Netsuite as part of your initial Patchworks integration. For more information see Stage 1: Gather NetSuite credentials.

Account id

This is always the first element of the URL that you can see having logged into NetSuite. For more information see Stage 1: Gather NetSuite credentials.

Note that this value is case sensitive and must be entered exactly as it shows in your NetSuite URL. For example, in NetSuite where the account ID is 1234567-SB1 we must use whatever shows in the URL, which generally changes upper to lowercase (e.g. 1234567-sb1).

Private key

Paste in the entire contents of the private key (auth-key.pem) that has been generated for NetSuite. For more information see Stage 2: Create a certificate.

Certificate id

Paste in the certificate id associated with the certificate file (auth-cert.pem) that has been uploaded to NetSuite. For more information see Stage 3: Upload certificate.

If you are using a custom version of our prebuilt NetSuite connector (i.e. if authentication method and/or endpoint settings have been updated after the original installation), please be aware that your settings and requirements may vary.

Setting up OAuth 2 (client credentials) authentication

In order to add connector instances for NetSuite using OAuth 2 (client credentials) authentication, you must have completed all generic setup detailed in our Preparing your NetSuite environment to work with Patchworks guide.

Then, please complete the steps detailed in the following sections to enable OAuth 2 (client credentials) authentication:

Stage 1: Gather NetSuite credentials

Consumer key

If you have followed our Preparing your NetSuite environment to work with Patchworks guide, you will have added a Patchworks integration and saved your client credentials (consumer key/client id and consumer secret/client secret) to a password manager. Make sure that you have these to hand.

If you can't find these credentials, you can generate a new set.

Show me

Be aware that if you reset credentials that have already been used to configure Patchworks connector instances, process flows will fail until you apply the new credentials.

Account ID

This is always the first element of the URL that you can see having logged into NetSuite. For example, with the following URL: https://tstdrv1431250.app.netsuite.com/app/center/card.nl?sc=-29&whence=

...the account id would be: tstdrv1431250

Stage 2: Create a certificate

Follow the steps below:

Step 1 From a command line or terminal window, use the command below to generate a certificate:

openssl req -x509 -newkey rsa:4096 -sha256 -keyout auth-key.pem -out auth-cert.pem -nodes -days 730

Step 2 You'll be prompted to enter information such as company name, email, etc. Complete each prompt as appropriate and press Enter.

Step 3 Two files will be generated:

auth-cert.pem
auth-key.pem

For more information about certificate requirements in NetSuite, please see the following NetSuite article:

NetSuite Applications SuiteOracle Help Center

Stage 3: Upload certificate to NetSuite

Follow the steps below:

Step 1 Log into NetSuite as an admin user.

Step 2 Navigate to setup > integration > OAuth 2.0 Client Credentials (M2M) Setup:

Step 3 Click the create new button:

...the create a new credentials mapping page is displayed:

Step 4 Select your name (or a preferred alternative) from the entity dropdown field, followed by the role (this should be administrator) and finally the application (the name of your Patchworks integration).

Step 5 Click the choose a file button:

Step 6 Upload the auth-cert.pem file that you generated in Stage 1:

Step 7 Add the certificate id to your password manager - you'll need this to add connector instances for NetSuite later:

Stage 4: Add/install a custom script

We've added the required to our script marketplace, so you can download it directly from there if preferred. To do this, select scripts from the left-hand navigation bar, then install the Netsuite Prereq Oauth2 CC script:

Having done this, you can go straight to Stage 5.

Follow the steps below if you want to create the script manually:

Step 1 Log into the Patchworks dashboard and select scripts from the left-hand navigation menu.

Step 2 Click the create script button:

Step 3 In the name field, type the following:

NetSuite OAuth 2 - Generate Client Assertion

Step 4 In the description field, type the following:

NetSuite OAuth 2 - Generate Client Assertion

Step 5 Click in the language field and select JavaScript:

Step 6 Click the create button.

Step 7 The script is created and opened in edit mode - select and remove any placeholder code:

Step 8 Paste in the code below.

Pre-request script code

/**
 * @param data
 * @param {string} data.payload the payload as a string|null
 * @param {Object.<string, any>} data.variables any variables as key/value
 * @param {Object.<string, any>} data.meta any meta as key/value
 */
module.exports = async function (data) {
  const rs = require('jsrsasign')

  const jwtHeader = {
    alg: 'PS256',
    typ: 'JWT',
    kid: data.variables['certificate_id'], // Certificate Id on the client credentials mapping
  }

  // Create JWT payload
  const jwtPayload = {
    iss: data.variables['client_id'], // consumer key of integration record
    scope: ['restlets', 'rest_webservices'], // scopes specified on integration record
    iat: new Date() / 1000,
    exp: new Date() / 1000 + 3600,
    aud: `https://${data.variables['accountid']}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token`,
  }

  const signedJWT = rs.KJUR.jws.JWS.sign(
    'PS256',
    JSON.stringify(jwtHeader),
    JSON.stringify(jwtPayload),
    data.variables['client_secret'],
  )

  // The signed JWT is the client assertion (encoded JWT) that is used to retrieve an access token
  data.variables['client_assertion'] = signedJWT

  return data;
}