NetSuite REST (Tech Preview) connection
The NetSuite REST connection represents a single NetSuite account including authentication credentials and the Base URL used to reach the NetSuite REST API. You can only connect to one NetSuite account at a time.
If you have multiple accounts or sandbox instances, use a separate connection for each and configure the Base URL accordingly. You can pair a single connection with different NetSuite REST operations to perform unique actions against a NetSuite account.
Connection Tab
| Field | Description |
|---|---|
| Authentication Type | Select the authentication method. Options: OAuth 2.0, Token-Based Authentication. |
| Base URL | The web service URL that the connector uses to access the NetSuite REST API. Default format: https://{NS_Account_ID}.suitetalk.api.netsuite.com. |
Token-Based Authentication
Select Token-Based Authentication as the Authentication Type to display the following fields.
Token-Based Authentication uses OAuth 1.0 with HMAC-SHA256 signing. The connector signs each request individually using the Token ID, Token Secret, and the account realm extracted from the Base URL.
| Field | Description |
|---|---|
| Token ID | The Token ID generated from the NetSuite Integration record. |
| Token Secret | The Token Secret generated from the NetSuite Integration record. |
OAuth 2.0
Select OAuth 2.0 as the Authentication Type, then select a Grant Type.
Authorization Code
The Authorization Code grant type is the standard three-legged OAuth 2.0 flow in which the user grants the client an authorization code that can be exchanged for an access token.
| Field | Description |
|---|---|
| Grant Type | Select Authorization Code. |
| Client ID | The client ID obtained from the NetSuite Integration record. |
| Client Secret | The client secret obtained from the NetSuite Integration record. |
| Authorization Token URL | The endpoint URL used to obtain an authorization token. |
| Scope | The level of access requested for this OAuth 2.0 token. Enter rest_webservices. |
| Access Token URL | The endpoint address provided by the application to make API requests. |
| Add Access Token Parameter | The name and value of any additional or custom token parameters required by your application. |
| Access Token | Click Generate and follow the prompts to generate and refresh tokens. |
Client Credentials (JWT Token)
The Client Credentials grant type is designed for machine-to-machine (M2M) authentication. With JWT Bearer Token, the client provides claim information to generate an assertion, which is sent to the server to obtain an access token.
| Field | Description |
|---|---|
| Grant Type | Select Client Credentials. |
| Client Assertion Type | JWT Token is the only available option. |
| Scope | The level of access requested. Enter rest_webservices. |
| Access Token URL | The NetSuite OAuth 2.0 Access Token Endpoint URL (e.g., https://{NS_Account_ID}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token). |
| Add Access Token Parameter | The name and value of any additional or custom token parameters required by your application. |
| Signature Algorithm | The cryptographic algorithm (e.g., RS256, PS384) used to digitally sign the JWT. Must match the algorithm configured in the NetSuite Integration record. |
| Signature Key | The X.509 Certificate component containing the private key used to sign the JWT. Import your .pfx certificate file into Boomi as an X.509 Certificate component. |
| Issuer (iss) | The Client ID (Consumer Key) from the NetSuite Integration record, identifying the issuer of the assertion. |
| Subject (sub) | The identifier of the client principal the token is about. Typically the same as the Client ID for machine-to-machine authentication. |
| Audience (aud) | Leave blank. The Access Token URL field serves as the audience for NetSuite. |
| Expiration (exp) | The lifespan in seconds for the generated JWT before it expires (e.g., 3600). |
| ID Claim Generator (jti) | Select or configure a mechanism to generate a unique ID for each JWT, used by NetSuite to prevent token replay attacks. |
| Add Extended JWT Claim | Key-value pairs of additional claims required by the endpoint. Important: You must add scope = rest_webservices here, even if you have also entered it in the Scope field above. |
| Key ID (kid) | The Certificate ID from NetSuite's OAuth 2.0 Client Credentials (M2M) Setup page. This identifies which certificate was used to sign the JWT. |
| X.509 Certificate SHA-256 Thumbprint (x5t#256) | Optional. A base64url-encoded SHA-256 hash of the DER-encoded X.509 certificate used for JWT signing. Encode the certificate thumbprint to base64url format before entering it here. |
When using Client Credentials with JWT, you must supply the scope claim in Add Extended JWT Claim in addition to the Scope field. The Access Token URL must be entered in the Access Token URL field — do not place it in the Audience (aud) field.
Test Connection
Click Test Connection to verify that the connector can authenticate and reach NetSuite. The connector sends a metadata GET request to the NetSuite REST API metadata-catalog endpoint.
If the connection fails, the error includes the HTTP status code and reason phrase, along with guidance to review the Login Audit Trail in the NetSuite UI at:
Setup > Users/Roles > User Management > View Login Audit Trail
You can only run Test Connection against containers associated with your account (local runtimes, runtime clusters, and runtime clouds).
