Latest News

the latest news from our team

Configuring NetSuite for Token-Based Authentication

NetSuite provides two methods of authentication for making web service calls: (1) user name and password, which requires a user name that can log into the NetSuite website; (2) token-based authentication, which allows multiple simultaneous web service calls. NetSuite strongly recommends the token-based authentication (TBA) method.

Some setup is required for token-based authentication. The following web page describes well how to set it up:

TBA requires several distinct pieces of information:

1. Token ID and Token Secret – two 64-character alphanumeric strings identifying the token
2. Consumer Key and Consumer Secret – two 64-character alphanumeric strings identifying the “consumer” for the web service calls.
3. NetSuite account ID – this is found in Setup > Integrations > Web Service Preferences.

The “Secret” half of the Token and Consumer pairs should be kept confidential. They are encrypted when eFORMz stores them for use in a project that will make NetSuite web service calls.

Adding Permissions to the Token Role

Part of setting up the Token, as described in the web page hyperlinked above, is setting up a Role that defines the capabilities of the token. This role must have various permissions added to it to perform the typical operations eFORMz does in NetSuite. For example, the following permissions may be required:

Under Transactions, add:
• Find Transaction
• Fulfill Orders
• Item Fulfillment
• Sales Order

Under Lists, add:
• Items

Under Setup, add:
• Custom Body Fields
• Custom Column Fields
• Custom Entity Fields
• Custom Event Fields
• Custom Fields
• Custom Item Fields
• Custom Item Number Fields
• Custom Lists
• Custom Record Types
• Custom Transaction Fields
• Log in using Access Tokens
• Other Custom Fields
• Web Services

Important Troubleshooting Note

If you do a web service call to “Search” for an object, say a Sales Order, an Item Fulfillment, or an Item, and you have not yet added the “Transactions” and “List” permissions noted above, the web service will return with a success code (200), but there will be zero records in the results. Only when you do a “Get” operation on an object (Sales Order, Item Fulfillment, or Item, etc.) does it return an error message indicating that you need to add permissions to that object in order to retrieve data for it in a web service call.

In order to see the error message for a NetSuite web service call (or any web service call, for that matter), you should add the following argument to the Java VM:


For example, if your eFORMz.ini file contained the following:

.\bin\javaw.exe -mx1024M -ms128M

Then add the argument to the end of the line so that it appears like this:

.\bin\javaw.exe -mx1024M -ms128M -DWS.RETURN.ERRORS="true"

Leave a Reply

Your email address will not be published. Required fields are marked *