OAuth is a protocol that allows Freshsuccess to access NetSuite data without exposing your user credentials. Instead of supplying a username and password, OAuth allows you to authorize Freshsuccess to access your NetSuite accounts and contacts via the NetSuite API.

NetSuite's OAuth is very different from the typical OAuth process.


Here's a guide to setting up token-based authentication with NetSuite and Freshsuccess. Note that you must be using a SuiteTalk API version greater than 2020.2.

1. Create an Integration Record

The integration record identifies the application in NetSuite's system.

  • Within NetSuite, visit the Integrations page, or perform a global search for page:integrations.
  • Create a new integration record for "FreshsuccessIntegration." After you create the record, you will need to save your Consumer Key and Consumer Secret for later.
    • Name: Freshsuccess Integration
    • Authentication
      • Please enable "TOKEN-BASED AUTHENTICATION"
      • Please also ensure that "TBA: ISSUETOKEN ENDPOINT" is enabled.
  • If the integration record for the Freshsuccess Integration already exists, but you don’t have the Consumer Key and Consumer Secret, edit the record, then select "Reset Credentials."

2. Enable Token-Based Authentication

  • In NetSuite, navigate to Setup > Company > Setup Tasks > Enable Features > SuiteCloud > Manage Authentication.
  • Make sure "Token Based Authentication" is enabled.
  • Save your changes.
  • If this feature is not enabled, you will not see the permissions required in the next step.

3. Create a Token Role

The administrator does not have token permissions by default. If you do not create a token role and assign it to your administrator, you will get a "Login access has been disabled for this role" error when creating a token.

  • Within NetSuite, perform a global search for page:role, then choose “New Role.”
  • Navigate to "Permissions > Setup" and add the following permissions:
    • User Access Token: Full
    • Access Token Management: Full
    • SOAP Web Services: Full
  • You will also need to add "View" permissions for any objects that contain data to be synced into Freshsuccess.
  • To provide access to Custom objects and fields, please add the following permissions as "View" under "Permissions > Setup":
    • Custom Fields
    • Custom Body Fields
    • Custom Column Fields
    • Custom Entity Fields
    • Custom Event Fields
    • Custom Item Fields
    • Custom Transaction Fields
    • Custom Record Types
    • Custom Transaction Types

4. Add Token Management Permissions

  • Within NetSuite, perform a global search for page:employees.
  • Edit your employee record.
  • Navigate to "Access > Roles" and add the token auth role you just created.

5. Create Access Tokens

  • Global search for page: tokens
  • New Access Token
  • Select the application and role we created earlier, then press save.
  • Save the token ID and token secret to be provided to Freshsuccess.

6. How to find your NetSuite account number

  • Go to Setup > Company > Company Information.
  • Your account number will be listed under the Account ID field.

7. Provide Freshsuccess Credentials

  • Go to "IT Administration" under "Settings"
  • Go to "Source Credentials".
  • Click "Add Source" on the top right and select "NetSuite" from the source type. 
  • Add the required parameters as listed on the page. Note that "Passport Type" should be "token".

Once you've completed all steps, please contact us so that we can verify the credentials and begin configuring your NetSuite integration.