98% Technical Support Satisfaction Rating Have Questions? Explore our Help Center.

How to Setup NetSuite Token-Based Authentication as Authentication Type

Hey there, thanks for stopping by to learn about how TBA works with NetSuite integrations!

Having trouble using TBA (Token Based Authentication) over in your Netsuite Account to get your integration set up today? Using a NetSuite Sandbox for testing? Read until the end of this article for guidance. 


Well, good news! SyncApps supports NetSuite Token Based Authentication (TBA) as an Authentication Type. It should be super simple to get this set up today for any integration you are using with SyncApps.

The NetSuite integration Authentication Type for NetSuite Username and Password will still function if in use, however, NetSuite recommends using TBA as it has the following benefits.

  • Can have 5 concurrent API requests
  • No password expiration issues
  • Two Factor Authentication usage


In your Sync Profile, the Authentication Type for NetSuite Username and Password is still the default choice and all of your existing NetSuite integrations will continue to sync based on your setup. If you encounter any issues, drop us a line at our 24/7 support desk here

Please see the guide below when selecting the NetSuite integration Authentication Type for Token Based Authentication (TBA).

Please take note that an integration using Token Based Authentication (TBA) requires the following values to be set:

  • Consumer Key
  • Consumer Secret
  • Token ID
  • Token Secret

And to use Token Based Authentication (TBA), the following things need to be done:

  1. Enable Token-Based Authentication
  2. Create Integration record
  3. Create a Role and assign to a User
  4. Create an Access Token for the Integration record, User, and Role

See how to enable Token Based Authentication (TBA) easily below:

  1. Go to Setup > Company > Enable Features > Suite Cloud > Manage Authentication
  2. Enable Token-Based Authentication

See how to simply create an Integration Record below:

  1. Go to menu Setup > Integrations > Manage Integrations
  2. Tap the New button
  3. Set the name to "SyncApps Integration". Please make sure to tick the Token-Based Authentication option, uncheck the "TBA: AUTHORIZATION FLOW" and "AUTHORIZATION CODE GRANT" option, and check the "TBA: ISSUETOKEN ENDPOINT"  option. 
  4. If you already have an integration record for SyncApps, you can reuse it by editing the integration and ticking the Token-Based Authentication option.
  5. Please copy Consumer Key and Consumer secret values to be used in Sync Profile configuration.

Please take note that Consumer Key and Consumer Secret values are displayed only once, so please make sure you copy them before going to another page. You can also reuse the consumer key and consumer secret to link one integration (consumer key and consumer secret) to multiple access tokens.

See how to create a Role and assign to a User below:

  1. Go to Setup > Users/Roles > Manage Roles > New
  2. Create a role and assign necessary permissions for SyncApps integration. (Please tap here for the list of permissions required for all NetSuite integrations)
  3. The role must have "User Access Tokens" permission for integration using TBA.



4. Assign the Role to the desired user that will be used for integration. Go to Lists >                          Employees > Employees > edit user > Access tab > Roles subtab.

Create an Access Token for the Integration record, User, and Role

See below how to create an Access Token for the Integration record, User, and Role:

  1. Go to Setup > Users/Roles > Access Tokens > New.
  2. Select the Integration record, User, and Role created or referenced in the previous steps.

      3. Token Id and Token Secret will be displayed after tapping the save button. Please copy the Consumer Key and Consumer secret values to be used in Sync Profile configuration.

After the above steps are completed, you can now use the Consumer Key, Consumer Secret, Token ID, and Token Secret in one or multiple Sync Profile configurations.


If you are using a NetSuite Sandbox, an example is {Account ID = XXXXXXX_sb1}, to test within Step 1 of your integration then the steps above need to be followed inside your NetSuite Sandbox account.  

Sandbox Tokens need to be created and recreated again if the Sandbox is refreshed.

Read the NetSuite TBA Help Center article here.

Still having issues with your Roles and Permissions? Make sure to use the "System Administrator" as the Center Type role and the Subsidiary is set to "All", to find the Subsidiary, go to the Role that you're using for SyncApps then edit it.

Are you receiving this message from NetSuite? 

From NetSuite: "Before your account is upgraded to NetSuite 2021.2, ensure that the TBA integrations in your account are using HMAC-SHA256. If you use any integrations provided by a third party, you inform the third party that the HMAC-SHA1 will no longer be supported as a signature method for TBA in NetSuite. The third-party must provide you with an updated solution before the NetSuite 2021.2 release."

No worries as we already support this cipher method today HMAC-SHA256 so you are in good hands.

NetSuite's move to TLS 1.2

Be sure and also check out our subscriber's story here on how SyncApps helped them save 100s of hours per year!

If you encounter any issues, drop our 24/7 Support Team a line here.

Have more questions? Submit a request


Cazoomi Resources