This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

Building an integration between an internal system and NetSuite using the NetSuite REST API, anyone have any insight on whether to use the Token Based Authentication or OAuth 2.0?

TBA is the one most likely to get running quickly

its basically OAuth 1 and you will likely be able to find a library that implements oauth 1 for you

it also has the benefit that the tokens dont expire, so its basically good until netsuite decides to deprecate it

for oauth 2, the authorization grant is not a serious integration option, the refresh tokens last a week

that leaves client credentials, which is usually easy, but netsuite has chosen to implement an assertion draft extension, so finding a library to do the work for you is less likely

you would probably want to find something that implements jwt (or jwt assertions if you are lucky) and combine that with an oauth 2 library

other than that, client credentials require you to generate a new token at least every 2 years, but has the benefit that netsuite will likely support it longer than tba

Like <@U5TF1GQ20> mentioned TBA is probably the best if you are developing an internal app.  There is also an OAuth2 M2M option but it is a bit of a pain to get it setup.  One of our engineers <@U040F9S9H7S> wrote this guide on different available options.  <https://medium.com/entech-solutions/how-to-use-netsuite-rest-api-with-oauth-2-and-c-net-126ac118919c>

questionable source, account id information looks incorrect

the account id is not in the url, its a common mistake, common enough that netsuite changed the accound id structure

the actual account id is found many places, most commonly the company information or the soap web services preferences

Thanks for the insight. I had already tried the OAuth 2.0 and came across the limitation of 7 days so was looking at the Machine to Machine Integration but didn't know that has an expiration of 2 years. I'll go the TBA route.