Integrating With NetSuite Using RESTlets

NetSuite is a cloud ERP solution founded by Oracle Enterprise. To automate business processes, users of NetSuite have a number of powerful functionalities to choose from, ranging from Accounting and Financial Management, to CRM and Inventory Management.

To further promote a free flow of data, NetSuite also offers various options to integrate with external applications such as Salesforce for CRM, or Magento for ecommerce. This allows for data to be moved in and out of NetSuite with ease.

What is NetSuite Integration?

Integration is the process of connecting NetSuite with external applications to enable uni or bidirectional flow of data between the two connected systems.

For example, whenever data is entered or a new record created in the external application, that new data is automatically moved into NetSuite via integrations, thus eliminating the need for manual data entry. 

Four ways to integrate with NetSuite

1. CSV imports

2. Suitetalk REST Web services

3. Suitetalk SOAP Web services

4. Restlets

CSV Imports

Comma-Separated Value (CSV) import is the most commonly used method for transferring small to medium-sized data sets from other applications into NetSuite. The CSV import process saves time and prevents errors by submitting data in a CSV file.

SuiteTalk REST Web Services

The NetSuite REST web services provide an integration channel that extends the capabilities of SuiteTalk. REST web services provide a REST-based interface for interacting with NetSuite.

SuiteTalk SOAP Web Services

SOAP web services provides programmatic access to NetSuite data and business processes through a SOAP-based services API. SOAP web services are appropriate for integration scenarios where you regularly need to bring large amounts of data into NetSuite or send large amounts of data out of NetSuite.

RESTlets

RESTlets, which we will discuss in further detail in this blog, are another option for integration that provide stateless communication between the client and server. RESTlets, however, require the knowledge of SuiteScript for their implementation.

They are a highly secure mode of integration; meaning that authentication is essential for any application trying to access a RESTlet. This allows users to have complete control over external applications accessing their RESTlets.

The main difference between Suitetalk and RESTlets is that RESTlets offer developers ease of adaptation, control and more customization. With RESTlets you can do anything that can be achieved with SuiteScript and then tailor it to your specific integration needs, making it perfect for building APIs to use in external applications.

There are 4 supported HTTP methods for RestLet in NetSuite, GET, POST, PUT, and DELETE.

RESTlets are most commonly used for Adding, Deleting, Manipulating or Retrieving data in NetSuite from an external Application.

To use a RESTlet you must create a script and deployment record based on the script.

How to create a RESTlet

1. Create a js file containing the RESTlet code.

2. Upload it to the Script page. Go to Customization > Scripting > Scripts > New

3. Click on the create script record button, enter the required details and click on save and deploy.

5. After entering all the pertinent details and saving the deployment record, a URL is generated that can used by internal or external applications.

Authentication Methods

Restlets require authentication in order to allow access for external systems. NetSuite RESTlets now support two types of authentication 

1.OAuth(Token Based Authentication)

2. OAuth 2.0

1. OAuth(Token Based Authentication):

With the TBA authorization flow, integration developers begin the process to grant access tokens in their application. The request token URL generates an intermediate (unauthorized) request token. A user for whom an access token is to be granted authorizes the request token and explicitly consents that the application can access NetSuite data. If this step succeeds, the application exchanges the request token for an access token to be used when calling a RESTlet or a web service.

2. OAuth 2.0:

OAuth 2.0 access is based on the authorization code grant flow for the generation of access tokens and refresh tokens, or the client credentials flow. The client credentials flow is a machine-to-machine flow for the generation of access tokens.

With the OAuth 2.0 authorization code grant flow, the application begins the process of granting the access token and refresh token by sending a GET request to the authorization endpoint.

Application developers and integrators can use the client credentials flow with OAuth 2.0. The client credentials flow is machine-to-machine and does not require any user interaction. Administrators and users with the OAuth 2.0 Authorized Applications Management permission can set up the flow and upload certificates for applications on the OAuth 2.0 Client Credentials (M2M) Setup page.

Both of these Authentication Methods require creation of an integration record in netsuite.

The following example demonstrates how to call or trigger a RESTlet from a Suitelet and external application called POSTMAN using OAuth(TBA).

Token based authentication requires generation of tokens for its authentication and in order to that the first step is to create an integration record and as follows :

To create an integration record for an application:

1. Go to Setup > Integration > Manage Integrations > New
2. Enter a Name for your application.
3. Enter a Description, if preferred.
4. The application State is Enabled by default. (The other option available for selection is Blocked.) The value of this field is always specific to one NetSuite account.
5. On the Authentication tab, check (or clear) the appropriate boxes for your application.

In some cases, more than one method of authentication may be specified on an integration record.

6. Click Save.

The confirmation page displays the Client Credentials (Consumer Key and Consumer Secret) for this application. The application developer will need this information.

Now, out of 4 tokens that need to be generated for TBA have been generated a Consumer key and secret, leaving the token key and secret, which will be done using the following steps.

1. Go to the home page and scroll down to settings and click on Manage Access Tokens.

2. Enter the mandatory details and click on save.

3. Token Key and Token Secret are generated.

The tokens generated will be used to call a RESTlet using either a Suitelet, or an external application called POSTMAN.

Using a Suitelet to call the RESTlet

1. To call a RESTlet using a Suitelet a js file needs to be created where the generated tokens will be stored.

2. Two external files are then downloaded and stored in the Netsuite file cabinet as oauth.js and cryptojs.js  .
3. The screenshot below shows a sample code in a Suitelet that calls the RESTlet.

Using a POSTMAN to call the RESTlet:

1. After opening the POSTMAN application a workspace should be created as shown below.

2. Go to collections and click on the + icon to create a new collection.

3. Click on the three dots beside the newly added collection and then click on add request.

4. Fill out the details below: 

1. The RESTlets URL endpoint

2. The tokens generated in the above process when creating an TBA integration record.

3. NetSuite Account ID

Under the body tab, select raw and in the last field which is a list field select JSON. The response tab shows whatever is returned in the RESTlet script.

Lastly, click on send to trigger the corresponding RESTlet, which returns a response seen in the Response tab in the bottom right corner.