Before installing a NetSuite integration
You will need Administrator access to your NetSuite account.1. Enable required features
- Log in to NetSuite as an Administrator.
- Navigate to Setup > Company > Enable Features > SuiteCloud.
- Under Manage Authentication, check OAuth 2.0.
- Under SuiteScript, check Server SuiteScript.
- Under Manage Authentication (or SuiteTalk), check REST Web Services.
- Click Save.
2. Create an integration record
The integration record identifies the external application that will connect to your NetSuite account.- Navigate to Setup > Integration > Manage Integrations > New.
- Enter a Name for the integration (e.g. “Ampersand Integration”).
- Under the Token-based Authentication section:
- Uncheck TBA: Authorization Flow
- Uncheck Token-Based Authentication
- Under the OAuth 2.0 section:
- Uncheck Authorization Code Grant
- Check Client Credentials (Machine to Machine) Grant
- Under Scope, check the following:
- RESTlets
- REST Web Services
- Click Save.
- After saving, NetSuite displays the Consumer Key / Client ID under the Client Credentials section. Copy this value and store it securely — it is shown only once and cannot be retrieved later.
3. Generate a certificate key pair
Open a terminal in the folder where you want to create the files. You need OpenSSL available in that environment (macOS and most Linux distributions include it by default). On Windows, use Git Bash (bundled with Git for Windows, which includes OpenSSL), WSL, or install OpenSSL and ensure it is on yourPATH.
Run the following commands to generate an EC private key and a self-signed certificate:
private-key.pem— Your private key. You will base64-encode this and share it when installing the integration.cert.pem— Your public certificate. You will upload this to NetSuite in the next step.
private-key.pem:
LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0t...). It will be required during the installation process.
4. Create a machine-to-machine certificate mapping
- Navigate to Setup > Integration > OAuth 2.0 Client Credentials (M2M) Setup.
- Click Create New.
- Configure the following fields:
- Entity: Select the employee/user account the integration will run as.
- Role: Select a role. The role must include the Log in Using OAuth 2.0 Access Tokens permission.
- Application: Select the integration record you created in step 2.
- Certificate: Upload the
cert.pemfile you generated in step 3.
- Click Save.
- Copy the Certificate ID from the list — you will need this value when installing the integration.
Check that the
Valid Until date for the certificate is two years in the future. NetSuite allows a maximum validity of 730 days.5. Install the bundle
- Navigate to Customization > SuiteBundler > Search & Install Bundles.
- Search for the bundle name or ID.
- Select the bundle from the results and click Install.
- Wait for the installation to complete. This may take a few minutes.
6. Verify the deployment
- Navigate to Customization > Scripting > Scripts.
- Find the RESTlet script installed by the bundle.
- Click into the script record, then go to the Deployments tab.
- Verify the deployment Status is Released.
- Click on the name of the script, then note the URL — you will need it for the next step
Installing the integration
When you are installing the integration, you will be prompted for a number of inputs:
| Input | Where to find it |
|---|---|
| Client ID | The Consumer Key from step 2. |
| Certificate ID | From step 4. |
| Private Key | Base64-encoded contents of private-key.pem (from step 3) |
| Account ID | Your NetSuite URL (e.g. https://1234567.app.netsuite.com → Account ID is 1234567), or Setup > Company > Company Information. |
| RESTlet Deployment URL | This is printed out in the Deployments tab of the script (see previous step), and looks like /app/site/hosting/restlet.nl?script=3045&deploy=1. |
Sandbox accounts: If you are connecting a sandbox account, your Account ID may contain an underscore and suffix (e.g.
1234567_SB1). Provide it exactly as shown in your NetSuite URL or Company Information page.