Finally, NetSuite has issued a warning about the use of confidential information in script parameters:
“Security Notice: Do Not Include Confidential Information in Script Parameters.”
While working on any sort of integration with NetSuite, we often need to place the integration access token, refresh token, or other confidential information in the script parameters or within a custom record in NetSuite. However, most of the time, these access tokens and refresh tokens are visible to everyone.
This issue is something that needs to be addressed. That’s where the NetSuite API Secrets Record comes in. Now, developers can manage integration-related confidential information using the API Secrets.
Why Use NetSuite API Secrets:
- Authentication: API secrets provide a way to authenticate and verify the identity of applications, services, or users making API requests.
- Authorization: Along with authentication, API secrets can enforce different levels of authorization. This ensures that even authenticated users or applications can only access specific resources and perform actions they are authorized for. It’s a means to control permissible actions.
- Security: Without proper authentication and authorization mechanisms, APIs are vulnerable to malicious attacks, data breaches, and unauthorized access. API secrets serve as a security barrier, protecting sensitive data from unauthorized or malicious intrusions.
- Rate Limiting: API secrets can also be utilized for rate limiting. This deters abuse of your API by setting a cap on the number of requests a particular key can make within a set time frame, preventing your server from being overwhelmed by excessive requests.
Steps to Create API Secrets:
Go to Setup > Company > API Secrets or you can directly search APi Secrets in global Search.
Hit Create New
- Add the Name for your token.
- Add the ID (Make sure to add some specific proper id ).this id can be used to retrieve the API Secrets and will be used in the code.
- Password Field will be used to add your confidential information.
- Add the description.
- A “file field” typically refers to a way of securely managing and distributing API secrets using files, often encrypted. This approach can enhance security and ease the management of secrets in certain scenarios.
Go to the Restrictions Tab
Add the Restrictions for this API Secrets.
- Hurrah! API secrets are created.
Code Snippet to Fetch the API Secrets From Code:
NetSuite’s API secrets are the cornerstone of a secure and efficient integration ecosystem. By adhering to best practices in generating, storing, and managing these secrets, businesses can leverage seamless data exchange while protecting their sensitive information from potential threats. As technology continues to evolve and reshape the business landscape, proficiency in API secrets management will emerge as a key differentiator, enabling operational excellence and fortifying customer trust.
The NetSuite REST API offers developers a potent and flexible means to interact with NetSuite data and automate business processes. By adhering to best practices and maximizing the capabilities of the REST API, businesses can enhance their operations, boost productivity, and secure a competitive advantage.