NetSuite Changelog
CommerceAPISecuritySuiteCommerceNew FeatureRelease Notes

Token Based Authentication in Commerce Developer Tools

Token Based Authentication is now required for using Commerce developer tools, supporting enhanced security measures for deployments.

·2 min read·1 views·View Oracle Docs

Token Based Authentication is essential for using Commerce developer tools, particularly with the requirement of two-factor authentication (2FA) implemented in NetSuite accounts since version 2018.2. This evolved model enhances security during fetch and deploy operations, ensuring that only authenticated users can access necessary resources.

Overview of Key Topics

The following sections provide crucial information regarding the use of developer tools in a NetSuite environment:

  • Token Based Authentication: This feature mandates users to authenticate, thereby enhancing security during development activities.
  • Mixed Domains in a Local Server: Important guidance on how to set up environments where local servers and live servers could work together.
  • Secure HTTP (HTTPS) with the Local Server: Details about the necessity of HTTPS usage for secure data transmission in local development settings.
  • Troubleshooting the Developer Tools: Common issues and solutions to help developers resolve any encountered problems.

Token Generation Requirements

To effectively utilize Token Based Authentication, you must meet the following criteria:

  • Ensure the Token Based Authentication feature is activated in your NetSuite account (mandatory for production environments).
  • Obtain a NetSuite role that grants the necessary permissions to execute fetch and deploy commands—usually available through the Administrator role.

Generating Tokens for Authentication

When generating an initial token, keep these considerations in mind:

  • After the first token generation, the same token will be used for all subsequent fetch and deploy operations unless explicitly overridden.
  • Organizations using account-specific domains (post-2021.2.1) must include their account number with gulp commands during operations. Reference the Gulp Command documentation for specific instructions.

By following the outlined steps above and understanding the context of Token Based Authentication, developers can securely manage their interaction points with NetSuite's Commerce developer tools effectively.

Frequently Asked Questions (4)

What role is required to generate an initial authentication token for NetSuite Commerce developer tools?
To generate an initial authentication token, you should use a role with necessary permissions, such as the Administrator role, and ensure that the Token Based Authentication feature is enabled in your NetSuite account.
Can I test my application locally with mixed domains when using NetSuite Commerce developer tools?
Yes, you can test your application locally using mixed domains. However, you may need to manually adjust the URL to switch from the production version to the local version during testing to avoid redirection issues.
How can I resolve mixed content errors when testing over HTTPS with the Commerce developer tools?
To resolve mixed content errors in Chrome when testing over HTTPS, you can click the shield icon in the address bar and select 'Load unsafe scripts' or launch Chrome with the `--allow-running-insecure-content` option.
Do I need to adjust any settings for secure HTTP connections while using the local server in NetSuite Commerce development?
Yes, you need to ensure that secure HTTP connections (HTTPS) are maintained for both development and testing on a local server to prevent security issues.
Source: Commerce Developer Tools Reference Oracle NetSuite Help Center. This article was generated from official Oracle documentation and enriched with additional context and best practices.

Was this article helpful?

More in Commerce

View all Commerce articles →