NetSuite OAuth Setup

Step 1: Create an OAuth account in Coupa for NetSuite

To set up your Coupa instance with a new connection:

  1. Go to Setup > Integrations > Oauth2/OpenID Connect Clients and click Create.
  2. For Grant Type select Client credentials.
  3. Specify a Name for the Client, Login, Contact info, and Contact Email.
  4. Select the following scopes to enable the NetSuite bundle:
    • core.common.read
    • core.common.write
    • core.expense.read
    • core.expense.write
    • core.inventory.receiving.read
    • core.inventory.receiving.write
    • core.invoice.read
    • core.invoice.write
    • core.pay.payments.read
    • core.pay.payments.write
    • core.pay.virtual_cards.read
    • core.pay.virtual_cards.write
    • core.payables.invoice.read
    • core.payables.invoice.write
    • core.purchase_order.read
    • core.purchase_order.write
    • core.supplier.read
    • core.supplier.write
    • core.payables.order.read
    • core.payables.order.write
    Note:

    Scopes are like a set of permissions set on the API key. In order to implement API permissions with OIDC, we've created several new scopes that provide access to specific functionality for the API.

    You can find the list of scopes and their underlying Coupa permissions by going to the Scope management page at /oauth2/scopes. When you drill down into a scope, you can see the specific API permissions associated with that scope.

  5. Click Save.

    Saving the client gives you values of the client Identifier and Secret which are needed to gain access to the API Scopes you have defined for it. Click Show/Hide to display and copy the Secret.

We need an access token to be able to access APIs and it only lasts for 24 hours, so Coupa’s recommendation is to renew the token every 20 hours (like a refresh token). With the Netsuite bundle, it's automated.

Step 2: Update to the latest version of the Coupa P2P + Expenses bundle

  1. Log in to NetSuite and check the client version
  2. Go to Customization > SuiteBundler > Search & Install Bundles > List form the top tool bar.

  3. Search for Coupa P2P + Expenses Bundle.

    Note:

    The Bundle version must be 7.0.0 or above to support OAuth

  4. Upgrade to the latest bundle by clicking the configuration icon () and then selecting Update.

    The Bundle page opens.

  5. Set all values in the PREFERENCE column to Do Not Update Deployments since we don't want to overwrite any script deployment parameters that have already been set up.

  6. Select Update Bundle.

    The status changes to Pending. Wait for it to finishing updating.

It may take several minutes to update. When it's finished, a green checkmark appears.

Note:

If the update fails, try again. Sometimes NetSuite resources aren’t immediately available and the update fails for no apparent reason.

General observations

  • This process should NOT overwrite any of your customization in the script deployment or alter the instance credentials.
  • Please install it in your SANDBOX first and confirm the changes aren’t going to impact any of your current processes.
  • Please review the changes made in the release notes so that you are aware which scripts are being affected and why. This should allow you to better target testing.

Step 3: Configure NetSuite to use OAuth instead of API keys

  1. Go to Setup > Company > General Preferences and scroll down to Customer Preferences.
  2. Under the Coupa P2P + Expenses Bundle header, provide the OIDC client identifier and client secret from the previous section. Also include the base URL of your Coupa instance in the form of https://{your_instance}.coupahost.com.

    Note:

    If any one of the above three fields are missing, NetSuite won't use OAuth to authenticate.

  3. To remove the API Key from your existing Coupa scripts, go to Customization > Scripting > Scripts.

    The Scripts page opens.

  4. Under SCRIPT FILE, select - All - and under FROM BUNDLE, select 84306.

    All of the Coupa P2P scripts used by the bundle displayed.

  5. Select the Deployments link for a script.

    The Script Deployments page opens.

  6. Select Edit for the deployment and then select Parameters.
  7. Blank out the value for the COUPA API Key. Do not change the COUPA URL.

  8. Repeat for each Coupa script shown back in Step 5.

By removing the Coupa API Key from each script, NetSuite won't be able to use keys to access Coupa, and will now need to rely on OAuth.

Step 4: Check OAuth logging for each script during testing

  1. Go to Customization > Scripting > Scripts.

    The Scripts page opens.

  2. Under SCRIPT FILE, select - All - and under FROM BUNDLE, select 84306.

    All of the Coupa P2P scripts used by the bundle displayed.

  3. Select the Deployments link for a script.

    The Script Deployments page opens.

  4. Select Edit for the deployment and then select Execution Log.

Any script that can use OAuth but isn't configured yet has a deprecation notices similar to the ones shown above. These notices dissapear when you've fully implemented OAuth correctly. Then they will show an OAuth response code of 200 instead.