Skip to main content
This guide walks you through setting up NetSuite OAuth authentication for Gumloop. By following these steps, you’ll configure a secure OAuth integration that allows Gumloop to connect to your NetSuite account on behalf of your users.
Intended Audience: NetSuite administrators with administrator access or users with Integration Application permission. This setup is performed once and enables OAuth authentication for your organization’s NetSuite connection.
This guide provides basic setup instructions for integrating NetSuite with Gumloop. For production environments and security best practices, please refer to the official NetSuite OAuth 2.0 documentation to ensure your configuration meets your organization’s security requirements.

What This Guide Covers

This documentation will help you:
  1. Create a NetSuite Integration Record - Register Gumloop as an OAuth 2.0 client in NetSuite
  2. Configure Role Permissions - Set up OAuth permissions for user roles
  3. Retrieve OAuth Credentials - Get the Client ID and Client Secret needed for Gumloop
  4. Configure Gumloop (Administrator) - Add the NetSuite OAuth Config to your organization
  5. User Authentication - Connect individual user accounts
Once complete, your team will be able to authenticate NetSuite connections through OAuth in Gumloop.

Overview

NetSuite OAuth integration enables secure authentication between Gumloop and your NetSuite ERP account. Instead of sharing static credentials, OAuth allows users to authorize Gumloop to access NetSuite on their behalf with automatic token refresh and better security controls.

Why Use NetSuite OAuth with Gumloop?

Enhanced Security

OAuth tokens are temporary and can be revoked, reducing the risk of credential exposure

Automatic Token Refresh

Refresh tokens keep your connection active without manual re-authentication

Centralized Control

Manage access and permissions directly in NetSuite

Audit Trail

Track OAuth authentication events in NetSuite’s audit logs

Prerequisites

Before you begin, ensure you have:
  • NetSuite Account Access - You need administrator access or Integration Application permission
  • NetSuite Account ID - Your NetSuite account identifier (e.g., 1234567 or 1234567_SB1 for sandbox)

Step 1: Create the NetSuite Integration Record

You’ll create an OAuth 2.0 integration record in NetSuite to register Gumloop as an authorized application.

1.1 Navigate to Integration Management

  1. Log in to your NetSuite account
  2. Navigate to Setup > Integration > Manage Integrations > New
If you don’t have access to this menu, contact your NetSuite administrator to either grant you the necessary permissions or create the integration on your behalf.

1.2 Configure Basic Information

Enter the following details in the integration record:
  • Name: Gumloop (or your preferred name, e.g., “Gumloop NetSuite Integration”)
  • Description: Optional description for documentation purposes
  • State: Set to Enabled

1.3 Configure Authentication Settings

On the Authentication subtab, configure the following settings:
1

Enable Token-Based Authentication

Check Token-Based Authentication to enable this authentication method.
2

Configure OAuth 2.0 Settings

Under OAuth 2.0, configure the following:
  • Authorization Code Grant: Check this option
  • Public Client: Check this option (required for the integration)
  • Redirect URI: Enter https://api.gumloop.com/auth/callback
Important: The redirect URI must be exactly https://api.gumloop.com/auth/callback. The http:// scheme is not supported for security reasons.
3

Enable Required Scopes

Enable the following scopes (you can remove other enabled scopes):
  • RESTlets - Required for RESTlet access
  • REST Web Services - Required for REST API access
These are the minimum required scopes for Gumloop to interact with NetSuite records and run SuiteQL queries.
4

Enable User Credentials

Under User Credentials, check User Credential to enable user-based authentication.

1.4 Optional Settings

You may also configure these optional settings based on your organization’s needs:
  • Refresh Token Validity: Default is 48 hours (range: 1-720 hours)
  • Maximum Time For Token Rotation: Default is 168 hours (range: 1-720 hours)
  • OAuth 2.0 Consent Policy: Choose “Always Ask”, “Never Ask”, or “Ask First Time”

1.5 Save and Record Credentials

  1. Click Save
  2. After saving, copy and securely store your:
    • Client ID
    • Client Secret
    • Account ID
Important: The Client ID and Client Secret are only displayed once after saving. If lost, you’ll need to reset them to obtain new values. Store these credentials securely.

Step 2: Configure Role Permissions

OAuth is not automatically enabled for all NetSuite roles. You must configure the appropriate permissions for users who will authenticate via OAuth.

2.1 Edit User Roles

  1. Navigate to Setup > Users/Roles > Manage Roles
  2. Edit the role you want to use for OAuth authentication

2.2 Add OAuth Permissions

Under Permissions > Setup, add the following OAuth permissions:
PermissionDescription
OAuth 2.0 Authorized Applications ManagementFor admins managing auth apps
Log in using OAuth 2.0 Access TokensRequired for OAuth 2.0 login

2.3 Add Functional Permissions

Under Permissions > Setup or Permissions > Web Services, add the functional permissions required for your integration:
PermissionDescription
REST Web ServicesAccess to REST API endpoints
RESTletsAccess to RESTlet scripts
User Access TokensAbility to use access tokens
The specific permissions needed depend on your use case. At minimum, ensure REST Web Services and RESTlets are enabled for the role.

2.4 Save the Role

Click Save to apply the permission changes.
For detailed information on role permissions, refer to the NetSuite OAuth 2.0 documentation.

Step 3: Configure Gumloop Credentials

Now that you have your NetSuite OAuth credentials, you’ll add them to Gumloop. The setup process differs based on your Gumloop plan.
Understanding the Two Credential Types:
  • NetSuite OAuth Config - Contains the Client ID and Client Secret from your NetSuite integration record
  • NetSuite - Your personal NetSuite authentication that uses the OAuth Config to connect
Both credentials are required for NetSuite OAuth to work. The difference is where the OAuth Config is stored based on your plan.
  • Team & Enterprise Plans
  • Individual Users (Free/Pro Plans)
For users on Team or Enterprise plans, organization administrators can configure the NetSuite OAuth Config once at the organization level. After this setup, all organization members only need to add their personal NetSuite credentials.

Administrator Setup

  1. Navigate to Gumloop Organization Credentials Page
  2. Search for “NetSuite OAuth Config” in the credentials list
  3. Click Add Credential
  4. Enter the following information:
    • Client ID: The Client ID from Step 1.5
    • Client Secret: The Client Secret from Step 1.5
  5. Save the configuration
Once an organization admin completes this setup, all organization members can authenticate with NetSuite without needing to configure the OAuth Config themselves.

User Setup (After Admin Configuration)

After your organization admin has configured the OAuth Config:
  1. Navigate to Personal Gumloop Credentials Page
  2. Click Add Credential
  3. Select NetSuite from the list of integrations
  4. Enter your workspace name (the first part of your NetSuite URL, e.g., gumloop for gumloop.app.netsuite.com)
  5. Click Add credential - you’ll be redirected to NetSuite to log in and authorize
  6. After logging in, you’ll be redirected back to Gumloop with a successful connection

Step 4: User Authentication

Once the NetSuite OAuth Config is set up (either at the organization level or personally), users can connect their NetSuite accounts with a simple OAuth flow.

4.1 Connect Your NetSuite Account

  1. Navigate to Personal Gumloop Credentials Page
  2. Click Add Credential
  3. Select NetSuite from the list of integrations
  4. Enter your workspace name - this is the first part of your NetSuite URL (e.g., gumloop for gumloop.app.netsuite.com)
  5. Click Add credential
Finding Your Workspace NameYour workspace name is the subdomain of your NetSuite account URL:
  • If your NetSuite URL is https://gumloop.app.netsuite.com, your workspace name is gumloop
  • If your NetSuite URL is https://mycompany.app.netsuite.com, your workspace name is mycompany

4.2 Authorize via NetSuite

After clicking Add credential:
  1. You’ll be automatically redirected to NetSuite’s login page
  2. Log in with your NetSuite credentials
  3. Review and approve the requested permissions
  4. You’ll be redirected back to Gumloop with a successful connection
The entire process takes just a few seconds - enter your workspace name, click Add credential, log in to NetSuite, and you’re done!

4.3 Verify Your Connection

To confirm your OAuth connection is working correctly:
  1. Go to Gumloop Credentials Page
  2. Search for NetSuite
  3. If the connection is successful, you should see your NetSuite account connected

Troubleshooting

”Invalid Client” Error

Problem: Getting an “invalid_client” error when connecting Solution:
  • Verify the Client ID and Client Secret are correct in the NetSuite OAuth Config
  • Check that the integration is enabled in NetSuite
  • Ensure the redirect URI matches exactly: https://api.gumloop.com/auth/callback

”Access Denied” or Permission Errors

Problem: Connected successfully but NetSuite operations return permission errors Solution:
  • Verify the user’s role has the required OAuth permissions (Step 2)
  • Ensure REST Web Services and RESTlets scopes are enabled on the integration
  • Check that the user has been assigned a role with the necessary permissions

OAuth Not Working for Specific Users

Problem: Some users can’t authenticate via OAuth Solution:
  • OAuth is not automatically enabled for all roles
  • Verify the user’s role has “Log in using OAuth 2.0 Access Tokens” permission
  • Check that the role has REST Web Services and RESTlets permissions

Token Expiring Too Quickly

Problem: Users need to re-authenticate frequently Solution: Increase the refresh token validity in your NetSuite integration record:
  1. Go to Setup > Integration > Manage Integrations
  2. Edit your Gumloop integration
  3. Increase Refresh Token Validity (up to 720 hours / 30 days)

Security Best Practices

Regular Credential Rotation

Periodically rotate your OAuth client secrets to maintain security

Principle of Least Privilege

Grant users only the minimum NetSuite roles needed for their work

Monitor OAuth Activity

Regularly review OAuth token usage in NetSuite audit logs

Role-Based Access

Use NetSuite roles to control what data users can access through Gumloop
For comprehensive security guidance and advanced configuration options, refer to the official NetSuite OAuth 2.0 documentation.

Additional Resources

Need Help?

If you encounter issues not covered in this guide:
  1. Check the NetSuite OAuth 2.0 documentation for detailed technical information
  2. Contact your NetSuite administrator for account-specific issues
  3. Reach out to Gumloop Support for integration assistance