SuiteAnalytics Connect – Token-based Authentication via Python

With the release of datasource for SuiteAnalytics Connect, NetSuite continues to improve the feature. Until recently, connection to SuiteAnalytics Connect was only possible through username and password combination. It is not a good practice in terms of security and also additional layer of authentication like 2FA was not possible.

Token-based Authentication is not a new method for Restlet and SuiteTalk integrations in NetSuite. However, it was introduced to SuiteAnalytics Connect recently. Administrators now can create an Integration record and enable TBA for the role that will be used for SuiteAnalytics Connect. This will allow the integration to be managed easily and also the password is not needed to be shared anymore.

In addition, Data Warehouse Integrator (DWI) role was also introduced which has access to all resources in the NetSuite Account through datasource. This means that Administrators will not need to maintain the role permissions for each record type in the case that a generic access is sufficient.

Developers, who are maintaining the integration to SuiteAnalytics Connect should update their code to comply with the requirements of TBA. This means, replacing username with “TBA” and generating one time use token password using OAuth 1.0 to be used as password. Steps for generating token are:

  1. Generate base string using NetSuite Account ID, Consumer Key, Token ID, Nonce and Timestamp
  2. Generate signature key using Consumer Secret and Token Secret
  3. Create signature with HMAC-SHA256 algorithm using the signature key and the base string
  4. Base64 encode the generated signature and append the signature method (currently HMAC-SHA256)
  5. Generate password using the base string and the signature string.

After authenticating to the service, developers should consider the session timeout which is 60 minutes at the moment. Queries running longer will be executed and response will be returned but session will expire. For more information on this topic, please review the Token-based Authentication for Connect topic in NetSuite Help Center.

Data team in our company is using Python for querying information from NetSuite. To assist them for the connectivity, I created a JDBC Connection Module written in Python. This way, they can continue focusing on the data and we will not need to exchange information regarding the TBA requirements.

For my testing, I used JPype module for connecting to SuiteAnalytics Connect service from Python. Therefore, JDBC drivers are used for building the connection. However, Generating the token password should be same for connections using ODBC drivers. To test and showcase the Python module, I also developed an example script. The credentials are hardcoded in the example script but for real time scenario, it is better to retrieve those from a secure place. Source code of the Python JDBC Connection Module is available on our GitHub page.

We would like to hear your opinion if you liked this solution or if you discover something missing, something not working properly, a better option, weird coding. If you have any comments on this solution, please use the section below. For any other communication, please use the form on the Contact Us page.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.