Articles on: Apps

How to Enable NetSuite Token-Based Authentication

Plans: Premium, Enterprise Platforms: All platforms


AfterShip Returns uses Token-Based Authentication (TBA) to connect securely with your NetSuite account. TBA is NetSuite's recommended method for third-party integrations β€” it avoids sharing your login password and gives you full control over what the integration can access.


By the end of this guide, you will have collected four credential values (sometimes called the "four keys") that you'll paste into AfterShip Returns to complete the connection:


Credential

Consumer Key

Consumer Secret

Token ID

Token Secret


⚠️ Important: The Consumer Secret and Token Secret are each shown only once, immediately after you save. Copy them to a safe place before closing the page.


Before You Begin


You will need Administrator access in NetSuite to complete all the steps below.


Step 1: Find Your Account ID


You'll need this later when connecting AfterShip Returns to NetSuite.


  1. Log in to your NetSuite account.
  2. Go to Setup β†’ Company β†’ Company Information.
  3. Find the Account ID field and copy the value, keep it handy.


Step 2: Enable Required Features


These settings must be turned on before any other steps will work. If you skip this step, some menu options in later steps may not appear.


  1. Go to Setup β†’ Company β†’ Enable Features.
  2. Click the SuiteCloud sub-tab.
  3. Under SuiteScript, check both:


  • Client SuiteScript
  • Server SuiteScript


  1. Under SuiteTalk (Web Services), check:

  • SOAP Web Services
  • REST Web Services


  1. Under Manage Authentication, check:

  • Token-Based Authentication


  1. Click I Agree, then click Save.



Step 3: Create an Integration Role


Creating a dedicated role (rather than using an existing admin role) limits the integration's access to only what it needs β€” a security best practice.



  1. Go to Setup β†’ Users/Roles β†’ Manage Roles β†’ New.
  2. Enter a clear Name for the role, such as AfterShip Integration Role.
  3. Before setting permissions, scroll to find Subsidiary Restrictions and set it to All.
  4. Add the following permissions across the relevant sub-tabs (set each to Full unless noted):


Transactions tab


Permission

Level

Find Transaction

Full

Sales Order

Full

Sales Order Approval

Full

Item Fulfillment

Full

Fulfill Orders

Full

Return Authorization

Full

Return Auth. Approval

Full

Credit Memo

Full

Credit Returns

Full

Item Receipt

Full

Receive Order

Full

Refund Returns

Full


Lists tab


Permission

Level

Accounts

Full

Contacts

Full

Currency

Full

Custom Record Entries

Full

Customers

Full

Documents and Files

Full

Items

Full

Locations

Full

Perform Search

Full

Persist Search

Create

Resource

Full


Reports tab


Permission

Level

SuiteAnalytics Workbook

Edit


Setup tab


Permission

Level

SOAP Web Services

Full

REST Web Services

Full

User Access Tokens

Full

Log in using Access Tokens

Full

Custom Transaction Fields

Full


⚠️ The User Access Tokens and Log in using Access Tokens permissions under the Setup tab are required for TBA to work. Do not skip them.


Click Save.


Step 4: Create a Dedicated Integration User


We recommend creating a dedicated NetSuite user for the integration. This keeps integration activity clearly separate in audit logs and makes it easier to revoke access if needed.



  1. Go to Lists β†’ Employees β†’ Employees β†’ New.
  2. Fill in the required fields, including Name (e.g., AfterShip Integration User) and Email.
  3. Click the Access sub-tab.
  4. Check the Give Access checkbox.
  5. In the Roles section, add the role you created in Step 3 (e.g., AfterShip Integration Role).
  6. Click Save.


Tip: If your organization does not allow creating new employee records for integrations, you can assign the integration role to an existing employee instead β€” just follow steps 3–6 on their record.


Step 5: Create an Integration Record


This step creates a "digital identity" for AfterShip Returns inside NetSuite and generates your first two credentials: the Consumer Key and Consumer Secret.




  1. Go to Setup β†’ Integration β†’ Manage Integrations β†’ New.
  • If you already have an existing AfterShip integration record, open it and skip to step 3.


  1. Enter a Name, such as AfterShip Returns Integration.
  2. On the Authentication sub-tab:

βœ… Check Token-Based Authentication

βœ… Check TBA: ISSUE TOKEN ENDPOINT


  1. Click Save.


πŸ”΄ Copy now, you won't get a second chance!
After saving, NetSuite immediately displays your Consumer Key and Consumer Secret. Copy both values and store them somewhere safe. These are credentials 1 and 2 of your four keys.
Note: The same Consumer Key and Consumer Secret can be reused across multiple access tokens if you ever need to create additional connections.


Step 6: Create an Access Token


This final step links together your Integration Record, Integration User, and Role β€” and produces your remaining two credentials: the Token ID and Token Secret.



  1. Go to Setup β†’ Users/Roles β†’ Access Tokens β†’ New.
  2. Fill in the fields:

  • Application Name β€” select the integration record from Step 5 (e.g., AfterShip Returns Integration)
  • User β€” select the integration user from Step 4 (e.g., AfterShip Integration User)
  • Role β€” select the integration role from Step 3 (e.g., AfterShip Integration Role)
  • Token Name β€” auto-filled, but you can rename it for clarity


  1. Click Save.


πŸ”΄ Copy now β€” you won't get a second chance!
After saving, NetSuite immediately displays your Token ID and Token Secret. Copy both values and store them somewhere safe. These are credentials 3 and 4 of your four keys.


Step 7: Connect AfterShip Returns


Now that you have all four credentials, you're ready to complete the connection.



  1. Go to the AfterShip Returns β†’ NetSuite integration page.
  2. Enter the following values:


  • Account ID (from Step 1)
  • Consumer Key (from Step 5)
  • Consumer Secret (from Step 5)
  • Token ID (from Step 6)
  • Token Secret (from Step 6)
  • Channel Order ID Field- It should be the field ID of eCommerce order ID in your Netsuite (eg, Shopify order ID,not the order number/ the order name)


  1. Click Connect (or Save) to establish the connection.


Once connected, AfterShip Returns will be able to sync orders, returns, and fulfillment data with your NetSuite account.


Quick Reference: Credentials Checklist


Use this checklist to make sure you've collected everything before heading to AfterShip Returns:


  • Account ID
  • Consumer Key
  • Consumer Secret
  • Token ID
  • Token Secret


If you run into any issues during setup, our support team is here to help. Reach out via the chat widget in the AfterShip Returns admin, or email us at [email protected].





Updated on: 09/06/2026