Skip to Content

Use NetSuite TBA in the NetSuite connector


This page describes how to use token-based authentication (TBA) using Jitterbit's NetSuite connector. Prior to configuring TBA in Jitterbit, see Jitterbit's recommendations for enabling TBA in NetSuite.


Those using two-factor authentication (2FA or TFA) in NetSuite are required to use TBA with Harmony. Learn more in NetSuite 2018.2 token-based authentication.

These instructions assume that you are already using SSO authentication on a NetSuite endpoint and want to change the method of authentication to use TBA. For full documentation on configuring a new TBA or SSO endpoint, see NetSuite connector endpoint.

To use the NetSuite Connector to convert an existing NetSuite endpoint configured with SSO authentication to use TBA, follow the steps on this page:

  1. Create a backup
  2. Convert to TBA
  3. Test the endpoint


To use TBA with the NetSuite Connector in Jitterbit, these criteria must be met:

  1. You must have the appropriate permissions role on your NetSuite account.

  2. You must be using SuiteTalk version 2015.2 or later.

  3. You must have TBA enabled for your NetSuite account.

  4. You must be using Harmony agents version 9.2 or later and Design Studio version 9.3.1 or later to convert an existing SSO endpoint to use TBA.


For additional information, refer to the NetSuite documentation on Getting Started with Token-based Authentication.

Create a backup

First, you may want to create a Jitterpak to have a backup copy of the project if needed.

Convert to TBA

Open your existing NetSuite endpoint by double-clicking the endpoint in the tree on the left under Connectors > NetSuite > NetSuite Endpoints.

In the configuration, click the button Convert to TBA.


In the popup window, enter the values to be used for Jitterbit to authenticate with your NetSuite instance using TBA. Then click Save.


For instructions on enabling TBA in NetSuite and obtaining the values needed for this screen, see Enable TBA in NetSuite.

endpoint convert to TBA

  • Account: Enter the NetSuite Account ID associated with your NetSuite account. For instructions on obtaining this value, see Enable TBA in NetSuite.

  • Wsdl Download Url: Enter the account-specific URL of the NetSuite WSDL used by the NetSuite instance. Jitterbit supports the WSDL versions listed in Prerequisites earlier on this page. Instructions for obtaining the account-specific WSDL URL are provided in NetSuite account-specific WSDL URL.


    Initially, it is recommended to use the same WSDL version as your existing SSO endpoint. If you need to upgrade your WSDL, it is recommended to do so separately. This is a recommended step for troubleshooting purposes, so that if you experience issues the cause can be determined.

  • Consumer Key and Consumer Secret: Enter the NetSuite Consumer Key and Consumer Secret values obtained from NetSuite. For instructions on obtaining these value, see Enable TBA in NetSuite.

  • Token Key and Token Secret: Enter the NetSuite Token ID and Token Secret values obtained from NetSuite. For instructions on obtaining these value, see Enable TBA in NetSuite.


    If you are using a NetSuite sandbox account, each time the sandbox is refreshed, you will need to create new tokens.

  • Signature Algorithm: Use the dropdown to select the signature algorithm to be used to sign the request, one of HMAC-SHA1 or HMAC-SHA256. The signature algorithm determines how the payload is encrypted.


    NetSuite has deprecated HMAC-SHA1 as a valid signature method in favor of HMAC-SHA256 as of these versions:

    • Non-Production Accounts: NetSuite version 2021.2 and later.
    • Production Accounts: NetSuite version 2023.1 and later.

    The deprecation of HMAC-SHA1 is independent of which WSDL version you specify in the configuration of the NetSuite endpoint.

  • Call Time Out: Optionally enter the call timeout value in seconds, if you want to the timeout value to be less than the agent setting.


    The default agent setting for timeout of NetSuite calls is 300 seconds.

  • Retry on Recoverable Exception (labeled Enable Retry Option in versions 10.36 and 10.37): This option is present in Design Studio versions 10.36 and later, and is functional only when using an environment associated with a private agent group whose agents are version 10.24 or later. Its behavior depends on the private agent version. When selected, this setting is used to retry a rejected request to NetSuite when either of these criteria is met:

    • Private agents 10.24 and later: NetSuite's governance limit for concurrent requests is reached and the error WS_REQUEST_BLOCKED is returned.
    • Private agents 10.36 and later: NetSuite does not return a response in the expected timeframe and a timeout exception occurs.

    To check your NetSuite account's concurrency limits, in the NetSuite UI, go to Setup > Integration > Integration Governance. For more information, see NetSuite's documentation on Concurrency Governance Limits Based on Service Tiers and SuiteCloud Plus Licenses.

    In order for this setting to take effect, the Jitterbit variable jitterbit.netsuite.async must not be set to true upstream of the operation.

    With private agents version 10.23 or earlier, on cloud agents, or if the Jitterbit asynchronous variable is enabled, this setting will be ignored.

    Select the Retry on Recoverable Exception checkbox to enable additional configuration options:

    endpoint wizard TBA credentials retry

    • Maximum Number of Retries (labeled Max Retry in versions 10.36 and 10.37): Enter the number of times (maximum of 5 retries) that a rejected request will be resent to NetSuite. If the request is still rejected after the maximum number of retries, an exception with an error message will be returned in the operation log. In addition, the private agent will log each retry in the jitterbit-agent.log log file.

      Each retry is treated as part of the same operation run, where only a single record appears in the operation log. Any On Success or On Failure conditions configured to run downstream operations are triggered based on the end status of the operation after retrying up to the maximum number of retries.

    • Retry Interval: Enter the number of seconds (maximum of 5 seconds) to wait between resending a rejected request to NetSuite.

Test the endpoint

After your endpoint is created, double-click the endpoint in the tree on the left under Connectors > NetSuite > NetSuite Endpoints.

Then click the Test Connection button to verify the connection to your NetSuite account.

endpoint configuration TBA

A message will indicate if the connection is successful. If the connection is not successful, make sure you meet the prerequisites and double check the values you provided on this screen. If you receive an error testing the connection, refer to troubleshooting information.

After you have successfully tested your NetSuite TBA endpoint, simply deploy your project to begin using TBA.