How to connect to NetSuite from Microsoft Power Automate using OAuth 1.0

In this post I describe how to connect to NetSuite data from Microsoft Power Automate or Logic Apps, via REST Web Services, using some some help from Azure Functions to create NetSuite’s authentication signature.

1. NetSuite — Token Based Authentication

Enable Token Based Authentication at Setup > Company > Enable Features > SuiteCloud Sublist > Manage Authentication

2. NetSuite — Integration Record

Create an Integration Record with Token-based Authentication, on Setup > Integration > Manage Integrations > New

3. NetSuite — Role

Create a Token Role at Setup > Users/Roles > Manage Roles > New

Add these two permissions at Sublist Permissions > Setup

Add the permissions needed to access the information you need, at Permissions Sublist > Transactions

4. NetSuite — Permissions

Add Token Management Permissions to an employee, creating a new account if needed, at Lists > Employees > Employees > New

Add the permission as a role, at Access Sublist > Roles

5. NetSuite — Create Access Tokens

Create a new access token at Setup > Users/Roles > Access Tokens > New

Select the Integration, Employee, and Role you just created earlier.

Save the token ID and token secret.

6. Azure — Resource

Access your Azure account and create a new Windows Resource if needed, which will be used to host your new Function App for creating the signature needed to authenticate into NetSuite.

7. Azure — Function App

Create a new Function App inside your Resource. Select Powershell as the runtime stack.

Open the new Function App and go to the Functions section.

Click Add and select HTTP trigger as the new template to be created inside your Function App.

You can select anonymous if you want the function to be accessible by anyone without needing to authenticate.

8. Azure — Code

Open the new function, delete the pre-generated code, and add the following.

9. Azure — Get Function URL

Save the function’s link, as you’ll need to use it later in Power Automate.

10. Power Automate — Parameters

Save into variables the link from NetSuite you want to call to, and the encoded version of it.

• BaseURL = NetSuite's link you want to call to
• BaseURLEncoded = uriComponent(variables(‘BaseURL’))

Save into variables the values that will be needed for authenticating and for creating the signature.

• TimeStamp = div(sub(ticks(utcNow()),ticks(‘1970–01–01’)), 10000000)
• Nonce = rand(9999999,99999999)
• Consumer Key = ***YOUR CONSUMER KEY FROM NETSUITE***
• Consumer Secret = ***YOUR CONSUMER SECRET FROM NETSUITE***
• Token ID = ***YOUR TOKEN ID FROM NETSUITE***
• Token Secret = ***YOUR TOKEN SECRET FROM NETSUITE***

Save into variables the concatenation of all these values and the encoded result.

• ConcatenatedParameters = oauth_consumer_key=@{variables(‘Consumer Key’)}&oauth_nonce=@{variables(‘Nonce’)}&oauth_signature_method=HMAC-SHA256&oauth_timestamp=@{variables(‘TimeStamp’)}&oauth_token=@{variables(‘Token ID’)}&oauth_version=1.0
• ConcatenatedParametersEncoded = uriComponent(variables(‘ConcatenatedParameters’))

11. Power Automate — Prepare Signature

In order to create the signature we need to join the method we’re using on our NetSuite call, the encoded URL we’re calling, and the encoded parameters from above. If you’re making a POST rather than a GET, replace it here.

• SignatureMessage = GET&@{variables(‘BaseURLEncoded’)}&@{variables(‘ConcatenatedParametersEncoded’)}

We also need a key, which is a combination of the consumer secret and the token secret from NetSuite.

• SignatureKey = @{variables(‘Consumer Secret’)}&@{variables(‘Token Secret’)}

12. Power Automate — Create Signature

For creating the signature we’ll send all the information we just created above to our Azure Function, using a new HTTP request.

Method: GET
URI: Azure Function’s link
Queries — message: @{variables('SingatureMessage')}
Queries — secret: @{variables('SignatureKey')}

Store the Signature returned into a variable.

Signature = @{uriComponent(body(‘Get_Signature_from_Azure’))}

13. Power Automate — Create Authorization

By using the new signature we can now store into a variable the final authorization parameter that can be used to make the NetSuite request.

Notice that Realm is the same than your NetSuite’s Account ID, but replacing hyphens (if any) with underscores.

AuthorizationHeader = OAuth realm=”@{variables(‘Realm’)}”,oauth_consumer_key=”@{variables(‘Consumer Key’)}”,oauth_token=”@{variables(‘Token ID’)}”,oauth_signature_method=”HMAC-SHA256",oauth_timestamp=”@{variables(‘TimeStamp’)}”,oauth_nonce=”@{variables(‘Nonce’)}”,oauth_version=”1.0",oauth_signature=”@{variables(‘Signature’)}”

14. Power Automate — Connect to NetSuite

Using the Authorization as a header we can now call to NetSuite

Method = GET/POST/PUT
URI = @{variables('BaseURL')}
Headers — Authorization = @{variables('AuthorizationHeader')}