Skip to main content

NetSuite Integrator Handoff

Send this checklist to the customer's NetSuite integrator after Core8 Customer Success generates the public certificate. It covers NetSuite-side setup for Core8 billing invoice creation only.

This checklist is not a full NetSuite sync permission matrix for opportunities, contacts, personnel, or product updates. The integrator should not sign in to Core8, configure Core8 settings, approve invoices, or run invoice tests.

What Core8 will send

Core8 Customer Success will provide:

  • The Core8 public certificate file (.pem)
  • The target NetSuite environment: production or sandbox
  • The requested integration record name, usually Core8
  • Any customer-specific notes, such as billing subsidiaries, billing currencies, invoice product names or NetSuite item IDs, and whether industry, taxpayer ID, class, tax code, receivables account, service-period, or multi-currency fields are used
Note

Do not ask Core8 for a private key. Core8 keeps the private key encrypted and only sends the public certificate that NetSuite needs for the OAuth 2.0 Client Credentials mapping.

What you need to do in NetSuite

1) Have an administrator enable required NetSuite features

A NetSuite administrator, or an equivalent role that can update company features, must go to Setup → Company → Enable Features and confirm these features are enabled:

  • REST Web Services
  • OAuth 2.0
  • SuiteAnalytics Workbook
  • Multiple Currencies, when the customer invoices in more than the NetSuite base currency

Core8 uses REST Record APIs and SuiteQL-backed lookups, so the REST, OAuth 2.0, and SuiteAnalytics features must stay enabled.

After the required features are enabled, the NetSuite person creating the integration record and M2M mapping must use the Administrator role or a role with these setup permissions:

PermissionWhy it is needed
Integration ApplicationCreate or update the Core8 integration record
OAuth 2.0 Authorized Applications ManagementCreate the OAuth 2.0 Client Credentials mapping and upload the Core8 public certificate
Note

NetSuite requires two-factor authentication for roles with OAuth 2.0 Authorized Applications Management.

2) Create or confirm the integration user and role

Use a dedicated non-Administrator role for Core8. Do not reuse the NetSuite Administrator role.

Choose an active NetSuite user for the integration and assign the dedicated Core8 role to that user before creating the OAuth 2.0 Client Credentials mapping. The user does not need to share a password with Core8.

Add these permissions:

Setup tab

PermissionLevel
REST Web ServicesFull
Log in using OAuth 2.0 Access TokensFull

Transactions tab

PermissionLevel
InvoiceFull
Find TransactionView

Reports tab

PermissionLevel
SuiteAnalytics WorkbookEdit

Lists tab

PermissionLevel
CustomersFull
Items, including Discount ItemsFull
SubsidiariesView, with access to every billing subsidiary Core8 will use
TermsView
CurrencyView
Billing SchedulesView
Customer CategoriesView
Accounting PeriodsView
Customer Statuses / Entity StatusesView
AccountsView
ClassesView, when class or deal type mapping is used
Sales Tax ItemsView

Custom record/list permissions

PermissionLevel
Custom Record - il_supp_langsView
Custom List - esc_industriesView, when industry mapping is used
Note

Core8 currently reads NetSuite salestaxitem records and writes the customer taxItem field. Grant View access to the Sales Tax Items or Tax Items list that backs customer tax codes in the customer's account. SuiteTax-only tax-code objects are not covered by this handoff unless Core8 Customer Success explicitly confirms support.

3) Confirm required setup data exists

Confirm the NetSuite account has:

  • At least one active subsidiary, and the dedicated Core8 role is not restricted away from any billing subsidiary Core8 will use
  • At least one payment term
  • Customer field custentity_il_pdf_lang and active PDF language records for that field
  • Active currencies required by the customer. Existing NetSuite customers reused for billing must support each intended invoice currency through their currency list or primary currency.
  • Active customer statuses used by the customer
  • Active NetSuite sales tax items (salestaxitem) for each billing subsidiary. Core8 billing requires a valid NetSuite customer taxItem.
  • Existing active invoice items/products for invoice lines. Items must use an invoice-eligible subtype: Sale or Resale, not Purchase. Each invoice product must either be linked by NetSuite item ID or have a NetSuite itemid that matches the invoice product name, case-insensitively.
  • Existing active Discount Item for discounted invoices. Do not rely on automatic creation during the first invoice, because account-specific mandatory item fields or forms can block creation.
Note

Core8 billing currently requires a usable NetSuite subsidiary for every invoice. Accounts without subsidiaries, or with custom mandatory forms, segments, or fields, need Core8 Customer Success review before testing.

If the customer uses class or receivables account defaults, also confirm:

  • Active classes for each required subsidiary
  • Active A/R accounts for customer receivables defaults

If the customer uses industry or taxpayer ID mapping, also confirm:

  • Custom List esc_industries
  • Entity field custentity_esc_industry
  • Entity field custentity_il_taxpayer_id

If the account has any mandatory customer, invoice header, custom form, or segment requirements beyond the fields listed here, send Core8 Customer Success the script IDs, allowed values or defaults, and role/form availability. Do the same for optional mapped fields Core8 Customer Success asks to use, such as customer CC email or invoice Record ID fields. Required customer, invoice header, form, and segment fields must have NetSuite defaults or values that Core8 Customer Success can configure before the first invoice test.

Mandatory invoice-line custom fields or line-level segments are not generally configurable by Core8 Customer Success. They must have NetSuite defaults, be optional for the Core8 role/form, or be explicitly confirmed by Core8 Product/Engineering before testing.

Confirm these transaction column fields exist and are available on invoice lines. Core8 writes them whenever an invoice includes service-period dates:

  • custcol_atlas_contract_start_date
  • custcol_atlas_contract_end_date

4) Create the integration record

Go to Setup → Integration → Manage Integrations → New.

Configure the integration record:

  • Name: Core8 or the name provided by Core8 Customer Success
  • State: Enabled
  • Grant: Client Credentials (Machine to Machine)
  • OAuth 2.0 scope: REST Web Services
Note

Do not enter a Redirect URI or callback URL for this setup. Core8 uses NetSuite OAuth 2.0 Client Credentials, so NetSuite authenticates Core8 with the uploaded certificate instead of redirecting a user back to Core8. If NetSuite asks for a Redirect URI, confirm that the grant is set to Client Credentials (Machine to Machine).

Save the integration record and copy the Client ID.

5) Create the OAuth 2.0 Client Credentials mapping

Go to Setup → Integration → Manage Authentication → OAuth 2.0 Client Credentials (M2M) Setup.

Create a new mapping:

  1. Click New.
  2. Select the NetSuite integration user.
  3. Select the dedicated Core8 integration role.
  4. Select the Core8 integration record.
  5. Upload the Core8 .pem public certificate.
  6. Save.
  7. Copy the generated Certificate ID.
Note

NetSuite M2M mappings are environment-specific. Production mappings are not copied to sandbox, and sandbox refreshes clear the mapping. Recreate this mapping after every sandbox refresh.

Note

NetSuite allows up to five active certificates per integration record. If the limit is reached, revoke an unused or expired certificate mapping before adding a new one.

Send this back to Core8 Customer Success

After the NetSuite setup is complete, send Core8 Customer Success:

ValueWhere to find it
NetSuite Account IDSetup → Company → Company Information
Client IDThe Core8 integration record
Certificate IDOAuth 2.0 Client Credentials (M2M) mapping
EnvironmentProduction or sandbox
ConfirmationIntegration user, role, application, and certificate mapping are complete
Mandatory field or segment detailsScript IDs, allowed values or defaults, and role/form availability, if any account-specific requirements exist

Do not send passwords, client secrets, private keys, or NetSuite admin credentials.

Note

After this handoff, Core8 Customer Success owns the Core8-side connection, configuration load, mapping/default setup, and one real invoice test. Those steps are not NetSuite integrator tasks and do not require integrator Core8 access.

Final NetSuite-side check

Before handing back the IDs, verify:

  • The integration role is assigned to the integration user.
  • The integration user is active.
  • The OAuth mapping uses the same user, role, application, and certificate.
  • The integration record has Client Credentials (M2M) enabled.
  • REST Web Services scope is enabled.
  • No Redirect URI or callback URL is configured for the Core8 integration record.
  • The Account ID matches the target environment. Sandbox Account IDs often include a suffix such as _SB2.

Troubleshooting

  • Certificate or grant error reported by Customer Success: confirm the uploaded .pem is the file Core8 sent and the Certificate ID matches that mapping.
  • Unauthorized error reported by Customer Success: confirm the integration user has the dedicated Core8 role and that all required permissions are present.
  • Configuration lists cannot be read: confirm SuiteAnalytics Workbook is enabled and the role has view access to subsidiary, term, currency, status, class, tax, and A/R account lists.