NetSuite Integrator Handoff
Send this checklist to the customer's NetSuite integrator after Core8 Customer Success generates the public certificate. It covers NetSuite-side setup for Core8 billing invoice creation only.
This checklist is not a full NetSuite sync permission matrix for opportunities, contacts, personnel, or product updates. The integrator should not sign in to Core8, configure Core8 settings, approve invoices, or run invoice tests.
What Core8 will send
Core8 Customer Success will provide:
- The Core8 public certificate file (
.pem) - The target NetSuite environment: production or sandbox
- The requested integration record name, usually
Core8 - Any customer-specific notes, such as billing subsidiaries, billing currencies, invoice product names or NetSuite item IDs, and whether industry, taxpayer ID, class, tax code, receivables account, service-period, or multi-currency fields are used
Do not ask Core8 for a private key. Core8 keeps the private key encrypted and only sends the public certificate that NetSuite needs for the OAuth 2.0 Client Credentials mapping.
What you need to do in NetSuite
1) Have an administrator enable required NetSuite features
A NetSuite administrator, or an equivalent role that can update company features, must go to Setup → Company → Enable Features and confirm these features are enabled:
- REST Web Services
- OAuth 2.0
- SuiteAnalytics Workbook
- Multiple Currencies, when the customer invoices in more than the NetSuite base currency
Core8 uses REST Record APIs and SuiteQL-backed lookups, so the REST, OAuth 2.0, and SuiteAnalytics features must stay enabled.
After the required features are enabled, the NetSuite person creating the integration record and M2M mapping must use the Administrator role or a role with these setup permissions:
| Permission | Why it is needed |
|---|---|
| Integration Application | Create or update the Core8 integration record |
| OAuth 2.0 Authorized Applications Management | Create the OAuth 2.0 Client Credentials mapping and upload the Core8 public certificate |
NetSuite requires two-factor authentication for roles with OAuth 2.0 Authorized Applications Management.
2) Create or confirm the integration user and role
Use a dedicated non-Administrator role for Core8. Do not reuse the NetSuite Administrator role.
Choose an active NetSuite user for the integration and assign the dedicated Core8 role to that user before creating the OAuth 2.0 Client Credentials mapping. The user does not need to share a password with Core8.
Add these permissions:
Setup tab
| Permission | Level |
|---|---|
| REST Web Services | Full |
| Log in using OAuth 2.0 Access Tokens | Full |
Transactions tab
| Permission | Level |
|---|---|
| Invoice | Full |
| Find Transaction | View |
Reports tab
| Permission | Level |
|---|---|
| SuiteAnalytics Workbook | Edit |
Lists tab
| Permission | Level |
|---|---|
| Customers | Full |
| Items, including Discount Items | Full |
| Subsidiaries | View, with access to every billing subsidiary Core8 will use |
| Terms | View |
| Currency | View |
| Billing Schedules | View |
| Customer Categories | View |
| Accounting Periods | View |
| Customer Statuses / Entity Statuses | View |
| Accounts | View |
| Classes | View, when class or deal type mapping is used |
| Sales Tax Items | View |
Custom record/list permissions
| Permission | Level |
|---|---|
Custom Record - il_supp_langs | View |
Custom List - esc_industries | View, when industry mapping is used |
Core8 currently reads NetSuite salestaxitem records and writes the customer taxItem field. Grant View access to the Sales Tax Items or Tax Items list that backs customer tax codes in the customer's account. SuiteTax-only tax-code objects are not covered by this handoff unless Core8 Customer Success explicitly confirms support.
3) Confirm required setup data exists
Confirm the NetSuite account has:
- At least one active subsidiary, and the dedicated Core8 role is not restricted away from any billing subsidiary Core8 will use
- At least one payment term
- Customer field
custentity_il_pdf_langand active PDF language records for that field - Active currencies required by the customer. Existing NetSuite customers reused for billing must support each intended invoice currency through their currency list or primary currency.
- Active customer statuses used by the customer
- Active NetSuite sales tax items (
salestaxitem) for each billing subsidiary. Core8 billing requires a valid NetSuite customertaxItem. - Existing active invoice items/products for invoice lines. Items must use an invoice-eligible subtype: Sale or Resale, not Purchase. Each invoice product must either be linked by NetSuite item ID or have a NetSuite
itemidthat matches the invoice product name, case-insensitively. - Existing active Discount Item for discounted invoices. Do not rely on automatic creation during the first invoice, because account-specific mandatory item fields or forms can block creation.
Core8 billing currently requires a usable NetSuite subsidiary for every invoice. Accounts without subsidiaries, or with custom mandatory forms, segments, or fields, need Core8 Customer Success review before testing.
If the customer uses class or receivables account defaults, also confirm:
- Active classes for each required subsidiary
- Active A/R accounts for customer receivables defaults
If the customer uses industry or taxpayer ID mapping, also confirm:
- Custom List
esc_industries - Entity field
custentity_esc_industry - Entity field
custentity_il_taxpayer_id
If the account has any mandatory customer, invoice header, custom form, or segment requirements beyond the fields listed here, send Core8 Customer Success the script IDs, allowed values or defaults, and role/form availability. Do the same for optional mapped fields Core8 Customer Success asks to use, such as customer CC email or invoice Record ID fields. Required customer, invoice header, form, and segment fields must have NetSuite defaults or values that Core8 Customer Success can configure before the first invoice test.
Mandatory invoice-line custom fields or line-level segments are not generally configurable by Core8 Customer Success. They must have NetSuite defaults, be optional for the Core8 role/form, or be explicitly confirmed by Core8 Product/Engineering before testing.
Confirm these transaction column fields exist and are available on invoice lines. Core8 writes them whenever an invoice includes service-period dates:
custcol_atlas_contract_start_datecustcol_atlas_contract_end_date
4) Create the integration record
Go to Setup → Integration → Manage Integrations → New.
Configure the integration record:
- Name:
Core8or the name provided by Core8 Customer Success - State: Enabled
- Grant: Client Credentials (Machine to Machine)
- OAuth 2.0 scope: REST Web Services
Do not enter a Redirect URI or callback URL for this setup. Core8 uses NetSuite OAuth 2.0 Client Credentials, so NetSuite authenticates Core8 with the uploaded certificate instead of redirecting a user back to Core8. If NetSuite asks for a Redirect URI, confirm that the grant is set to Client Credentials (Machine to Machine).
Save the integration record and copy the Client ID.
5) Create the OAuth 2.0 Client Credentials mapping
Go to Setup → Integration → Manage Authentication → OAuth 2.0 Client Credentials (M2M) Setup.
Create a new mapping:
- Click New.
- Select the NetSuite integration user.
- Select the dedicated Core8 integration role.
- Select the Core8 integration record.
- Upload the Core8
.pempublic certificate. - Save.
- Copy the generated Certificate ID.
NetSuite M2M mappings are environment-specific. Production mappings are not copied to sandbox, and sandbox refreshes clear the mapping. Recreate this mapping after every sandbox refresh.
NetSuite allows up to five active certificates per integration record. If the limit is reached, revoke an unused or expired certificate mapping before adding a new one.
Send this back to Core8 Customer Success
After the NetSuite setup is complete, send Core8 Customer Success:
| Value | Where to find it |
|---|---|
| NetSuite Account ID | Setup → Company → Company Information |
| Client ID | The Core8 integration record |
| Certificate ID | OAuth 2.0 Client Credentials (M2M) mapping |
| Environment | Production or sandbox |
| Confirmation | Integration user, role, application, and certificate mapping are complete |
| Mandatory field or segment details | Script IDs, allowed values or defaults, and role/form availability, if any account-specific requirements exist |
Do not send passwords, client secrets, private keys, or NetSuite admin credentials.
After this handoff, Core8 Customer Success owns the Core8-side connection, configuration load, mapping/default setup, and one real invoice test. Those steps are not NetSuite integrator tasks and do not require integrator Core8 access.
Final NetSuite-side check
Before handing back the IDs, verify:
- The integration role is assigned to the integration user.
- The integration user is active.
- The OAuth mapping uses the same user, role, application, and certificate.
- The integration record has Client Credentials (M2M) enabled.
- REST Web Services scope is enabled.
- No Redirect URI or callback URL is configured for the Core8 integration record.
- The Account ID matches the target environment. Sandbox Account IDs often include a suffix such as
_SB2.
Troubleshooting
- Certificate or grant error reported by Customer Success: confirm the uploaded
.pemis the file Core8 sent and the Certificate ID matches that mapping. - Unauthorized error reported by Customer Success: confirm the integration user has the dedicated Core8 role and that all required permissions are present.
- Configuration lists cannot be read: confirm SuiteAnalytics Workbook is enabled and the role has view access to subsidiary, term, currency, status, class, tax, and A/R account lists.