How to Connect to NetSuite from Microsoft Power Automate using OAuth 1.0 ?
Introduction
Connecting NetSuite to Microsoft Power Automate using OAuth 1.0 allows for seamless data integration and automation between the two platforms. This guide will walk you through the process step-by-step, ensuring you can leverage the power of both tools efficiently.
Prerequisites
Before we begin, make sure you have the following:
· A NetSuite account with necessary permissions
· Microsoft Azure account
· A Microsoft Power Automate account (Premium)
Step 1: Enable Token-Based Authentication in NetSuite
- Navigate to Setup > Company > Enable Features > SuiteCloud.
- Under the “Manage Authentication” section, enable “Token-Based Authentication”
Step 2: Create an Integration Record in NetSuite
1. Go to Setup > Integration > Manage Integrations > New.
2. Enter a name for your integration and ensure “Token-Based Authentication” is checked.
3. Save and note the Consumer Key and Consumer Secret.
Step 3: Set Up Roles and Permissions in NetSuite
- Go to Setup > Users/Roles > Manage Roles > New.
2. Add necessary permissions under “Permissions Sublist”.
3. Add Token Management Permissions to an employee, creating a new account if needed, at Lists > Employees > Employees > New
4. Add the permission as a role, at Access Sublist > Roles
Step 4: Generate Access Tokens in NetSuite
- Go to Setup > Users/Roles > Access Tokens > New.
2. Select the Integration, Employee, and Role created earlier.
3. Save and note the Token ID and Token Secret.
Steps to Create an Azure Function for HMAC-SHA256 Signature Generation
Step 1: Create a New Function App in Azure Portal
1. Go to the Azure Portal.
2. Click on “Create a resource” and search for “Function App”.
3. Click “Create” and fill in the necessary details such as Subscription, Resource Group, Function App name, Runtime stack (choose Powershell Core), and Region.
4. Click “Review + create” and then “Create” to provision your Function App.
Step 2: Create a New Function
- Once the Function App is created, click on “Go to Resource”.
2. Click on “Create function” to create a new function in Azure portal.
3. Choose the “HTTP trigger” template.
4. Configure the new function by giving it a name and choosing “Anonymous” for the authentication level.
5. Click “Create”.
Step 3: Write the Function Code
- Navigate to your new function and click on the “Code + Test” option.
- Delete the default code and replace it with the following code:
using namespace System.Net
# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)
# Write to the Azure Functions log stream.
Write-Host "PowerShell HTTP trigger function processed a request."
# Interact with query parameters or the body of the request.
$message = $Request.Query.message
if (-not $message) {
$message = $Request.Body.message
}
$secret = $Request.Query.secret
if (-not $secret) {
$secret = $Request.Body.secret
}
# Sign Using HMAC SHA 256
$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Text.Encoding]::ASCII.GetBytes($secret)
$signature = $hmacsha.ComputeHash([Text.Encoding]::ASCII.GetBytes($message))
$signature = [Convert]::ToBase64String($signature)
#Return the Signature created
$body = $signature
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = $body
})Step 4: Save and Test the Function
- Save the code in the Azure portal.
- Click on “Test/Run” to test your function.
- Provide test values for message and secret in the query parameters.
- Click “Run” and check the output to ensure the function returns the expected HMAC-SHA256 signature.
Step 5: Get the Function URL
- Go back to the “Overview” section of your function.
- Click on “Get function URL” and copy the URL. This URL will be used in Power Automate.
Using the Azure Function in Power Automate
Step 1: Initialize Variables in Power Automate
- Save into variables the link from NetSuite you want to call to, and the encoded version of it:
- BaseURL = NetSuite’s link you want to call to
- BaseURLEncoded = uriComponent(variables(‘BaseURL’))
2. Save into variables the values that will be needed for authenticating and for creating the signature:
- TimeStamp = div(sub(ticks(utcNow()),ticks(‘1970–01–01’)), 10000000)
- Nonce = rand(9999999,99999999)
- ConsumerKey = YOUR CONSUMER KEY FROM NETSUITE
- ConsumerSecret = YOUR CONSUMER SECRET FROM NETSUITE
- TokenID = YOUR TOKEN ID FROM NETSUITE
- TokenSecret = YOUR TOKEN SECRET FROM NETSUITE
3. Save into variables the concatenation of all these values and the encoded result:
- ConcatenatedParameters = oauth_consumer_key=@{variables(‘ConsumerKey’)}&oauth_nonce=@{variables(‘Nonce’)}&oauth_signature_method=HMAC-SHA256&oauth_timestamp=@{variables(‘TimeStamp’)}&oauth_token=@{variables(‘TokenID’)}&oauth_version=1.0
- ConcatenatedParametersEncoded = uriComponent(variables(‘ConcatenatedParameters’))
Step 2: Prepare Signature
- Join the method you’re using on your NetSuite call, the encoded URL you’re calling, and the encoded parameters from above. If you’re making a POST rather than a GET, replace it here:
SignatureMessage = GET&@{variables(‘BaseURLEncoded’)}&@{variables(‘ConcatenatedParametersEncoded’)} - Create a key, which is a combination of the consumer secret and the token secret from NetSuite:
SignatureKey = @{variables(‘ConsumerSecret’)}&@{variables(‘TokenSecret’)}
Step 3: Create Signature
- Send all the information you just created above to your Azure Function, using a new HTTP request:
- Method: GET
- URI: Azure Function’s link
- Query parameters:
- message: @{variables(‘SignatureMessage’)}
- secret: @{variables(‘SignatureKey’)}
2. Store the Signature returned into a variable:
- Signature = @{uriComponent(body(‘HTTP — Get_Signature_from_Azure’))}
Step 4: Create Authorization Header
- Store into a variable the final authorization parameter that can be used to make the NetSuite request. Notice that Realm is the same as your NetSuite’s Account ID, but replacing hyphens (if any) with underscores:
- AuthorizationHeader = OAuth realm=”@{variables(‘Realm’)}”,oauth_consumer_key=”@{variables(‘ConsumerKey’)}”,oauth_token=”@{variables(‘TokenID’)}”,oauth_signature_method=”HMAC-SHA256",oauth_timestamp=”@{variables(‘TimeStamp’)}”,oauth_nonce=”@{variables(‘Nonce’)}”,oauth_version=”1.0",oauth_signature=”@{variables(‘Signature’)}”
Step 5: Connect to NetSuite
- Using the Authorization as a header, call to NetSuite:
- Method: GET/POST/PUT
- URI: @{variables(‘BaseURL’)}
- Headers: Authorization = @{variables(‘AuthorizationHeader’)}
Conclusion
You have now created an Azure Function for HMAC-SHA256 signature generation and used it within a Power Automate flow to connect to NetSuite using OAuth 1.0. This method ensures that your sensitive signature generation logic is securely handled in Azure, while Power Automate orchestrates the API calls seamlessly.
For any further consulting required, you can always reach out to me at leadanubhav@consultanubhav.com .
I hope this article was informative and provided you with the details you required. If you have any questions related to any problems while reading the blog, message me on Instagram or telegram handle : t.me/helpmeanubhav or LinkedIn
