Account Configuration
This guide covers setting up Token-Based Authentication (TBA) and managing multiple NetSuite accounts in your SDF project.
Authentication Flow
┌─────────────────────────────────────────────────────────────────────────────┐
│ TOKEN-BASED AUTHENTICATION FLOW │
└─────────────────────────────────────────────────────────────────────────────┘
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ VSCode │ │ NetSuite │ │ Your │
│ (SDF CLI) │ │ Server │ │ Account │
└──────┬───────┘ └──────┬───────┘ └──────┬───────┘
│ │ │
│ 1. Request + Token │ │
│────────────────────────►│ │
│ │ │
│ │ 2. Validate Token │
│ │────────────────────────►│
│ │ │
│ │ 3. Token Valid │
│ │◄────────────────────────│
│ │ │
│ 4. Access Granted │ │
│◄────────────────────────│ │
│ │ │
│ 5. Deploy/Import │ │
│────────────────────────►│ │
│ │ │
Setting Up Token-Based Authentication
Step 1: Create Integration Record (Admin Required)
In NetSuite:
- Go to Setup → Integration → Manage Integrations → New
- Configure:
| Field | Value |
|---|---|
| Name | SuiteCloud Development |
| State | Enabled |
| Token-Based Authentication | ✓ Checked |
- Save and note the Consumer Key and Consumer Secret
Step 2: Create Access Token
- Go to Setup → Users/Roles → Access Tokens → New
- Configure:
| Field | Value |
|---|---|
| Application Name | SuiteCloud Development |
| User | Your user account |
| Role | Administrator or Developer role |
| Token Name | VSCode Development |
- Click Save
- IMPORTANT: Copy the Token ID and Token Secret immediately (shown only once!)
┌─────────────────────────────────────────────────────┐
│ Access Token Created │
├─────────────────────────────────────────────────────┤
│ │
│ Token ID: abc123def456ghi789jkl012... │
│ Token Secret: xyz987wvu654tsr321qpo098... │
│ │
│ ⚠️ SAVE THESE NOW - Cannot be retrieved later! │
│ │
└─────────────────────────────────────────────────────┘
Configure Account in VSCode
Method 1: VSCode Command Palette
- Press
Ctrl+Shift+P - Type "SuiteCloud: Set Up Account"
- Enter credentials when prompted:
┌─────────────────────────────────────────────────────┐
│ Account Setup │
├─────────────────────────────────────────────────────┤
│ │
│ Account ID: _________________________ │
│ (e.g., TSTDRV1234567 or 1234567) │
│ │
│ Authentication: Token-Based Authentication │
│ │
│ Token ID: _________________________ │
│ │
│ Token Secret: _________________________ │
│ │
│ Save account as: _________________________ │
│ (e.g., "Sandbox" or "Production") │
│ │
└─────────────────────────────────────────────────────┘
Method 2: Terminal Command
suitecloud account:setup
Follow the interactive prompts.
Managing Multiple Accounts
Typical Setup
Most developers work with multiple accounts:
┌─────────────────────────────────────────────────────────────────────────────┐
│ MULTI-ACCOUNT SETUP │
└─────────────────────────────────────────────────────────────────────────────┘
┌──────────────────┐
│ Your VSCode │
│ Project │
└────────┬─────────┘
│
├────────────────────┐
│ │
▼ ▼
┌──────────────────┐ ┌──────────────────┐
│ Sandbox │ │ Production │
│ TSTDRV1234567 │ │ 1234567 │
│ (Development) │ │ (Live) │
└──────────────────┘ └──────────────────┘
│ │
│ │
▼ ▼
For testing For deployment
Safe to break Be careful!
Add Multiple Accounts
Run setup for each account:
# Setup Sandbox
suitecloud account:setup
# Name it: "Sandbox"
# Setup Production
suitecloud account:setup
# Name it: "Production"
List Configured Accounts
suitecloud account:list
Output:
┌─────────────────────────────────────────────────────┐
│ Configured Accounts │
├─────────────────────────────────────────────────────┤
│ │
│ 1. Sandbox (TSTDRV1234567) ← Default │
│ 2. Production (1234567) │
│ │
└─────────────────────────────────────────────────────┘
Switch Default Account
# Set Sandbox as default
suitecloud account:setdefault --account "Sandbox"
# Set Production as default
suitecloud account:setdefault --account "Production"
Account Credentials Storage
Credentials are stored securely in your system's credential manager:
| OS | Storage Location |
|---|---|
| Windows | Windows Credential Manager |
| macOS | Keychain |
| Linux | Secret Service API |
View Stored Credentials (Windows)
- Open Credential Manager (Control Panel)
- Look under Windows Credentials
- Find entries starting with
suitecloud_
Role Requirements
Your NetSuite user role must have these permissions:
| Permission | Required For |
|---|---|
| SuiteCloud Development Integration | Basic SDF operations |
| SuiteScript | Deploying scripts |
| Custom Records | Deploying custom records |
| Saved Searches | Deploying saved searches |
| Workflow | Deploying workflows |
Recommended Role Setup
Create a dedicated "SDF Developer" role with:
- Setup → SuiteCloud Development → SuiteCloud Development Integration: Full
- Lists → Custom Records: Full
- Setup → SuiteScript: Full
- Reports → Saved Searches: Full
Deployment to Specific Account
Using VSCode
Ctrl+Shift+P→ "SuiteCloud: Deploy to Account"- Select target account from list
Using Terminal
# Deploy to default account
suitecloud project:deploy
# Deploy to specific account
suitecloud project:deploy --account "Sandbox"
# Deploy to Production
suitecloud project:deploy --account "Production"
Workflow: Sandbox to Production
┌─────────────────────────────────────────────────────────────────────────────┐
│ DEPLOYMENT WORKFLOW │
└─────────────────────────────────────────────────────────────────────────────┘
┌──────────────┐
│ Develop │
│ (Local) │
└──────┬───────┘
│
▼
┌─────────────────────────────────────┐
│ Deploy to Sandbox │
│ ───────────────────────────────────│
│ suitecloud project:deploy │
│ --account "Sandbox" │
└───────────┬─────────────────────────┘
│
▼
┌─────────────────────────────────────┐
│ Test in Sandbox │
│ ───────────────────────────────────│
│ Verify functionality │
│ Check for errors │
│ User acceptance testing │
└───────────┬─────────────────────────┘
│
▼
┌──────────────┐ No ┌─────────────────┐
│ Tests Pass? ├────────────►│ Fix & Redeploy │
└──────┬───────┘ └────────┬────────┘
│ Yes │
│ ◄──────────────────────┘
▼
┌─────────────────────────────────────┐
│ Code Review (Pull Request) │
│ ───────────────────────────────────│
│ Team reviews changes │
│ Approve for production │
└───────────┬─────────────────────────┘
│
▼
┌─────────────────────────────────────┐
│ Deploy to Production │
│ ───────────────────────────────────│
│ suitecloud project:deploy │
│ --account "Production" │
└───────────┬─────────────────────────┘
│
▼
┌──────────────┐
│ LIVE! │
└──────────────┘
Troubleshooting
"Invalid Token" Error
- Verify Token ID and Secret are correct
- Check token hasn't expired
- Ensure token's role has required permissions
- Recreate token if necessary
"Account ID not found"
- Verify Account ID format:
- Sandbox:
TSTDRV1234567 - Production:
1234567(numbers only)
- Sandbox:
- Check for typos
"Role does not have permission"
- Log into NetSuite with the same user
- Check role has SuiteCloud Development permissions
- Ask administrator to update role
Reset Account Configuration
# Remove an account
suitecloud account:remove --account "AccountName"
# Re-setup
suitecloud account:setup
Security Best Practices
| Practice | Description |
|---|---|
| Separate tokens | Use different tokens for Sandbox vs Production |
| Minimal permissions | Only grant necessary permissions to role |
| Regular rotation | Rotate tokens periodically |
| Revoke unused | Remove tokens for departed team members |
| Don't share | Each developer should have their own token |
Next Steps
- Project Structure - Understand all project files
- Deploy to Sandbox - First deployment walkthrough