Create a ZoneBilling Workato Connection

Follow the steps in this article to establish a connection with the ZoneBilling connector in Workato. 

Perquisites

The following features must be enabled in NetSuite. 

1. Token-based Authentication
2. OAuth 2.0 

See Enable the Token-based Authentication Feature and Enable the OAuth 2.0 Feature in SuiteAnswers for more information. 

Overview of Steps

1. In NetSuite: Setup a specific role and user to be set on a new Integration record. 
2. On User's Device: Generate a Certificate and Private Key. 
3. In NetSuite: Upload the Certificate to NetSuite. 
4. In Workato: Create the Workato connection with the Private Key. 

The attached template at the bottom of the article can be used to help track/log important values throughout the steps. 

Setup an Integration & Certificate in NetSuite

Configure a Role

It is best practice to create a role specific for integration to ensure the integration has all the necessary permissions it needs without the security risk of overlapping with a UI user. 

• In NetSuite, navigate to Setup > Users/Roles > Manager Roles
  • While you can use the Zone Advanced Billing Administrator role as-is, it is common to customize it to modify permissions to be more or less restrictive to suit the exact business requirements.  
    • Alternatively, a new role can also be created from scratch. 
  • At minimum, the role must include the following: 
    • Single-Sign On Only - unchecked
    • Web Services Only - unchecked
    • Permissions 
      • Lists
        • Documents & Files - Edit
        • Export Lists - Create
        • Perform Search - Full
        • Persist Search - Create
      • Setup
        • Allow JS / HTML Uploads - Full
        • Log in using Access Tokens - Full
        • SuiteScript - Full
        • SuiteScript Scheduling - Full
        • Custom Fields - View
          
        • Other Custom Fields - View
          
        • Log in using OAuth 2.0 Access Tokens - Full
          
        • REST Web Services - Full
          
      • Custom Record
        • ZAB API Export - Full
        • ZAB Automation - Full
        • ZAB Process - Full
  • Be sure to include any record type (custom or standard) that the integration will need to access to avoid integration errors.  
  • Save the role configured. 

Create a User

It is best practice to create a user specific for integrations. This helps relieve any dependency on an individual employee and avoid integration interruptions during any organization or staffing changes. 

• In NetSuite, navigate to Lists > Employees > Employees > New
  • Setup the relevant data required for an employee record. 
  • On the Access > Roles subtab, select the Role created in the Configure a Role step.
  • Save the employee created.  

Create an Integration Record

In order to create generate a Consumer Key & Secret, a NetSuite Integration record is required. 

• In NetSuite, navigate to Setup > Integration > Manage Integrations > New
  • Name = any name complying with the business's naming convention.
  • TBA: Authorization Flow = false
  • Token-based Authentication = false
  • Authorization Code Grant = false
  • Client Credentials (Machine to Machine) Grant = true
  • Scope
    
    • Restlets = true
    • Rest Web Services = true

Once the record is Saved, the Consumer Key and Consumer Secret values will be displayed temporarily. Save this information before navigating away from the page. You will not be able to access these values again.

• • Save the record. 
    • Record the Consumer Key and Consumer Secret under the "Client Credentials" section. Save these values elsewhere. You will need them for your integration and will not be able to access them once you leave this page. 

Generate Certificate and Private Key

The only encryption standard accepted by both NetSuite and Workato is the ES256 standard. An encrypted Certificate and related Private Key using this standard must be generated and can occur using the following text on the user's device. 

On a Mac:

• Navigate to the folder/directory which you want these files to be saved (Eg. Downloads, Documents), hover over the folder and right select “New Terminal at Folder".
  
• Copy and paste the command below then hit 'Enter'.

  • openssl ecparam -name prime256v1 -genkey -noout -out workato_private.pem && 
    openssl req -new -x509 -key workato_private.pem -out workato_cert.pem -days 730

    
  • For each question prompted, provide an answer and then hit 'Enter'. The values you provide are not important and do not need to be remembered. They are merely used to generate a random key. Enter any values you'd like.
  • This will create two files `workato_private.pem` and `workato_cert.pem` in the folder.
    

Take note of these files as you will need them for a later step.

When the files are created, then go to Upload Certificate to NetSuite. 

On a PC:

• Navigate to the folder/directory which you want these files to be saved (Eg. Downloads, Documents), right select “Open PowerShell window here". [Powershell is pre-installed on most modern Windows computers].
  
• Generate a ES256 private key with the following command

  • openssl ecparam -name prime256v1 -genkey -noout -out workato_private.pem

    
• Create a certificate signed with this private key by entering the following command

  • openssl req -new -x509 -key workato_private.pem -out workato_cert.pem
            -days 730

    
  • The terminal will ask you questions, these answers are used to generate the "randomness" of the certificate. These answers do not matter and do not need to be remembered.
• Confirm that the two files 'workato_private.pem' and 'workato_cert.pem' are on your computer.
  

Take note of these files as you will need them for a later step.

Upload Certificate to NetSuite

• In NetSuite, navigate to Setup > Integrations > OAuth 2.0 Client Credentials (M2M) Setup
• Create New Certificate
  • Entity = Select the User created in the Create a User step.
  • Role = Select the Role created in the Configure a Role step.
  • Application Name = Select the Integration record created in the Create an Integration step
  • Certificate (Choose a file)= Select the 'workato_cert' file created in the Generate Certificate and Private Key step.
  • Save the record.
    The Certificate ID will be used when setting up the Workato Connection.

Take note that the algorithm for the certificate created is EC (representing ECDSA) and the Integration ID, which we will need for a later step.

Setup a Connection in Workato

Once you have your Certificate ID, Consumer Key, Private Key, the ZoneBilling Connection is ready to be configured in Workato.

• In Workato, go to Assets > Connections and select Create > Connection.
  
• Search for an app = type in ZoneBilling
  
• Select ZoneBilling for NetSuite.
  • Connection name = it's recommended to use a name that clearly identifies the connecting application.
  • Location = choose the appropriate Project folder.
  • NetSuite Account ID = provide the NetSuite account number where the Certificate was uploaded.
  • Certificate ID: Set the value of the Certificate ID identified in the Upload Certificate to NetSuite step.
  • Consumer Key: Set the value of the Consumer Key saved in the Create an Integration step.
  • Private Key: Using a Text Editor application, open the `workato_private.pem` file generated in the Create Certificate and Private Key step.
    • Copy all contents of the key from the file and paste into field.
      
  • Click Connect.

You are all set to connect to NetSuite and use the ZoneBilling Workato Connector!

Notice: Please note that NetSuite only allows a certificate to be used for up to 2 years (730 days). So this process will need to be intermittently refreshed with new certificates and keys before the expiration date

For more information about Workato Custom connectors, visit Workato / Docs.