System-to-System Developer’s Guide v3.0
Confidential Material 5 of 19
2. integration partner opens an HTTPS connection to the NetSuite smbXML server
3. during the SSL handshake
a. the integration partner verifies NetSuite’s identity by validating the NetSuite server certificate, signed by
RSA
b. the NetSuite server verifies the identity of the integration partner by requesting a client-side certificate,
signed by NetSuite
c. the smbXML server returns a symmetric key, encrypted using the integration partner’s public key, used
to establish SSL communication
d. SSL is established
4. partner system transmits smbXML document to NetSuite in the body of an HTTP Post
5. the smbXML server performs secondary validation of the certificate, by comparing a hash of the certificate
to a previously stored hash of the certificate
6. the smbXML server parses the smbXML document and determines whether the partner system has the
appropriate permissions to perform the requested action(s) in the account specified
7. the smbXML server processes the requests and returns the results in the body of an HTTP Response with:
e. any appropriate success or error messages
f. the results of any query requests
2.3 PRE-IMPLEMENTATION CHECKLIST
Prior to beginning development and testing of XML data transmission, NetSuite and the integration partner will
exchange certificates, public keys, URLs and partner IDs.
2.3.1 INTEGRATION PARTNER WILL PROVIDE NETSUITE
• certificate signing request (CSR) – signed by NetSuite, for establishing client authentication
• 1024-bit public key – for use in Single Signon (application providers only)
• company name – used as the partnerAccount, discussed below under DTD Elements (customers only)
2.3.2 NETSUITE WILL PROVIDE INTEGRATION PARTNER
• unique partner ID – used during System-to-System and Single Signon communication, discussed below under
DTD Elements and Single Signon
• signed client certificate – the signed client certificate signing request
• NetSuite signing certificate – the NetSuite certificate used to sign the client CSR
• RSA signing certificate – the public RSA certificate that signed our server certificate, discussed above under the
Architecture Overview, SSL handshake section
• post URL – the production post URL, used by the client to post smbXML documents to NetSuite
2.4 IMPLEMENTATION CYCLE
The following workflow details the implementation steps integration partners undertake, and the NetSuite
organizations responsible for each step.
