Implementation Summary

Ethyca uses the following endpoints in NetSuite to retrieve and delete Personally Identifiable Information (PII) when a user submits a data subject request. See below for a summary of what Ethyca does with each endpoint:

EndpointUser Can DownloadUser Can Delete

As the leading cloud-based ERP, NetSuite, owned by Oracle, can store PII about your employees, customers, and contractors. Keep this in mind when you are setting the DSR Customization as it will impact what is returned in your subject’s DSR package.

If this aligns with your use of NetSuite, please proceed to the next section to begin setting up your integration in the Control Panel.

For any questions, please reach out to your dedicated Customer Success Manager.

Connection Settings

To connect for your instance of NetSuite to Ethyca, follow the steps below:

Domain & Realm

  1. Log in to NetSuite at
  1. Once you have logged in, look at the page URL. The URL will contain a number (between 6 - 8 digits). Your Domain is this number followed by So, for the example below, the Domain would be Enter your Domain into Ethyca.
  1. Your Realm is the number from the previous step followed. Enter your Realm into Ethyca.

Consumer Key & Consumer Secret

Enable the Token-based Authentication Feature

  1. Go to Setup > Company > Setup Tasks > Enable Features.
  1. Click the SuiteCloud subtab.
  1. In the SuiteScript section, check the following boxes:
  • Client SuiteScript: Click "I Agree" on the SuiteCloud Terms of Service page.
  • Server SuiteScript: Click "I Agree" on the SuiteCloud Terms of Service page.

Note: Enabling both the Client SuiteScript and Server SuiteScript features is required to use RESTlets with token-based authentication.

  1. In the SuiteTalk section check the following:
  • Rest Web service: Click "I Agree" on the SuiteCloud Terms of Service page.
  • Rest Record service (Beta): Click "I Agree" on the SuiteCloud Terms of Service page.
  1. In the Manage Authentication section, check the "Token-based Authentication" box. Click "I Agree" on the SuiteCloud Terms of Service page.
  1. Click Save.

Set Up Token-based Authentication Roles

  1. Go to Setup > Users/Roles > User Management > Manage Roles. Select a role to customize.

Select the Permission tab. Under the Permission menu, select the "Transactions" sub-tab.


Select the following from the "Transactions" permissions:

  • Find Transactions → View
  • Sales Order → Full

When these are selected, click "add".


Repeat the following for the "Reports" permissions:

  • SuiteAnalytics Workbook → View

Repeat the following for the "List" permissions:

  • Customers → Full
  • Contacts → Full
  • Employees → Full
  • Employee Record → Full
  • Partners → Full
  • Vendors → Full
  • Other Names → Full

Repeat the following for the "Setup" permissions:

  • User Access Tokens → Full
  • Log in using Access Tokens → Full
  • REST Web Services → Full
  • SOAP Web Services → Full

Assign Users to Token-based Authentication Roles

After modifying roles with the appropriate token-based authentication permissions, an account administrator can assign users to those roles. TBA is available for many types of NetSuite users, including customers, employees, partners, and vendors. The following is a brief procedure for assigning a role to an existing user.

To assign a user to a token-based authentication role:

  1. Go to the entity record for the user. If the user is an employee, go to Lists > Employees > Employees. If the user is not an employee, go to List > Relationships, and then click Customers, Partners, or Vendors.
  1. Click Edit next to the name of the user you want to assign the token-based authentication role.
  1. Click the Access tab.
  1. In the Role field, select the token-based authentication role for this user. Once you have selected the correct roles, click "add" and then "save".

Create Integration Records for Applications to Use TBA

Before tokens can be created and assigned to users, an integration record must be created for each application that will use token-based authentication. Administrators or users assigned the Integration Application permission can create integration records.

The following procedure briefly describes completing an integration record. You should create a separate integration record for each application.

  1. Go to Setup > Integration > Integration Management > Manage Integrations > New
  1. Enter a name, such as "Ethyca Privacy Management," and description for your application.
  1. Under the "Authentication" tab, check the box for Token-Based Authentication. Click "Save".
  1. Scroll down to find your your Client ID and Client Secret. Paste these values into Ethyca.

Note: The system will only display these values the first time you save the integration record. In cases where an application previously used user credentials as an authentication method, you must reset the consumer ID and consumer secret. Resetting the consumer ID and client secret invalidates the previous consumer ID and client secret.

Access Token & Token Secret

Note: To complete the following steps, you must be logged in as a user with the Access Token Management permission.

  1. Go to Setup > Users/Roles > User Management > Access Tokens.
  1. On the Access Tokens page, click "New Access Token".
  1. On the Access Token page, enter the Application Name, User, and Role. The Token Name is already populated by default, but you can customize the token name if you'd like. After entering this information, click "Save".
  1. Netsuite will display your Access Token (labeled Token ID) and Token Secret. Paste these values into Ethyca.