System-to-System Developer’s Guide v3.0
Confidential Material 4 of 19
2 IMPLEMENTATION OVERVIEW
2.1 SUPPORTED PLATFORMS AND NETSUITE DEVELOPMENT SUPPORT
While our integration technology to establish System-to-System connectivity is based on standards and can be
used from any development platform, NetSuite officially supports the following two development platforms.
• Java platform
• Microsoft .NET platform
If you’re using one of these platforms, NetSuite will be able to provide a command line driven test client that is
designed to test SSL connectivity to NetSuite, post smbXML documents to NetSuite, and to serve as an example
for the development of the integration partner’s application code. The tool includes the source code.
Currently, the primary development expertise of NetSuite Professional Services are with the above mentioned
platforms, and Professional Services ability to advise and consult will be strongest for integration partners whose
implementation is in these platforms. If the client application to be implemented uses a different language or
platform, as long as this environment supports two-way SSL communications, there should not be any problems
in implementation since there are no NetSuite proprietary libraries that need to be used.
2.2 ARCHITECTURE
2.2.1 TWO-WAY SECURE SOCKET LAYER (SSL)
Put simply, System-to-System integration allows data (in the form of an smbXML document) to be posted to, or
queried from, NetSuite accounts via an HTTPS post.
NetSuite uses a Two-Way Secure Socket Layer authentication methodology, for System-to-System
communications, that ensures that both parties are who they claim to be. The client is required to validate
NetSuite’s server certificate, and to provide a client certificate in order to authenticate themselves to NetSuite.
NetSuite’s Two-Way Secure Socket Layer (SSL) uses industry standard 128-bit SSL encryption, as well as
certificate hash comparison. Server authentication takes place over an SSL connection initiated with NetSuite’s
key pair signed by a mutually trusted key signer (in this case RSA). The certificate-based client authentication
uses a client generated key pair, the public key of which is signed by and possessed by NetSuite. For details on
certificate-based SSL, please see Appendix A of this document.
Concisely, Two-Way SSL allows for the following:
• The Client verifies that the Server is who it claims to be.
• The Server verifies that the Client is who it claims to be.
2.2.2 ADDITIONAL CERTIFICATE VERIFICATION
As a further check on authentication, once the XML request document is received, NetSuite performs secondary
validation of the client certificate by comparing a hash of the certificate to a previously stored hash, taken during
the signing phase.
This second validation of the certificate is performed to ensure that the certificate being presented matches
identically the certificate originally provided by the partner.
2.2.3 DATA EXCHANGE STEPS
1. integration partner system generates a valid smbXML document
