Published Nov 9, 2017

Token-Based Authentication for Integrations: What and Why in Plain English


You may have heard that token-based authentication (TBA) offers more security for your cloud integrations. However, when you look up the reason why that is – let alone the definition of what it is – the explanation can quickly get technical and may be difficult for non-developers to understand. This article will provide a basic overview of Token-Based Authentication and the reasons why it is more secure in plain English.

What is Token-Based Authentication?

Stack Overflow defines token-based authentication as “a security technique that authenticates the users who attempt to log in to a server, a network, or some other secure system, using a security token provided by the server.”

To help explain token-based authentication, we’ll use an analogy of a hotel key. Just like a key card is required to access your room, pool, and other restricted areas of the hotel, your integration needs a token to access private data within an application, such as your ERP account. A token is a specific sequence of characters such as “3xe14PDNRx467svzcv”.

To get your key card, you go to the registration desk and show your driver’s license. After the receptionist verifies your identity, she will give you a key card. For your integration, you get a token by entering your username and password within the ERP application. After the ERP authentication server verifies your credentials, you will be issued a token that is unique to your account.

With your hotel key, you can now access your room and pool. With your token, your integration can now request data from the ERP API for data within your ERP account.

Once a key card is issued, the hotel will not ask again for your driver’s license since it assumes that you are holding it. Similarly, once a token is issued, the ERP application will not ask for your account username and password again.

Now let’s look at why TBA is a more secure form of authentication.

Why is Token-Based Authentication More Secure for Cloud Integrations?

For your Celigo or other application integrations, it is highly recommended that token-based authentication is used over username and password due to these reasons:

  1. Secure: Tokens are auto-generated with long strings (32 characters or more) that are far more secure than user-defined passwords that need to be easily recalled by the user, such as “Password123”. Additionally, end user credentials are never exposed since tokens are used.
  2. Non-expiring: Passwords typically expire after a certain number of days, including NetSuite passwords. If your integration relies on username and password, you need to remember to update the username and password within your integration when they change. With non-expiring tokens, your integration will not fail because of expired authentication.
  3. Revocable: A token can easily be cancelled or revoked, and a new one generated if the token is exposed to the wrong parties or if someone who had access to the token leaves the company. This is similar to a hotel key in that if someone steals your key, the receptionist can create a new key and invalidate the old one.
  4. Traceable: For your NetSuite integrations, you gain visibility into activities of individual applications since NetSuite generates a separate token for each connected application making it easier to track unauthorized connections and to revoke access based on an application.

For instructions on enabling NetSuite TBA for your Celigo integration, go to our Help Center and learn how to change a NetSuite connection from basic to token-based authentication.

To learn how to make your application integrations secure, efficient, and effective using best practices, view this on-demand webinar on integrating Salesforce and NetSuite.