> ## Documentation Index
> Fetch the complete documentation index at: https://docs.serval.com/llms.txt
> Use this file to discover all available pages before exploring further.

# NetSuite

> Connect NetSuite to Serval with OAuth 2.0 client credentials or token-based authentication.

## About NetSuite

NetSuite is Oracle's cloud ERP platform for finance, procurement, inventory, and business operations. Connecting NetSuite to Serval lets your team call NetSuite REST Web Services and RESTlets from Serval workflows.

## What the NetSuite integration enables

| Capability          | Description                                                                                         |
| ------------------- | --------------------------------------------------------------------------------------------------- |
| REST Web Services   | Read and update NetSuite records through `/services/rest/record/v1` endpoints                       |
| SuiteQL             | Query NetSuite data through REST Web Services when your role has the required permissions           |
| RESTlets            | Call custom RESTlets with the same configured NetSuite credentials                                  |
| Workflow Automation | Build Serval workflows for finance, procurement, and access operations that depend on NetSuite data |

***

## Prerequisites

Before connecting NetSuite to Serval, make sure you have:

* Administrator access in NetSuite, or help from a NetSuite administrator
* Your NetSuite **Account ID** from **Setup → Company → Company Information**
* REST Web Services enabled for the account and role you will use
* Either OAuth 2.0 client credentials setup or token-based authentication setup

<Tip>
  Use OAuth 2.0 client credentials for new NetSuite REST integrations when
  possible. NetSuite recommends OAuth 2.0 for new REST Web Services and RESTlet
  integrations.
</Tip>

<Warning>
  Oracle has announced that new token-based authentication integrations for REST
  Web Services and RESTlets cannot be created starting in NetSuite 2027.1.
  Existing TBA integrations continue to work, and Serval supports them for
  customers who already use TBA.
</Warning>

***

## Option 1: OAuth 2.0 client credentials

Use this option for service-account style access without a user sign-in prompt.

### 1. Create or select an integration record

In NetSuite:

1. Go to **Setup → Integration → Manage Integrations → New**
2. Give the integration a clear name, such as `Serval`
3. Enable **OAuth 2.0**
4. Save the record and copy the **Client ID**

### 2. Upload a certificate for M2M access

In NetSuite:

1. Go to **Setup → Integration → OAuth 2.0 Client Credentials (M2M) Setup**
2. Select the integration record
3. Select the role Serval should use
4. Upload the public certificate that matches your private key
5. Copy the generated **Certificate ID**

Keep the matching private key available. You will paste it into Serval in PEM format:

```text Private key format theme={null}
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
```

<Note>
  Choose the signing algorithm in Serval that matches your certificate and
  private key. NetSuite supports `PS256`, `PS384`, `PS512`, `ES256`, `ES384`,
  and `ES512`.
</Note>

### 3. Connect in Serval

In Serval:

1. Go to **Apps → Available → NetSuite → Connect**
2. Enter your **NetSuite Account ID**
3. Select **OAuth 2.0 client credentials**
4. Enter the **Client ID**, **Certificate ID**, **Signing Algorithm**, **Private Key**, and OAuth scopes
5. Click **Submit**

Common scopes are:

```text Common NetSuite OAuth 2.0 scopes theme={null}
rest_webservices
restlets
suite_analytics
```

***

## Option 2: Token-based authentication

Use this option when you already have a NetSuite token-based authentication (TBA) integration and token pair.

### 1. Confirm TBA setup in NetSuite

In NetSuite, confirm that:

1. The **Token-Based Authentication** feature is enabled
2. The integration record has token-based authentication enabled
3. The NetSuite role has the permissions required for the APIs Serval will call
4. You have generated an access token for the integration and role

### 2. Collect TBA credentials

You need these values:

| Field in Serval     | Where to find it in NetSuite                             |
| ------------------- | -------------------------------------------------------- |
| **Consumer Key**    | Integration record                                       |
| **Consumer Secret** | Integration record, shown when credentials are generated |
| **Token ID**        | Access token record                                      |
| **Token Secret**    | Access token record, shown when the token is created     |

<Warning>
  NetSuite shows token secrets and consumer secrets only once. Store them
  securely when you create them.
</Warning>

### 3. Connect in Serval

In Serval:

1. Go to **Apps → Available → NetSuite → Connect**
2. Enter your **NetSuite Account ID**
3. Select **Token-based authentication**
4. Enter the **Consumer Key**, **Consumer Secret**, **Token ID**, and **Token Secret**
5. Click **Submit**

Serval signs each NetSuite request with OAuth 1.0 using `HMAC-SHA256`, as required by NetSuite.

***

## Troubleshooting

### Invalid login attempt with token-based authentication

Check that the account ID, consumer key, token ID, consumer secret, and token secret all come from the same NetSuite account and integration record. Also confirm that the token role has permission to call the REST endpoint.

### OAuth token request fails

Confirm the certificate ID, private key, and signing algorithm match the public certificate uploaded in NetSuite. The private key must include the `BEGIN PRIVATE KEY` and `END PRIVATE KEY` lines.

### REST Web Services call is forbidden

Confirm REST Web Services is enabled and the selected role has the required record, SuiteQL, or RESTlet permissions.