NetSuite API Integration: How It Works, Which Type to Use, and What It Connects

Key Takeaways

• A NetSuite API is a set of rules that allows external systems to exchange data with NetSuite automatically. No manual exports. No copy-paste between systems. Data moves when it should, to where it needs to go.
• NetSuite has four API surfaces. SuiteTalk SOAP (older, enterprise-grade), SuiteTalk REST (modern, recommended for new builds), RESTlets via SuiteScript (custom endpoints), and SuiteQL (data query language). Each one fits a different use case.
• NetSuite is used by 43,000+ companies across 219 countries. Almost every one of those businesses connects NetSuite to at least one other system via API: CRM, eCommerce, payroll, analytics, or 3PL.
• Oracle is actively phasing out SOAP. The 2025.2 release is the last regularly scheduled SOAP endpoint. New integrations should use REST and OAuth 2.0. Existing SOAP integrations need a migration plan.
• Businesses report a 35% improvement in financial close time and a 62% reduction in order processing errors after integrating NetSuite via API. The gains come from removing manual data transfer, not from the API itself.
• Folio3’s NetSuite integration services cover the full API lifecycle: architecture decisions, development, testing, and ongoing maintenance, across all four NetSuite API surfaces.

We get the same call every few months. A business has NetSuite running well. They have Shopify running well. They have Salesforce running well. The problem is that the customer who placed an order in Shopify at 9 AM shows up in NetSuite at 11 AM after someone exports a CSV and imports it manually. By then, the inventory commitment has already been missed. This creates more issues in the long-run.

That is what API integration solves. An API is the mechanism that allows Shopify to tell NetSuite about a new order the moment it happens, not two hours later when someone gets around to the export. When the connection is built correctly, the data moves automatically, in real time, without anyone in the middle.

This guide explains how NetSuite’s API surfaces work, which one fits which use case, what you can connect to NetSuite, and what the current SOAP-to-REST transition means for businesses with existing integrations.

What Is a NetSuite API?

An API (Application Programming Interface) is a defined set of rules that allows two software systems to communicate with each other.

In the context of NetSuite, the API is the mechanism that allows external software, a Shopify storefront, a Salesforce CRM, a custom mobile app, a payroll system, a third-party analytics tool, to read from and write to NetSuite programmatically.

Without an API, data moves manually. Someone exports a file from one system and imports it to another. This process creates lag, creates errors, and creates a dependency on a person being available to do it.

With an API, data moves automatically based on defined triggers. An order in Shopify triggers a sales order in NetSuite. A payment in NetSuite updates the customer record in Salesforce. A fulfillment confirmation in NetSuite sends a tracking notification to the customer.

An API integration links two or more software applications so they can automatically share information and function as one system. The connection is made possible by APIs, which define the rules for how programs exchange data and trigger actions.

The API does not move data by itself. It defines how data can be requested, submitted, and validated. The integration built on top of the API does the moving.

The Four NetSuite API Surfaces

NetSuite does not have a single API. It has four distinct surfaces that serve different purposes. Understanding which one to use and when is the core architectural decision in any NetSuite integration project.

SuiteTalk SOAP: The Enterprise Standard (Being Deprecated)

SuiteTalk SOAP is NetSuite’s original web services API. It uses XML-based messages and the WSDL standard to define every record type, field, and operation available in NetSuite.

What it does well:

• Full record coverage: nearly every record type in NetSuite is accessible
• Bulk data operations: large-scale data transfers are handled reliably
• Mature and well-documented: has been in production for over 15 years
• Strong security: uses Token-Based Authentication (TBA)

Where it falls short:

• XML is verbose. Requests are large and slow compared to modern JSON-based APIs.
• WSDL-based setup requires more developer effort than REST
• Not suited for lightweight, modern integrations where speed matters

The critical 2025/2026 update: Oracle has announced that the 2025.2 SOAP endpoint is the last regularly scheduled SOAP release. After that, new SOAP endpoints will only be released for significant technical reasons. NetSuite recommends transitioning all existing SOAP integrations to REST web services and OAuth 2.0 authentication. If your business has custom or third-party SOAP integrations, a migration plan is not optional. It is a timeline question.

SuiteTalk REST: The Modern Standard (Recommended for New Builds)

NetSuite’s REST API uses JSON, follows standard HTTP methods (GET, POST, PUT, DELETE), and authenticates via OAuth 2.0. It is lighter, faster to develop, and readable by any modern developer.

What it does well:

• JSON responses are faster to parse and easier to work with than XML
• OAuth 2.0 is the industry standard for secure API authentication
• Faster to build integrations against than SOAP
• Recommended by Oracle for all new integration builds

Where it has limits:

• Record coverage is not yet as complete as SOAP for some edge-case record types
• Still maturing: some complex operations require workarounds

Who should use it: Any business building a new integration today should use the REST API. For businesses with existing SOAP integrations, Oracle’s guidance is to migrate to REST on a timeline that works for the business before the SOAP support window closes.

RESTlets: Custom API Endpoints via SuiteScript

RESTlets are not a separate API product. They are custom REST endpoints you build inside NetSuite using SuiteScript: NetSuite’s JavaScript-based development environment.

When to use RESTlets:

• You need a custom API endpoint that handles business logic NetSuite’s standard API does not expose
• You are building a lightweight mobile or web app that needs to query NetSuite with custom parameters
• You need to combine data from multiple NetSuite record types in a single API response

A RESTlet is a SuiteScript function that receives an HTTP request, processes it inside NetSuite’s server environment, and returns a JSON response. It acts as a custom API built for your integration’s specific needs.

An online retailer connects NetSuite with Shopify via RESTlets to sync order details, inventory updates, and customer information in real-time, preventing overselling. In this case, the RESTlet handles the specific data structure that Shopify expects, which the standard NetSuite REST API would not produce without additional processing.

SuiteQL: The Query Language for Data Reads

SuiteQL is NetSuite’s SQL-like query language. It is not an API in the traditional sense. It is how you read data from NetSuite with complex joins and filters, through either the REST API or via ODBC/JDBC connection.

What it does well:

• Complex queries that join multiple record types in a single request
• High-performance data reads, much faster than sequential REST calls for reporting
• Familiar SQL-like syntax for developers with database experience

When to use it:

• Building analytics or BI integrations (Power BI, Tableau, Looker)
• Extracting large datasets with complex filter logic
• Any read-heavy integration where the standard REST API would require multiple sequential calls

The standard REST API is “chatty.” If you want to see which Customers bought a specific Item, the standard API might force you to download the Sales Order, then loop through lines, then call the Customer endpoint. SuiteQL solves this with a single, efficient query.

Which NetSuite API Should You Use?

The right API depends on what you are trying to do. Here is a practical decision guide.

Use Case	Recommended API
New integration (any type)	SuiteTalk REST + OAuth 2.0
Existing SOAP integration, migration needed	SuiteTalk SOAP now, REST migration planned
Custom endpoint with business logic	RESTlet (SuiteScript)
Analytics or BI tool connection	SuiteQL via REST or ODBC
High-volume bulk data migration	SuiteTalk SOAP (legacy) or REST with batching
Mobile or web app integration	RESTlet or REST API
Complex data reads across multiple record types	SuiteQL

The most common mistake in NetSuite API architecture is using the wrong tool for the job. Using the standard REST API for complex multi-record queries produces slow, chatty integrations. Using SuiteQL for write operations does not work: it is read-only. Using SOAP for new lightweight integrations creates technical debt on day one.

Authentication: TBA vs OAuth 2.0

Authentication is how NetSuite confirms that an integration has permission to access data. Getting this wrong means broken integrations when passwords change or security settings are updated.

Token-Based Authentication (TBA):

• The older standard, still used for SOAP integrations
• Uses cryptographic tokens tied to an integration record and a user role
• More stable than password-based authentication: tokens do not break when a user resets their password

OAuth 2.0:

• The modern standard required for REST integrations
• Uses a standard Client Credentials or Authorization Code flow
• Revocable per token: you can shut down one integration’s access without affecting others
• Does not require a human login: integrations run unattended without triggering two-factor authentication

For any new integration, OAuth 2.0 is the right choice. It is the direction Oracle is moving. It is what every modern integration platform supports natively. And it solves the problem that older authentication methods created, where an integration could break because someone in IT changed their NetSuite password.

What Systems Can You Connect to NetSuite via API?

NetSuite’s API can connect to any system that also has an API. In practice, the most common integrations for mid-market businesses fall into five categories.

eCommerce Platforms

Shopify, Magento, BigCommerce, and WooCommerce all connect to NetSuite via API. The integration typically handles:

• Order import from eCommerce to NetSuite in real time
• Inventory level sync from NetSuite to the storefront
• Customer record creation or update in NetSuite for new orders
• Fulfillment and tracking data back to the storefront after shipment

CRM Platforms

Salesforce and HubSpot are the most common CRM integrations. The integration typically handles:

• Contact and company sync between NetSuite CRM and the external CRM
• Opportunity and quote data flowing from CRM to NetSuite sales orders
• Invoice and payment status from NetSuite are visible in the CRM
• Customer lifetime value data enriching CRM contact profiles

Logistics and Fulfillment

3PL platforms, warehouse management systems, and carrier APIs connect to NetSuite to handle:

• Item fulfillment records triggering pick-pack-ship workflows in the 3PL
• Inventory adjustments from the 3PL are reflected in NetSuite in real time
• Shipment confirmations and tracking data returning to NetSuite

Payroll and HR

Payroll systems like ADP, Gusto, or Workday connect to NetSuite to handle:

• Employee records and pay data flowing to NetSuite for journal entries
• Department and class allocation for payroll expenses
• Benefits and deductions mapped to the correct general ledger accounts

Analytics and BI

Power BI, Tableau, and Looker connect to NetSuite via SuiteQL or SuiteAnalytics Connect to:

• Pull financial data for executive dashboards without exporting to spreadsheets
• Build real-time reporting across subsidiaries in OneWorld environments
• Monitor operational KPIs with live data from NetSuite transactions

For a complete view of Folio3’s integration services and the platforms we connect to NetSuite, our NetSuite integration services covers the full integration practice.

What API Limits Do You Need to Know?

NetSuite enforces limits on how many API requests an integration can make within a given time period. These limits protect the platform’s performance for all tenants.

Concurrency limits:

• How many API requests can run in parallel for your account
• A Standard-tier account has a default concurrency of 15
• Each SuiteCloud Plus license adds 10 to that limit
• Exceeding concurrency returns a 429 error

Rate limits:

• How many requests can be made within a time window (per minute, per day)
• The specific limits vary by NetSuite service tier and license type
• Hitting rate limits returns throttling errors

Practical implications:

• High-volume integrations (thousands of records per hour) need batching strategies
• Real-time sync integrations need error handling that retries on 429 responses
• Multi-integration environments need to account for concurrency shared across all integrations

An integration that works in testing at low volume can fail in production when order volume spikes. Build rate limit handling before you go live, not after.

AI and the Next Layer of NetSuite Integration

API integration connects systems. AI integration adds intelligence to what those systems do with the data.

Folio3’s NetSuite AI connector services extend standard API connectivity to bring AI-driven capabilities into NetSuite workflows. This includes predictive lead scoring fed by CRM data, churn prediction from AR and order patterns, and automated content personalization using transaction history.

The practical difference between a standard API integration and an AI-enhanced one: a standard integration moves data. An AI-enhanced one acts on that data automatically, triggering workflows based on patterns rather than rules.

For businesses already running NetSuite integrations with CRM, eCommerce, or analytics tools, the AI layer is the natural next step. It uses the data those integrations already collect to drive decisions that previously needed manual analysis.

The SOAP-to-REST Transition: What to Do If You Have Existing Integrations

If your business has custom integrations built on SuiteTalk SOAP, the 2025.2 release is a planning trigger, not an emergency. Here is what to do.

Step 1: Inventory your existing SOAP integrations

Identify every integration that uses SOAP. This includes custom-built integrations, third-party connectors, and any integration platforms (iPaaS tools) that use SOAP under the hood.

Step 2: Check your third-party connector vendors

Oracle-owned solutions (NetSuite Connector, NSPOS, SuiteProjects Pro) are not affected. Custom and third-party SOAP integrations are. Contact your integration vendors to ask about their REST migration timeline.

Step 3: Prioritize by business impact

High-volume integrations (eCommerce orders, inventory sync, payroll) carry the most risk if they fail. Prioritize these for early migration. Low-volume, infrequent integrations can migrate later.

Step 4: Rebuild in REST with OAuth 2.0

New REST builds are typically faster than the original SOAP builds because REST is simpler to develop. Many integration platforms have native NetSuite REST connectors that reduce the rebuild effort.

Step 5: Test in the sandbox before production

NetSuite’s sandbox environment mirrors production. All migration testing should be completed in the sandbox before cutting over.

How Folio3 Approaches NetSuite API Integration

Folio3 builds and maintains NetSuite integrations across all four API surfaces for businesses in manufacturing, distribution, retail, eCommerce, and professional services.

The integration practice covers:

• Architecture review: which API type, which authentication method, which data flows
• Development: REST, SOAP, RESTlet, and SuiteQL integrations built and tested
• iPaaS configurations: Celigo, Boomi, MuleSoft, and custom integration builds
• Ongoing maintenance: monitoring, error handling, rate limit management, and release-cycle updates

For the full scope of Folio3’s NetSuite integration capabilities, visit our NetSuite integration services page, which covers the approach and the platforms we work with.

Your next step? Get an integration architecture review for your specific NetSuite environment. Schedule a Demo

Final Thoughts

NetSuite’s API is not one thing. It is four distinct surfaces, each designed for a different purpose. Understanding which one fits which use case is the foundation of every successful integration.

For businesses with existing SOAP integrations, the deprecation timeline is a planning trigger. For businesses building new integrations, REST and OAuth 2.0 are the right starting point.

The integration architecture decisions you make now, which API, which authentication method, which data flows, how to handle rate limits, determine whether your integrations run reliably for the next five years or need emergency fixes every six months.

If you want an honest assessment of your current integration setup or a plan for new connections, the Folio3 team works through the architecture before writing a line of code. Reach out to us today and see what fits your business the best.

FAQs

What is a NetSuite API?

A NetSuite API is a set of rules that allows external software systems to exchange data with NetSuite automatically. NetSuite has four API surfaces: SuiteTalk SOAP (older, enterprise-grade), SuiteTalk REST (modern, recommended for new builds), RESTlets built with SuiteScript (custom endpoints), and SuiteQL (a query language for complex data reads). Each surface serves a different integration use case.

What is the difference between SuiteTalk SOAP and REST API in NetSuite?

SuiteTalk SOAP uses XML and WSDL, works well for bulk data operations and legacy enterprise integrations, but is being deprecated. Oracle’s 2025.2 release is the last regularly scheduled SOAP endpoint. SuiteTalk REST uses JSON and OAuth 2.0, is faster to develop, and is Oracle’s recommended standard for all new integrations. Existing SOAP integrations should migrate to REST on a planned timeline.

When should I use a RESTlet instead of the NetSuite REST API?

Use a RESTlet when you need a custom API endpoint that handles specific business logic or returns a custom data structure the standard REST API does not produce. RESTlets are built with SuiteScript and run inside NetSuite’s server environment. They are faster and more flexible than the standard REST API for read-heavy or logic-heavy custom integrations.

What systems can I connect to NetSuite via API?

NetSuite’s API connects to any system that has its own API. Common integrations include eCommerce platforms (Shopify, Magento, BigCommerce), CRM platforms (Salesforce, HubSpot), 3PL and WMS platforms, payroll systems (ADP, Gusto, Workday), and analytics tools (Power BI, Tableau, Looker). The specific integration type (REST, SOAP, RESTlet) depends on the data flows and volume requirements.

What are NetSuite API rate limits?

NetSuite enforces concurrency limits (how many requests run in parallel) and frequency limits (how many requests per time window). A Standard-tier account has a default concurrency of 15. Exceeding limits returns a 429 error. High-volume integrations need batching strategies and retry logic to handle rate limit responses without failing.

What does the NetSuite SOAP deprecation mean for my existing integrations?

If you have custom or third-party SOAP integrations, the 2025.2 SOAP endpoint is the last regularly scheduled release. After that, new SOAP endpoints will only be released for significant technical reasons. Oracle-owned solutions are not affected. Custom and third-party SOAP integrations need a REST migration plan. Folio3 can help audit your existing integrations and plan the migration.