NetSuite Guide

Integrations & Authentication

Integrations are where NetSuite stops being your problem and starts being everyone's problem. The second another system is reading or writing your data, a quiet change on either side becomes an outage — and it usually surfaces as someone else's bug first.

Most integration fires we get called into aren't exotic. They're a token with more access than anyone realized, an auth method Oracle already announced it's killing, or a SOAP integration nobody migrated because it “still worked.” The failure is rarely the code. It's the assumption that nothing on the other end would ever change.

This guide covers the integration surface the way it actually breaks: the migrations you can't keep deferring, the auth that fails for reasons that aren't credentials, and the access you handed out and forgot.

An integration isn't done when it works. It's done when it fails safely, logs why, and doesn't have more access than it needs.

Web Services Migration (SOAP → REST)

Oracle is sunsetting SOAP, and “it still works” is not a migration plan. Moving to REST isn't just swapping endpoints — it's a forced reckoning with how your integrations are structured, governed, and authenticated.

NetSuite Is Sunsetting SOAP. Most Companies Aren't Ready.

Authentication (TBA / OAuth / M2M)

When an integration throws a 401, the instinct is to rotate credentials. That's usually wrong. Token-based auth, OAuth flows, and the TBA sunset fail in specific ways that look like credential problems but aren't.

Integration Security

Every integration token is a user, and most of them are admins nobody's audited. Least privilege isn't paranoia — it's the difference between a bad day and a breach when a token leaks.

Your Integration Token Is an Admin

Need it fixed?

When a review turns up more than a flag, that's what we do — production-first cleanup, no surprises in late UAT.

Talk to us