Back to blog
Unified APIGuides & TutorialsAccounting

How to get your NetSuite API Key

Get your NetSuite API credentials in under 10 minutes with step-by-step instructions for both Token-Based Authentication and OAuth 2.0, plus the common mistakes that will waste your afternoon.

Saurabh RaiSaurabh Rai

Saurabh Rai

4 min read
Get started for freeTalk to an expert
How to get your NetSuite API Key

What's NetSuite?

NetSuite is Oracle's cloud-based ERP system that runs your entire business, accounting, inventory, CRM, e-commerce, the works. Companies use it when QuickBooks isn't cutting it anymore and they need real enterprise resource planning. If you're reading this, you probably need to pull data from NetSuite or push data into it programmatically. That means you need API access. Here's how to get it in under 10 minutes.

Note: NetSuite doesn't use traditional API keys. It supports Token-Based Authentication (TBA) with Consumer Key/Secret and Token ID/Secret, or OAuth 2.0. This guide covers both authentication methods.

Prerequisites

  • NetSuite account with Administrator or Integration Application Developer role
  • Know which integration method you need (Token-Based Authentication or OAuth 2.0)

Method 1: Token-Based Authentication (TBA)

Step 1: Enable Token-Based Auth

Navigate to Setup → Company → Enable Features → SuiteCloud tab. Check these boxes:

  • Client SuiteScript
  • Server SuiteScript
  • Token-Based Authentication

Hit Save. No debate needed.

Step 2: Create Integration Record

Setup → Integration → Manage Integrations → New

Fill this out:

  • Name: Whatever helps you identify this later (e.g., "Production API Integration")
  • State: Enabled
  • Token-Based Authentication: Check it
  • TBA: Authorization Flow: Uncheck (unless you need user consent flow)

Save it. NetSuite shows you the Consumer Key and Consumer Secret once. Copy them now or lose them forever.

Step 3: Generate Access Token

Setup → Users/Roles → Access Tokens → New

Select:

  • Application Name: Your integration from Step 2
  • User: The user account for API access
  • Role: Pick one with necessary permissions

Click Save. Copy the Token ID and Token Secret immediately.

Step 4: Test Your Keys

Make a test API call to any endpoint with your OAuth credentials. If you get data back, you're golden. If not, check your role permissions.

Method 2: OAuth 2.0 (Newer, Cleaner)

Step 1: Create OAuth 2.0 Client

Setup → Integration → OAuth 2.0 Clients → New

Required fields:

  • Name: Something descriptive
  • Entity: Select your subsidiary/company
  • Role: Pick the integration role
  • Redirect URI: Your app's callback URL
  • Scopes: Select what you need (restlets, rest_webservices, or suiteanalytics_connect)

Save. Note your Client ID and Client Secret.

Step 2: Get Authorization Code

Send users to the NetSuite authorization endpoint with your Client ID, redirect URI, and required scopes. Format: https://[ACCOUNT_ID].app.netsuite.com/app/login/oauth2/authorize.nl

Step 3: Exchange Code for Token

POST the authorization code to NetSuite's token endpoint with your client credentials. You get back access_token and refresh_token. Store them securely.

Common Screwups to Avoid

  1. Wrong Account ID: It's not your email. Find it at Setup → Company → Company Information. Format: TSTDRV1234567 or 1234567_SB1

  2. Role Permissions: Your token inherits the role's permissions. No permissions = useless token. Check Setup → Users/Roles → Manage Roles

  3. Sandbox vs Production: They have different account IDs. Don't mix them up like a rookie.

  4. Token Expiration: OAuth 2.0 tokens expire (default 60 minutes). Implement refresh token rotation, or you'll be debugging at 2 AM.

  5. Rate Limits: NetSuite has concurrent request governance. Hit it too hard = 429 errors. Implement exponential backoff.

NetSuite Guides for Integration

Now that you've got your API keys, you can refer to the following guides on how to help you get started with NetSuite API integration.

  1. https://www.apideck.com/blog/integrating-with-the-netsuite-rest-api#why-the-netsuite-rest-api-matters
  2. https://www.apideck.com/blog/guide-to-integrating-with-the-netsuite-soap-api#why-the-netsuite-soap-api-is-important

Managing NetSuite API connectivity with Apideck's Vault

If you want to integrate with NetSuite and other accounting systems, managing API connections can be challenging. You can use Apideck to connect to accounting applications. Apideck's Vault allows for:

  • Secure credential storage with automatic token refresh - No need to build token management infrastructure or handle OAuth flows manually.
  • Pre-built authentication UI - Embedded Vault components handle credential input and OAuth authorization without custom UI development.
  • Centralized connection monitoring - Track connection states, validate credentials, and manage multiple accounting platforms from a single dashboard.

And here's how you can easily connect and manage permissions for your API Access.

Screenshot 2025-11-10 at 15.06.10@2x

Screenshot 2025-11-10 at 15.07.21@2x

Provide your Netuiste Account ID and Consumer Keys, Secrets, etc., and you can then connect and manage your API connection via the Vault. If you don’t know how to get these fields, please check out our detailed guide here.

Next Steps: Build Your NetSuite Integration

Got your credentials? Now pick your path:

Modern REST approach? Our NetSuite REST API integration guide covers OAuth setup, real-world implementation examples, and how Apideck simplifies the complexity.

Need legacy or advanced operations? The NetSuite SOAP API guide explains when SOAP is unavoidable and how to handle SuiteTalk effectively.

Ready to get started?

Scale your integration strategy and deliver the integrations your customers need in record time.

Get startedTalk to an expert
Ready to get started?
Talk to an expert

Trusted by fast-moving product & engineering teams

JobNimbus
Blue Zinc
Drata
Octa
Nmbrs
Apideck Blog

Insights, guides, and updates from Apideck

Discover company news, API insights, and expert blog posts. Explore practical integration guides and tech articles to make the most of Apideck's platform.

Your Integration Roadmap to the Sage Ecosystem
AccountingIndustry insights

Your Integration Roadmap to the Sage Ecosystem

When a customer says "we use Sage," they could mean any of dozens of distinct products from 20-year-old regional desktop software to modern cloud platforms like Sage Intacct or Sage Active. Your integration strategy requires pinpointing the exact product, since the ecosystem is fragmented by region, market segment, and technology stack.

Bernard Willems

Bernard Willems

3 min read
What is API Integration
Guides & Tutorials

What is API Integration

API integration is the process of connecting two or more software systems through their APIs so they can exchange data.

Saurabh Rai

Saurabh Rai

13 min read
Untangling The Sage Ecosystem
AccountingIndustry insights

Untangling The Sage Ecosystem

Sage isn't one product; it’s a federation of disconnected legacy and cloud portfolios built through decades of acquisitions. We decode the "Sage Paradox" to help you distinguish the brand from the technology.

Bernard Willems

Bernard Willems

4 min read