What Are NetSuite REST Web Services? OAuth 2.0 Integration Guide (2026)

Q: What are NetSuite REST Web Services?

NetSuite REST Web Services is the modern HTTPS-based API for external systems to interact with NetSuite. It exposes CRUD operations on records (create, read, update, delete) plus SuiteQL query execution. Authentication uses OAuth 2.0 token-based auth. Endpoints follow the pattern /services/rest/record/v1/{type} and /services/rest/query/v1/suiteql.

Q: REST vs SOAP for NetSuite — which should I use?

Use REST for all new integrations. NetSuite still supports SOAP (SuiteTalk WSDL-based) for legacy compatibility, but REST is faster, simpler to authenticate, and the recommended path going forward. SuiteQL is exclusively available via REST.

Q: Do I need SuiteAnalytics Connect for REST Web Services?

No. REST Web Services is included in every NetSuite license at no additional cost. SuiteAnalytics Connect ($499/month) is a separate ODBC/JDBC service. Modern connectors that use REST (like Acterys NetSuite Sync) eliminate the SuiteAnalytics Connect dependency entirely.

Q: What are NetSuite REST API rate limits?

REST Web Services has concurrency limits (typically 5 concurrent requests per role) and a 4-minute query timeout for SuiteQL. Long-running queries should be partitioned. Acterys handles rate limiting + retry logic transparently for production sync workloads.

Q: How do I authenticate to NetSuite REST Web Services?

Use OAuth 2.0 token-based authentication (TBA). Setup in NetSuite: Setup > Users/Roles > Access Tokens > New. Generate a Consumer Key/Secret + Token ID/Secret pair. The token is signed into every API request using HMAC-SHA256. Acterys handles this setup automatically during the 10-minute OAuth flow.

What are NetSuite REST Web Services?

Modern HTTPS API for integrating with NetSuite. CRUD on every record type + SuiteQL queries. OAuth 2.0 token-based auth. Free with every license. The replacement for SOAP + ODBC.

NetSuite REST Web Services is the modern HTTPS-based API for external systems to interact with NetSuite. It exposes CRUD operations on every record type plus SuiteQL query execution. Authentication uses OAuth 2.0 token-based auth (TBA). It is the recommended replacement for legacy SOAP Web Services and for ODBC-based integrations via SuiteAnalytics Connect.

Endpoint structure

/services/rest/record/v1/{type} — CRUD on record types (customer, invoice, salesorder, etc.)
/services/rest/query/v1/suiteql — Execute SuiteQL queries
/services/rest/auth/oauth2/v1/token — Token exchange (if using OAuth 2.0 authorization code flow)
/services/rest/transactions/v1 — Transaction-specific endpoints with batch support

All requests use HTTPS with TLS 1.3. Responses are JSON. Pagination is via limit + offset query params.

Authentication: OAuth 2.0 TBA

Token-Based Authentication (TBA) is the recommended path. One-time setup in NetSuite:

Setup > Users/Roles > Access Tokens > New
Select Application (your integration), Role (with REST web services permission), User
Generate Consumer Key, Consumer Secret, Token ID, Token Secret
Sign every API request with HMAC-SHA256 over the request method, URL, params, and timestamp

Acterys NetSuite Sync automates this entire flow during a 10-minute OAuth setup. You never copy-paste tokens.

REST vs SOAP for NetSuite

Aspect	REST	SOAP (SuiteTalk)
Format	JSON	XML (WSDL)
Authentication	OAuth 2.0 TBA	SOAP headers + TBA
SuiteQL support	Yes	No
Tooling	Any HTTP client	SOAP-specific libraries
Best for	All new integrations	Legacy compat only

Rate limits + best practices

Concurrency: typically 5 concurrent requests per role. Use a dedicated integration role + user.
SuiteQL timeout: 4 minutes per query. Partition large date-range queries.
Pagination: page-size 1000 default; can go up to 5000 for some endpoints.
Retry: implement exponential backoff on 429/503 responses.
Incremental sync: use lastmodifieddate > filter to fetch only changed records — see incremental sync glossary

Related glossary entries

SuiteQL — query language exposed via REST
Incremental sync — REST pattern for delta-only fetches
Saved Search — alternative reporting primitive

REST + SuiteQL in 10 minutes

Acterys handles OAuth + retry + rate limiting + incremental sync. 14-day free trial.

rocket_launch Start Free Trial

timer 14-day free trial

credit_card_off No credit card

verified_user SOC2 compliant