NetSuite Source Connector

The NetSuite source connector in DataSync lets you retrieve data from NetSuite for loading or synchronizing in your data warehouse. To configure a connection in DataSync, you must first create a custom NetSuite application in the NetSuite interface. The application credentials generated are required to fill out the connection properties in DataSync. After creating all required source connections, configure your destination source to complete the connection setup.

API Schemas

NetSuite supports two API schemas for retrieving data: SuiteTalk and SuiteQL. Each schema has different capabilities and connection options.

API schema	Description
SuiteTalk	SOAP-based API for communicating with NetSuite. Provides full access to custom records, fields, and lists. Saved searches are supported via both the SOAP API and RESTLets. Grouping and aggregations are not supported server-side and must be handled client-side. Supports only Token-Based Authentication; OAuthHeadless is not supported.
SuiteQL	SQL-like API for querying NetSuite data. Supports joins, grouping, aggregations, and selecting specific columns. SuiteQL is read-only and intended for data retrieval. Recommended when only retrieving data is required.

note

You must have a NetSuite account with Administration permissions to configure the connection.

Set up a connection for NetSuite

Token-Based authentication

Create an integration

1. Log in to NetSuite with an administrator account.
2. Under Setup, select Integration, then Manage Integrations.
3. Click New.
4. Enter a name and description for the integration.
5. Set the Concurrency Limit (maximum 5 sessions).
6. Under Authentication, enable Token-Based Authentication.
7. Click Save and copy the Client ID and Client Secret — you will need these in DataSync.

Enable the Token-Based authentication feature

8. In the Setup tab, click Company.
9. Select Enable Features.
10. Under SuiteCloud, choose Manage Authentication.
11. Select Token-Based Authentication and save changes.

Create or edit a role

11. In the Setup tab, select User/Roles.
12. Click Manage Roles.
13. Create a new role or edit an existing role.
14. In General, enable Core Administration Permissions.
15. In Subsidiary Restrictions, select All and check Allow cross-subsidiary record viewing.
16. Under Permissions and Setup, add:
    • Access Token Management (Full)
    • Log in using Access Tokens (Full)
    • REST Web Services (Full) – for SuiteQL only
    • SOAP Web Services (Full) – for SuiteQL only
    • Set Up SOAP Web Services (Full)
    • User Access Token (Full)
17. In Reports, add SuiteAnalytics Workbook (Edit).
18. (Optional) Add permissions required for your target tables in Transactions and Lists (see NetSuite Permissions).

Assign a role to a user

19. In the List tab, select Employees.
20. Open the target employee record.
21. In Access, then Roles, assign the custom token role created above and save.

Create an access token

22. In the Setup tab, select User/Roles.
23. Choose Access Tokens, then create a new access token.
24. Select the integration application, target user, and role.
25. Click Save and copy the generated Client ID (OAuthAccessToken) and Client Secret (OAuthAccessTokenSecret) — you will need these in DataSync.

NetSuite permissions

Use these permissions if you are creating a custom role (required for Token-Based Authentication, optional for OAuthHeadless). If using the Administrator role with OAuthHeadless, all required permissions are already present. See the permissions in the different tabs: Transactions, Reports, Lists, Setup, Custom Record.

Permission	Description
SuiteAnalytics Workbook (View)	Access to SQL queries in SuiteAnalytics.
Customer (View)	Sample customer access for testing RESTlet connections.
Access Token Management	Permission for creation and management of access tokens for Token-Based Authentication.
Custom <type> Fields (View)	Access to custom fields of the selected type. Required when using Include Custom List Columns: Custom Column Fields Custom Entity Fields Custom Entry Fields Custom Item Fields Custom Transaction Fields Custom Fields
Other Custom Fields (View)	Access to other types of custom fields. Used with Include Custom Field Columns.
Custom Lists (View)	Metadata access for custom list tables. Used with Include Custom List Tables
Custom Record Types (View)	Metadata access for custom record tables. Used with Include Custom Record Tables.
Deleted Records (View)	Information access for deleted records.
Log in Using Access Tokens	Authentication access to REST or SOAP services using a token.
Log In using OAuth 2.0 Access Tokens	Authentication access to REST services using OAuth 2.0.
REST Web Services	RESTlet and web service access. Required when the schema is set to SuiteQL.
SOAP Web Services	SOAP web service access. Required for testing and some custom field operations when the schema is set to SuiteTalk (default).
User Access Tokens	Permission for creation of user-specific tokens with Token-Based Authentication.
[Custom Record Name]	Access to the specified custom record table.

OAuthHeadless authentication

1. Log in to NetSuite with an administrator account.
2. Under Setup, select the Integration, then Manage Integrations.
3. Click New.
4. Enter a name and description for the integration.
5. Set the Concurrency Limit (maximum 5 sessions).
6. Enable TBA: Issue token endpoint and TBA: Authorization Flow.
7. Open DataSync, start Create a source connection for NetSuite, and copy the Callback URL from Connection Properties.
8. Add the Callback URL in NetSuite in both the Callback URL and Redirect URI fields.
9. Enable Authorization Code Grant and Public Client.
10. Select appropriate scopes (recommend Restlets and Rest Web Services).
11. Set OAuth 2.0 Consent Policy to Always Ask.
12. Select User Credentials.
13. Click Save and copy the Client ID and Client Secret — you will need these in DataSync.

Create a source connection in DataSync

1. Log in to DataSync.
2. From the welcome screen, select Connections.
3. Next to Source Connections, click New.
4. Select NetSuite.
5. In the Connection Properties panel, enter the connection properties.
6. (Optional) In the Additional Connection Properties panel, select Add property and enter the parameters for each property.
7. In the Advanced Settings panel, configure the settings, including the Tracking Type and other values according to your requirements.
8. Click Save. If OAuthHeadless was selected, you'll be redirected to an authorization web page. Select Continue to complete the connection.

Parameters

Connection properties

Parameter	Description
Description	Unique name for the connection. Example: NetSuite
Schema	NetSuite schema used for the connection: SuiteQL or SuiteTalk. For SuiteTalk, use Token-Based Authentication.
Account ID	NetSuite account identifier. Found in Setup > Company > Company Information. Example: 1234567_SB1
Application ID	NetSuite application identifier provided after saving the application in Setup > Integration > Manage Integrations. Always include it to ensure proper access.
Scope	Scope list for OAuthHeadless. Values: restlets, rest_webservices, or restlets rest_webservices (both, separated by a space). Used to obtain access and refresh tokens.
Authentication Mode	Authentication method. Options: TokenBased or OAuthHeadless. SuiteTalk connections require TokenBased mode and cannot be changed. OAuthHeadless connections remain active for a maximum of 7 days before requiring manual reauthentication.
Callback URL	URL generated by DataSync when using OAuthHeadless. Copy and paste into NetSuite’s application configuration.
Client ID	OAuth application client identifier provided by NetSuite during registration. Example: abc123clientid
Client Secret	OAuth application secret provided by NetSuite during registration. Example: xyz987secretkey
Access Token	(Only TokenBased and SuiteTalk) Token used instead of username and password for SuiteTalk connections. Example: abc123accesstoken
Token Secret	(Only TokenBased and SuiteTalk) Secret used with the access token for authentication. Example: xyz987tokensecret
Row Scan Depth	Number of rows scanned to determine table column structure. Range: 1–999. Default: 50.
Timeout	Time in seconds to wait for connection opening and query execution before timeout. Long-running queries (e.g., retrieving 1,000 Sales Orders with AggregateColumnMode set to ListAndRetrieve) may take over 10 minutes. For child tables or aggregate columns, consider setting Timeout to 0.
Include Child Tables	Child table inclusion option. Adds tables for all child lists of an entity (e.g., CashRefund table with ItemList child table as CashRefund_ItemList). Useful for showing items as individual rows. May increase table count significantly.
Include Custom Field Columns	Custom field inclusion option. Adds custom fields to base tables as individual columns. May reduce first-time metadata load performance. Metadata is cached per connection and cleared when the connection closes.
Include Custom List Tables	Custom list inclusion option. Adds custom list types as separate tables. May reduce first-time metadata load performance. Metadata is cached per connection and cleared when the connection closes.
Include Custom Record Tables	Custom record inclusion option. Adds custom record types as separate tables. May reduce first-time metadata load performance. Metadata is cached per connection and cleared when the connection closes.
Aggregate Columns	Aggregated column inclusion option. Displays aggregated values from child collections. Requires Include Child Tables to be enabled.
Verbosity	1 – Log queries, row counts, execution start/end, errors. 2 – Includes level 1 plus cache queries, HTTP headers. 3 – Includes level 2 plus request/response bodies. 4 – Includes level 3 plus transport-level communication. 5 – Includes level 4 plus all interface commands.
Enable Pooling	Connection pooling option for performance.
Pool idle timeout	Maximum idle time for connections before returning them to the pool, in seconds.
Max Pool Size	Maximum number of connections allowed in the pool.
Pool wait time	Maximum wait time for connection allocation before error is thrown, in seconds.

Additional connection properties

Additional connection string properties not specified in the Connection Properties panel. For each property added, you can choose Visible or Encrypted. Selecting Encrypted hides the value from the interface and stores it encrypted in the back end, such as when defining passwords.

Parameter	Description
Property	Connection string property that defines the action or behavior. Example: ReadOnly
Value	Value for the property. Example: True
Type	Visibility of the property: Visible or Encrypted.

Advanced settings

Advanced settings control how the NetSuite connector tracks changes, handles regional and time configuration, and processes data batches during extraction. These options allow fine‑tuning for performance and accuracy, and should be configured according to your system environment and operational requirements.

Setting	Description
Tracking Type	Method for tracking changes: None or Date.
Region	Region setting for the connector, if required by your setup.
Time Zone	Time zone matching the NetSuite application server.
Time Offset	Refresh offset in seconds to compensate for timing issues in record selection. Minimum value is 0; maximum is 3600 seconds.
Batch Size	Quantity of records processed in each batch during extraction. Larger batch sizes increase memory usage but can improve performance up to a point. The default value is 2000 and the maximum should not exceed 10000 records. Adjust according to your network speed and disk performance; in most cases the default (2000) works best.

Example