First, be sure to download the most recent version of SuiteAPI. You can download SuiteAPI here.

SuiteAPI is provided as a compressed "zip" file. You'll need to unzip the file before uploading it to your NetSuite account.

If you haven't already logged into your NetSuite account, do that now. I highly recommend that you first install SuiteAPI into a sandbox account for testing before installing it into a production account. And be sure to login as an administrator.

Next, navigate to the account's File Cabinet, and specifically to the SuiteScripts folder. Documents > Files > SuiteScripts.

Add a subfolder for SuiteAPI. Again, navigate to the SuiteScripts folder in the File Cabinet. Then click the "New Folder" button in the header. For the Folder Name, enter: SuiteAPI. You can leave all of the other fields as they are. Click the Save button to create the folder.

Now we'll upload the SuiteAPI SuiteScript file to the folder that you created. In the File Cabinet, you should be in the SuiteScripts > SuiteAPI folder. If not, navigate to it. Then click the "Add File" button in the header. Then navigate to the location of the file that you unzipped earlier. The file that you want to select is named: suiteapi.restlet.js

The script file is very small, and should upload quickly. When the file has been uploaded, you'll see it listed in the SuiteScripts > SuiteAPI folder.

Next, we'll create a Script Record for SuiteAPI.

Navigate to: Customization > Scripting > Scripts > New

The "Upload Script File" form will appear. In the Script File field, enter: suiteapi The field will auto-complete, and you'll see the file that you uploaded ("suiteapi.restlet.js") listed. Select it, and then click the "Create Script Record" button.

The "Script" form will appear. Enter the following values into the form:
• Name: SuiteAPI
• ID: _suiteapi
• Description: An alternative Web API for the NetSuite platform.

Click on the Deployments tab, and set these values in the first row:
• Title: SuiteAPI
• ID: _suiteapi

Make sure that the Deployed checkbox is checked, and set the Status to Released.

Click the Save button.

The Script and Script Deployment records will be created, and the Script record will be displayed.

Click on the Deployments tab, and click on the title ("SuiteAPI") of the deployment that is displayed. This will load the Script Deployment.

Copy the value of the External URL that is displayed. It will be something like:
https://99999999.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=925&deploy=1

Before continuing, confirm that Token-Based Authentication is enabled in your NetSuite account. Navigate to: Setup > Company > Enable Features > SuiteCloud > Token-Based Authentication

I highly recommend creating one (or more) custom roles for use with SuiteAPI. These roles will be used to specify the NetSuite resources that your SuiteAPI-based integrations will have access to, and the type of permissions that they'll have. For example, you might create a role designed specifically for querying item information, and another that has the ability to create and/or update transactions.

If you are not already familiar with NetSuite's security model, please take some time to learn about it. You should also consider what your integration(s) will need access to before continuing.

The instructions that follow are designed to help you create a standard, somewhat simple role. I recommend that you modify the permissions that are assigned based on your specific needs.

To create a custom role, navigate to: Setup > Users/Roles > Manage Roles > New

To create a custom role, navigate to: Setup > Users/Roles > Manage Roles > New

The Role form will appear. Enter the following values:
• Name: SuiteAPI Integration Role
• ID: _suiteapi_integration

If your NetSuite account supports multiple subsidiaries (i.e. it's a "One World" account), then be sure to set the Subsidiary Restrictions based on your needs.

In the Authentication section, leave everything as-is (i.e. use the default settings). None of the checkboxes should be checked.

Now we're ready to specify the role's permissions. To do so, click on the Permissions tab.

The table below show's the permissions that I recommend. As mentioned above, you should set permissions based on your specific needs.

For guidance on permissions needed to access specific tables using SuiteQL, please visit: https://timdietrich.me/blog/netsuite-suiteql-tables-permissions-reference/

In order to use Access Tokens, you'll need to assign the custom role to an employee record. I generally recommend creating at least one employee record for your integrations, but the strategy that you'll want to use will vary based on your needs, your NetSuite license, and so on.

In any case, select an employee that has access to NetSuite, and assign the SuiteAPI custom role to their record. To do so, select an employee and click to edit it. On the Access tab, under Roles, select the "SuiteAPI Integration Role" role, and then click Save.

Next, we create an Integration Record. To do so, navigate to: Setup > Integration > Manage Integrations > New

The Integration form will appear. Set the form based on these instructions:
• Name: SuiteAPI
• Enable the "Token-based Authentication" option.
• Disable the "TBA: AUTHORIZATION FLOW" option.
• Disable the OAuth 2.0 "Authorization Code Grant" option.

Save the record.

Make note of the "CONSUMER KEY / CLIENT ID" and "CONSUMER SECRET / CLIENT SECRET." Be sure to store them somewhere safe, as this is the only time that NetSuite will make them available.

Next, we create an Access Token. To do so, navigate to: Setup > Users/Roles > Access Tokens > New

The Access Token form will appear. Set the form based on these instructions:
• Application Name: SuiteAPI
• User: Select the employee that you assigned the custom role to.
• Role: SuiteAPI Integration Role

Click Save.

Make note of the "TOKEN ID" and "CONSUMER SECRET / TOKEN SECRET." Be sure to store them somewhere safe, as this is the only time that NetSuite will make them available.

The final step is to give the SuiteAPI custom role permission to access the SuiteQPI Script Deployment. To do so, navigate to: Customization > Scripting > Script Deployments

Next, select the SuiteAPI deployment record. It will have an ID such as: customdeploy_suiteapi

Click to edit the deployment record. On the Audience tab, under Roles, be sure to select: SuiteAPI Integration Role

Click the Save button.

How you call SuiteAPI will depend on the API client (or development environment) that you are using. In general, you'll want to use the values that you captured during these setup instructions, including:
• The External URL that was assigned to the Script Deployment record.
• The CONSUMER KEY / CLIENT ID and CONSUMER SECRET / CLIENT SECRET that were generated when you created the Integration Record.
• The TOKEN ID and TOKEN SECRET that were generated when you created the Access Token.

If your API client supports OAuth1, then configuring it as follows might help:
• Consumer Key - Use the key that was generated when you created the Integration Record.
• Consumer Secret - Use the secret that was generated when you created the Integration Record.
• Token - Use the Token ID that was generated when you created the Access Token.
• Token Secret - Use the Token Secret that was generated when you created the Access Token.
• Timestamp - Use "Epoch Time" if it's available.
• Nonce - Use an auto-generated nonce.
• Signature Method - Specify "HMAC-SHA256."
• Additional Params - Include a "realm" value set to your NetSuite Account Number. For Test Drive and Sandbox accounts, the text portion of the account number should be upper-case.

If you need assistance setting up your API client, I recommend referring to NetSuite's Token-based Authentication (TBA) page: https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/chapter_4247329078.html

To test SuiteAPI and confirm that the integration is working properly, I suggest calling SuiteAPI's "echo" procedure. If successful, the response that you receive will be the same request payload that you sent to it. For example: