netsuite-tba

NetSuite API for n8n using TBA (OAuth1 HMAC-SHA256)

Package Information

Released: 8/27/2025
Downloads: 17 weekly / 44 monthly
Latest Version: 0.1.7
Author: Piotr Wawer

Available Nodes

NetSuite TBA icon
NetSuite TBA
No description available

Documentation

n8n-nodes-netsuite-tba

Generic NetSuite HTTP (Token-Based Auth, OAuth 1.0a HMAC-SHA256) node for n8n.

  • Works with SuiteTalk (REST / SuiteQL), RESTlet, and Custom URLs.
  • No 3-legged OAuth flow. You provide consumer/token secrets + account Realm.
  • Auto-builds correct host for SuiteTalk/RESTlet; handles OAuth1 signing with realm.
  • Pass-through output by default (returns response body). Enable Return Full Response to get { status, headers, body }.

Tested with n8n 1.82.0. Credentials and node are written in TypeScript and bundled to dist/.

Contents

Requirements

  • Node.js 20+ for building the package.
  • n8n 1.82.0 or compatible runtime.
  • NetSuite account with Token-Based Authentication (TBA) enabled.
  • Integration record (Consumer Key / Secret), Access Token (Token ID / Secret), and a role with:
    • User Access Tokens
    • Web Services
    • REST Web Services

Install (local dev)

# install deps and build
npm install
npm run build

The compiled files will be in dist/.

Using with Docker (recommended for local testing)

Mount your custom extensions folder into the n8n container and point N8N_CUSTOM_EXTENSIONS to it.

Example docker-compose.yml snippet:

services:
  n8n:
    image: n8nio/n8n:latest
    environment:
      - N8N_CUSTOM_EXTENSIONS=/custom
    volumes:
      - ./extensions:/custom
    ports:
      - "5678:5678"

Place this project under ./extensions/n8n-nodes-netsuite-tba, run npm run build, then restart the container.
In n8n, you should see a node called “NetSuite HTTP (TBA)” and credentials “NetSuite TBA”.

How it works

This node performs OAuth 1.0a signing with HMAC-SHA256 and includes realm="<Account ID>" in the Authorization header, which is required by NetSuite TBA.

Realms are sanitized for hostnames:

  • 1234567_SB11234567-sb1
  • TSTDRV1234567tstdrv1234567
  • 1234567 (prod) → 1234567

The node builds proper base URLs:

  • SuiteTalk: https://<realm>.suitetalk.api.netsuite.com/services/rest
  • RESTlet: https://<realm>.restlets.api.netsuite.com
  • Custom: any absolute URL you provide

Credentials

Create credentials NetSuite TBA with the following fields:

  • Account ID (Realm): e.g. 1234567, 1234567_SB1, or TSTDRV1234567
  • Consumer Key / Consumer Secret
  • Token ID / Token Secret
  • Signature Method (fixed): HMAC-SHA256

Realm must match your environment (include _SB# for sandbox). The node converts it to a valid subdomain automatically.

Node options

  • Domain
    • SuiteTalk (REST / SuiteQL) → base URL includes /services/rest. Use Path like /query/v1/suiteql or /record/v1/....
    • RESTlet → provide Script ID and Deploy ID. The node builds the path: /app/site/hosting/restlet.nl?script=<ID>&deploy=<ID>. For GET, you can add extra Query Parameters; for non-GET a JSON Body is required.
    • Custom → provide Custom Base URL and Path of your endpoint.
  • Method: GET | PUT | POST | PATCH | DELETE
  • Send Body + JSON Body: enable and provide JSON payload for non-GET calls (and SuiteQL POST).
  • Return Full Response: if enabled, returns { status, headers, body } instead of just body.
  • Add Prefer: transient Header: enabled by default; recommended/required for SuiteQL.

Examples

SuiteQL

  • Domain: SuiteTalk
  • Method: POST
  • Path: /query/v1/suiteql
  • Send Body: on
  • JSON Body:
{ "q": "SELECT 1" }

REST Records

  • Domain: SuiteTalk
  • Method: GET
  • Path: /record/v1/metadata-catalog

RESTlet GET

  • Domain: RESTlet
  • Method: GET
  • Script ID: 0000
  • Deploy ID: 1
  • Query Parameters: e.g. foo=bar

Result URL:

https://<realm>.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=1423&deploy=1&foo=bar

RESTlet POST

  • Domain: RESTlet
  • Method: POST
  • Script ID: 0000
  • Deploy ID: 1
  • Send Body: on
  • JSON Body:
{ "hello": "world" }

Custom domain

  • Domain: Custom
  • Custom Base URL: https://api.example.com
  • Method: GET
  • Path: /anything

Troubleshooting

  • 401 Unauthorized / INVALID_LOGIN

    • Realm must match the environment: 1234567 vs 1234567_SB1 vs TSTDRV...
    • Integration (Consumer) and Token must belong to the same Integration, Role, and Account.
    • Role must have User Access Tokens, Web Services, REST Web Services permissions.
    • Ensure you are calling the correct host for the realm (host is built automatically).

  • Invalid URL

    • Happens if base URL is missing for Custom, or if a sandbox realm with underscore is used directly as subdomain. This node automatically sanitizes the realm to avoid invalid hostnames.

  • Empty output

    • By default, the node returns only body. If the endpoint returns no content (e.g., 204), the node outputs {}. Enable Return Full Response to inspect status/headers.

  • “Could not get parameter”

    • This occurs when trying to read hidden parameters (e.g., jsonBody with Send Body off, or customBaseUrl when Domain is not Custom). The node guards against this.

License

MIT

Discussion