Sample Responses from the roles Service
The following sections show sample responses from the REST roles service:
Calls that Include a NetSuite Account ID
A typical call to the roles service includes a NetSuite account ID in its authorization header. For example, the header might look like the following:
NLAuth nlauth_account=023456, nlauth_email=jsmith@example.com, nlauth_signature=Welcome123
In response, the system returns data specific to that NetSuite account and user, as shown in the following example.
{
"account": {
"internalId": "1234567",
"name": "Test Acct",
"type": "PRODUCTION"
},
"role": {
"internalId": 14,
"name": "Customer Center"
},
"dataCenterURLs": {
"webservicesDomain": "https://<accountID>.suitetalk.api.netsuite.com",
"restDomain": "https://<accountID>.restlets.api.netsuite.com",
"systemDomain": "https://<accountID>.app.netsuite.com"
}
}
],
With this approach, the system returns all roles for the user in the specified account. Results include the Customer Center role and any custom roles created based on the Customer Center role, if the user belongs to those roles. If the account ID is omitted, the service does not return Customer Center roles.
For information about NLAuth, see Using User Credentials for RESTlet Authentication.
Calls that Omit a NetSuite Account ID
A call to the roles service can omit a NetSuite account ID. With these calls, the authorization header includes only user and password data, as follows:
NLAuth nlauth_email=jsmith@example.com, nlauth_signature=Welcome123
With this type of call, the system returns data on all accounts to which the user has access. However, the system does not return the Customer Center role, nor any custom role that was created based on the Customer Center role. To have the system return Customer Center roles, use the method described in Calls that Include a NetSuite Account ID.
The following snippet shows a sample response to a request that omitted a NetSuite account ID.
[
{
"account": {
"internalId": "023456"
"name": "Account 1"
}
"role": {
"internalId": 3
"name": "Administrator"
}
"dataCenterURLs": {
"webservicesDomain": "https://<accountID>.suitetalk.api.netsuite.com",
"restDomain": "https://<accountID>.restlets.api.netsuite.com",
"systemDomain": "https://<accountID>.app.netsuite.com"
}
},
{
"account": {
"internalId": "123456"
"name": "Account 2"
}
"role": {
"internalId": 1
"name": "Accountant"
}
"dataCenterURLs": {
"webservicesDomain": "https://<accountID>.suitetalk.api.netsuite.com",
"restDomain": "https://<accountID>.restlets.api.netsuite.com",
"systemDomain": "https://<accountID>.app.netsuite.com"
}
},
{
"account": {
"internalId": "123456"
"name": "Account 2"
}
"role": {
"internalId": 3
"name": "Administrator"
}
"dataCenterURLs": {
"webservicesDomain": "https://<accountID>.suitetalk.api.netsuite.com",
"restDomain": "https://<accountID>.restlets.api.netsuite.com",
"systemDomain": "https://<accountID>.app.netsuite.com"
}
}
]
Strings must be escaped using RFC 3986. If you do not escape characters in the header, you may receive an INVALID_LOGIN_ATTEMPT error. For more information about percent encoding, go to https://tools.ietf.org/html/rfc5849#section-3.6.