Authentication for SOAP Web Services
Authentication is the process of determining the identity of requesters by verifying the credentials they present. Most SOAP web services operations require authentication.
The available methods of authentication include the following:
Use only one authentication method in one SOAP message. Mixing different authentication types in a single SOAP message returns a SOAP fault.
Token-Based Authentication
With this approach, the request must include a consumer key, a token, and other data. Authentication details must be sent by using request-level credentials, not the login operation. For details on structuring a SOAP request this way, see Request-Level Credentials.
You generate a consumer key and secret when you create an integration record and configure the record to permit token-based authentication (by checking the Token-based Authentication box). For details, see Integration Management.
Token-based authentication is supported for use only with the 2015.2 endpoint and later.
User Credentials
As of the 2020.2 SOAP web services endpoint, authentication through request-level credentials is not supported. The Passport complex type is not supported. If you attempt to authenticate through request-level credentials in SOAP web services 2020.2 and later endpoints, the web services request is not processed, and an error message is returned. You must ensure that SOAP web services integrations created with 2020.2 and later SOAP web services endpoints use TBA. Authentication through user credentials continues to be supported in integrations that use SOAP web services 2020.1 and earlier endpoints. For more information, see Token-based Authentication and Web Services.
With this approach, the request must include the credentials associated with a single user: an email address, password, role, and NetSuite account ID. To find your account ID, go to the SOAP Web Services Preferences page at Setup > Integration > Integration Management > SOAP Web Services Preferences. For a list of NetSuite role internal IDs, see Internal IDs Associated with Roles.
When you authenticate by using user credentials, there are two approaches to how the SOAP request may be structured: you can use the login operation or you can use request-level credentials. For details, see Structuring SOAP Requests to Include Authentication Details.
For requests that use the 2015.2 WSDL or later, application ID is also mandatory, although technically application ID is not considered a part of the user authentication process. An application ID is used to link a request to an integration record that exists in your NetSuite account. To use any integration record for requests that authenticate through user credentials, the record must have the User Credentials box checked. For details, see Integration Management.
Outbound Single Sign-on (SuiteSignOn)
This approach allows an external application to perform callbacks to NetSuite after the SuiteSignOn handshake is complete and there is a live SuiteSignOn token. See the SuiteSignOn Sequence Diagram and Connection Details for details.
For more information about SuiteSignOn, see Outbound Single Sign-on (SuiteSignOn).