Apideck Help Center
Requests
Advice and answers from the Apideck Team
In this article
How it worksExample: Search for Vendor BillsKey differences from the REST proxyTroubleshootingResources
Home
Apideck Unify
Accounting
NetSuite

NetSuite: How to use the SOAP API via the Proxy

Edited

The Apideck Proxy API supports NetSuite's SOAP/SuiteTalk API in addition to the REST API. This guide covers how to structure your request so that Apideck automatically handles Token-Based Authentication (TBA) - no manual signing or credential management required.

How it works

When you send a SOAP request through the proxy, Apideck injects the stored connection credentials from Vault into the request automatically. You use placeholder variables in both the downstream URL and the SOAP body - Apideck resolves them at request time.

Placeholder

Where to use it

What Apideck injects

{account_id}

Downstream URL subdomain

The NetSuite account ID

{account}

SOAP body <platformCore:account>

The NetSuite account ID

{consumer_key}

SOAP body tokenPassport

TBA consumer key

{nonce}

SOAP body tokenPassport

Generated per-request nonce

{timestamp}

SOAP body tokenPassport

Current Unix timestamp

{token_id}

SOAP body tokenPassport

TBA token ID

{signature}

SOAP body tokenPassport

Computed HMAC-SHA256 signature

Important: Never hardcode actual credential values or the real account ID in your request. Apideck needs the placeholders to know what to resolve from the consumer's connection in Vault.

Example: Search for Vendor Bills

The following example searches for all vendor bills using the NetSuite SOAP API via the proxy.

curl --location 'https://unify.apideck.com/proxy' \
--header 'x-apideck-consumer-id: YOUR_CONSUMER_ID' \
--header 'x-apideck-app-id: YOUR_APP_ID' \
--header 'x-apideck-service-id: netsuite' \
--header 'x-apideck-downstream-url: https://{account_id}.suitetalk.api.netsuite.com/services/NetSuitePort_2022_2' \
--header 'Content-Type: application/xml' \
--header 'Accept: application/xml' \
--header 'SOAPAction: search' \
--header 'Authorization: Bearer YOUR_API_KEY' \
--data '<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
  xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:platformMsgs="urn:messages_2022_2.platform.webservices.netsuite.com"
  xmlns:platformCore="urn:core_2022_2.platform.webservices.netsuite.com"
  xmlns:platformCommon="urn:common_2022_2.platform.webservices.netsuite.com">
  <soap:Header>
    <platformMsgs:tokenPassport>
      <platformCore:account>{account}</platformCore:account>
      <platformCore:consumerKey>{consumer_key}</platformCore:consumerKey>
      <platformCore:nonce>{nonce}</platformCore:nonce>
      <platformCore:timestamp>{timestamp}</platformCore:timestamp>
      <platformCore:token>{token_id}</platformCore:token>
      <platformCore:version>1.0</platformCore:version>
      <platformCore:signature algorithm="HMAC_SHA256">{signature}</platformCore:signature>
    </platformMsgs:tokenPassport>
    <searchPreferences xsi:type="SearchPreferences">
      <bodyFieldsOnly>false</bodyFieldsOnly>
      <returnSearchColumns>true</returnSearchColumns>
      <pageSize>20</pageSize>
    </searchPreferences>
  </soap:Header>
  <soap:Body>
    <search xmlns="urn:messages_2022_2.platform.webservices.netsuite.com">
      <searchRecord
        xsi:type="ns1:TransactionSearchBasic"
        xmlns:ns1="urn:common_2022_2.platform.webservices.netsuite.com">
        <ns1:type operator="anyOf"
          xsi:type="ns2:SearchEnumMultiSelectField"
          xmlns:ns2="urn:core_2022_2.platform.webservices.netsuite.com">
          <ns2:searchValue xsi:type="xsd:string">vendorBill</ns2:searchValue>
        </ns1:type>
      </searchRecord>
    </search>
  </soap:Body>
</soap:Envelope>'

Key differences from the REST proxy

If you are familiar with using the Apideck proxy for NetSuite's REST API, note the following differences when using the SOAP API.

REST API

SOAP API

Content-Type

application/json

application/xml

Accept

application/json

application/xml

Auth method

OAuth injected via headers

OAuth injected into SOAP body via tokenPassport

Endpoint path

/services/rest/...

/services/NetSuitePort_2022_2

Account placeholder in body

N/A

{account} (not {account_id})

Troubleshooting

Using {account_url} in the downstream URL

Only {account_id} is recognised by Apideck as a variable in the downstream URL. Using {account_url} will result in an internal server error.

Using {account_id} in the SOAP body

The account field inside the tokenPassport block must use {account}, not {account_id}. These are two different placeholders and only {account} is substituted inside the request body.

Hardcoding credentials or the account ID

Passing real values instead of placeholders bypasses Apideck's credential injection and might result in authentication failures.

Setting Accept: application/json

The SOAP API returns XML. Setting the wrong Accept header can cause Apideck to fail when parsing the downstream response. Always use Accept: application/xml for SOAP requests.

Resources

netsuite
proxy
soap api

Was this article helpful?

Sorry about that! Care to tell us more?

Thanks for the feedback!

There was an issue submitting your feedback
Please check your connection and try again.