NetSuite

connect your netsuite financial and operational data to chord netsuite is the erp that powers accounting, inventory, procurement, and order management for many chord brands chord ingests cost, inventory, and revenue attribution data from netsuite so you can model true per order cogs, landed costs, and margin alongside the rest of your stack the costing detail that storefront and subscription platforms don't carry unlike most chord connectors, which take a single api key, netsuite uses token based authentication (tba), an oauth 1 0a flow that requires a short setup inside netsuite to create an integration record, an access token, and a dedicated integration role this page walks through that setup, the exact role permissions chord needs, and how to connect the credentials in chord hub what chord ingests from netsuite chord reads netsuite through suiteql and pulls cost and revenue attribution data each dataset becomes its own table in your chord snowflake schema on the cost side per transaction cogs the realized cost of goods sold posted to the general ledger, sourced from the accounting lines on item fulfillment events (see the note below on when cogs posts) procurement costs purchase costs flowing through purchase orders, vendor bills, and item receipts landed costs freight, duty, and handling capitalized into inventory cost, where you track them inventory cost movements cost changes from inventory adjustments and item location cost data on the revenue attribution side, chord ingests sales orders, invoices, cash sales, and credit memos the order and billing documents that tie cost back to revenue customer payments applied receipts against invoices vendor bills, purchase orders, and item receipts the procurement documents item fulfillments shipment events, where per line cogs posts to the gl heads up cogs posts on the item fulfillment event when goods ship, not when the sales order is created orders that are entered but not yet fulfilled will show no cogs until the fulfillment posts this is expected netsuite behavior, not a gap in the connector set up token based authentication in netsuite netsuite authenticates chord with five values you'll generate during this setup and then paste into chord hub account id consumer key consumer secret token id token secret the setup has three parts enable the right features, create an integration record, and create an access token tied to a dedicated role you'll need netsuite administrator access to complete it heads up the consumer secret and token secret are each shown only once, at the moment you create the integration record and the access token respectively copy all five values somewhere safe as you go if you lose a secret, you can't reveal it later you'll have to regenerate the integration record or token 1\ enable the required features in netsuite, go to setup → company → enable features and open the suitecloud subtab all of these settings live on that one subtab in the suitescript section, confirm client suitescript and server suitescript are enabled (a prerequisite for token based authentication) in the manage authentication section, enable token based authentication in the suitetalk (web services) section, enable rest web services save the page 2\ create an integration record go to setup → integration → manage integrations → new , give the integration a recognizable name (for example, chord data sync ), and configure it enable token based authentication enable tba issue token endpoint disable tba authorization flow disable authorization code grant save the record netsuite displays the consumer key and consumer secret once on the confirmation screen copy both now 3\ create an access token go to setup → users/roles → access tokens → new and link three things the integration record you created in step 2 a dedicated integration user (an employee record reserved for this connection) the integration role carrying the permissions listed below save the token netsuite displays the token id and token secret once copy both now 4\ grant the integration role its permissions the integration role must carry the permissions below, grouped by the netsuite subtab where you'll find each one this is the part merchants most often get wrong important chord reads netsuite via suiteql, which needs three permissions working together rest web services and log in using access tokens (both under setup ), plus suiteanalytics workbook , which lives under reports (not setup) and must be set to access level edit rest web services alone is not enough suiteql also enforces per table access, so the role needs the view permission for every record type chord reads (the transactions and lists grants below) a missing table permission doesn't raise an access error instead, the table simply appears not to exist, so that data silently never arrives setup log in using access tokens full rest web services full reports suiteanalytics workbook edit (this is the permission that authorizes suiteql; it lives under reports, not setup) financial statement view landed cost templates view (optional, only if you track landed costs) transactions (all view) sales order invoice cash sale credit memo customer payment item fulfillment find transaction vendor bill purchase order item receipt adjust inventory adjust inventory worksheet lists (all view) customers items vendors subsidiaries accounts departments classes locations custom records (optional, view, only if you track landed costs) landed cost template landed cost template detail landed cost template mapping oneworld and multiple subsidiaries on oneworld accounts, netsuite's rest api, including suiteql, silently filters every response to the integration role's subsidiary scope there is no error; data outside that scope is simply omitted a role's subsidiary restrictions defaults to user subsidiary , which returns only the integration user's own subsidiary to ingest every subsidiary, set the integration role's subsidiary restrictions to all (or select the specific subsidiaries you want), and make sure the integration employee record has access to them otherwise you'll get a clean looking but incomplete dataset connect the credentials in chord open chord hub and go to data sources → add source pick netsuite from the data source list and enter the five values you generated during setup account id your netsuite account number use the plain numeric id for production for a sandbox, use the underscore form (for example, 1234567 sb1 ), not the hyphenated form shown in the browser url consumer key consumer secret token id token secret click save chord stores the credentials encrypted; it does not make a live call against netsuite at this step when ingestion is enabled for your tenant, the first sync kicks off automatically and validates the credentials end to end subsequent syncs run on your tenant's standard ingestion schedule heads up because chord doesn't test the connection when you click save, a wrong value or a missing role permission won't surface until the first ingestion job runs if your first sync fails, the troubleshooting items below cover the most common causes troubleshooting credentials saved but no data is coming through, or i see "role does not have permission" this almost always means the integration role is missing the suiteanalytics workbook permission, or one of the per record view permissions listed above chord reads netsuite via suiteql, and suiteql queries are authorized specifically by suiteanalytics workbook rest web services alone is not enough, which is why the credentials save cleanly but the data read fails a missing table permission makes that table look like it does not exist rather than returning an access error add suiteanalytics workbook (edit) under reports on the integration role confirm the transactions (including find transaction ) and lists view grants save the role re run the sync i'm on oneworld and some subsidiaries are missing netsuite's rest api, including suiteql, silently scopes every response to the integration role's subsidiary access there's no error when data is filtered out set the integration role's subsidiary restrictions to all (or select the subsidiaries you want) make sure the integration employee record has access to those subsidiaries re run the sync pending orders show no cogs is something wrong? no netsuite posts per line cogs to the gl on the item fulfillment event, when goods ship, not when the sales order is created orders that haven't been fulfilled yet will correctly show no cogs until the fulfillment posts do netsuite tokens expire? no access tokens stay valid until someone explicitly revokes them in setup → users/roles → access tokens if a previously working connection suddenly fails, check that the token is still listed and active, and that the integration role and user are still enabled i lost one of the secrets how do i recover it? the consumer secret and token secret are shown only once and can't be revealed later if you lose the consumer secret, regenerate it on the integration record ( setup → integration → manage integrations ) if you lose the token secret, create a new access token ( setup → users/roles → access tokens ) paste the new values into the same chord credential entry and save what account id format should i use for a sandbox? use the underscore form, such as 1234567 sb1 the hyphenated form you see in the netsuite browser url (for example, 1234567 sb1 ) will not authenticate production accounts use the plain numeric id how do i rotate the credentials? create a new access token in netsuite (and a new integration record if you're also rotating the consumer key/secret) paste the new values into the same chord credential entry save chord uses the new credentials on the next scheduled sync once you've confirmed a clean sync, revoke the old token in netsuite need help? if you hit a credential, permission, or connectivity issue you can't resolve, reach out to help\@chord co mailto\ help\@chord co with the exact error message we'll trace the request and tell you what's failing