> ## Documentation Index
> Fetch the complete documentation index at: https://parabola.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Connecting to NetSuite

> How to create the right role, generate credentials, connect in Parabola, and manage access across your team.

The NetSuite connection requires a one-time setup in NetSuite before you can authorize anything in Parabola. This lesson walks through all four steps — and covers how to manage those credentials once they're in place.

***

## Video walkthrough

Watch this live walkthrough of the setup process for generating credentials and connecting to NetSuite:

<iframe src="https://www.loom.com/embed/dfadf087ed0d4f5097e0308506be72cc" width="100%" height="400" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen />

***

## What you'll need

Parabola connects to NetSuite using **token-based authentication**. That means you'll need to generate four credentials inside NetSuite:

| Credential          | Where it comes from         |
| ------------------- | --------------------------- |
| **Consumer key**    | NetSuite integration record |
| **Consumer secret** | NetSuite integration record |
| **Token ID**        | NetSuite access token       |
| **Token secret**    | NetSuite access token       |

You'll also need your **account ID**, which you can find in your NetSuite URL: `https://ACCOUNTID.app.netsuite.com/`

<Warning>
  The consumer key/secret and token ID/secret are only shown **once** — immediately after they're created. Copy and save them somewhere secure (like a shared password vault) before leaving the page. There is no way to retrieve them afterward.
</Warning>

***

## Step 1: Create a role

The role controls what Parabola can see and do in your NetSuite account. All access is scoped through this role.

**Navigate to:** Setup > Users/Roles > Manage Roles > New

When creating the role:

1. Give it a clear name (e.g., "Parabola Integration")
2. Under **Authentication**, check the **Web Services Only** box — this prevents the role from being used for interactive logins

<Warning>
  The **Web Services Only** checkbox is easy to miss. If it's not checked, the integration may authenticate but behave unexpectedly.
</Warning>

### Required permissions

Under the **Permissions** tab, enable the following:

**Setup (required for authentication):**

| Permission                 | Level | Why it's needed                                           |
| -------------------------- | ----- | --------------------------------------------------------- |
| Log in using Access Tokens | Full  | Allows Parabola to authenticate with token-based auth     |
| SOAP Web Services          | Full  | Required for Pull from NetSuite (reads data via SOAP API) |
| REST Web Services          | Full  | Required for Send to NetSuite (writes data via REST API)  |

<Note>
  If you only need **Pull from NetSuite**, you can skip REST Web Services for now — but you'll need to add it later if you want to send data back.
</Note>

**Lists (required for running searches):**

| Permission     | Level |
| -------------- | ----- |
| Perform Search | Full  |
| Persist Search | Full  |
| Publish Search | Full  |

**Transactions, Lists, Reports, and Custom Records:**

Add permissions for any specific object types your flows need to access. For each:

* Set to **View** for read-only access (Pull from NetSuite)
* Set to **Full** for read and write access (Send to NetSuite)

Common examples: Sales Orders, Purchase Orders, Transfer Orders, Items, Customers, Vendors, Locations, Subsidiaries.

***

## Step 2: Create an integration

**Navigate to:** Setup > Integration > Manage Integrations > New

1. Give it a clear name (e.g., "Parabola")
2. Make sure **Status** is set to `Active`
3. Under **Authentication**, select **Token-Based Authentication**
4. **Uncheck** both `TBA: Authorization Flow` and `Authorization Code Grant`
5. Save the record

After saving, the **Consumer Key** and **Consumer Secret** will appear on screen. Copy them immediately.

***

## Step 3: Create access tokens

**Navigate to:** Setup > Users/Roles > Access Tokens > New Access Token

1. Select the **integration** you just created
2. Select the **user** that will run the integration (see below for best practices on this)
3. Select the **role** you created in Step 1
4. Save

After saving, the **Token ID** and **Token Secret** will appear on screen. Copy them immediately.

***

## Step 4: Connect in Parabola

1. In Parabola, add a **Pull from NetSuite** step to your canvas
2. Open the step and click **Authorize**
3. Enter your **Account ID**, **Consumer Key**, **Consumer Secret**, **Token ID**, and **Token Secret**
4. Click **Authorize** — you'll be prompted to select a search type and saved search

Once connected, the same credential works for both Pull and Send to NetSuite steps.

***

## Account ID formatting

<Tip>
  If you're connecting to a **sandbox** account, the account ID format is slightly different. Find it by logging into your sandbox and copying the ID from the URL — it will look something like `12345-sb1` (with a dash, not an underscore). Use the exact string that appears in the URL.
</Tip>

***

## The generic integration user

The access token is tied to a specific NetSuite user. Rather than creating tokens under an individual employee's account, the best practice is to use a dedicated **integration user** — a generic account created specifically for this purpose.

This approach has two advantages:

1. **Continuity** — the integration doesn't break if an employee leaves or changes roles
2. **Clarity** — it's obvious which activity in NetSuite belongs to Parabola vs. a person

Usually, someone in IT creates the integration user, sets up the role and tokens, and shares the credentials with the team. The credentials are tied to the account and role, not to any individual.

***

## Sharing credentials across your team

Once the connection is set up, you can share it so teammates don't have to create their own.

1. In any NetSuite step, click **Edit Accounts**
2. Click the three-dot menu next to the credential
3. Select **Sharing Settings**
4. Share with specific users or the whole organization

<Warning>
  Share with **Use** access, not **Edit** access. Edit access lets teammates view and modify the credentials themselves — which exposes sensitive keys. Use access lets them connect flows without seeing the underlying tokens.
</Warning>

***

## What's next

With the connection in place, the next lesson covers the most important skill for Pull from NetSuite: building saved searches that return the right data. In the building challenge there, you'll pull your first real search into Parabola — start with whatever saved search makes the most sense for your business.

***

<Card icon="sparkles" title="Building challenge">
  Authorize the NetSuite connection in Parabola and configure credential sharing for your team.

  <Steps>
    <Step title="Complete the four-step setup in NetSuite">
      Work through the role, integration, and access token setup described above. If IT is handling this for you, confirm you have the four credentials ready: consumer key, consumer secret, token ID, and token secret.
    </Step>

    <Step title="Authorize in Parabola">
      Open a new flow, add a **Pull from NetSuite** step, and click **Authorize**. Enter your account ID and all four credentials. You'll know it worked when the step prompts you to select a search type.
    </Step>

    <Step title="Configure sharing settings">
      In the step, click **Edit Accounts** > three-dot menu next to your credential > **Sharing Settings**. Share it with your organization using **Use** access (not Edit). This means teammates can connect flows using this credential without being able to see or modify the underlying tokens.
    </Step>
  </Steps>

  **You're done when:** The Pull from NetSuite step is authorized and the credential shows as shared with your team.
</Card>