For REST-based access, authenticate using OAuth 1.0a (TBA - Token Based Authentication): create an integration record in NetSuite, generate an access token for a specific role, and sign each request with the consumer key, consumer secret, token, and token secret using HMAC-SHA256.
To run a saved search via SuiteScript 2.x, use the N/search module: call search.load with the saved search internal ID, then call savedSearch.run().getRange to retrieve result rows in batches of up to 1000.
To execute a saved search via the REST Record API, use the SuiteQL endpoint: POST to /services/rest/query/v1/suiteql with a SQL-like query body; this is the recommended REST approach for record queries.
Paginate SuiteQL results using the 'offset' and 'limit' query parameters on the SuiteQL endpoint, or using the 'hasMore' and pagination links in the response.
Map SuiteQL column names to internal field IDs (e.g., 'tranid' for transaction number, 'entity' for customer); use the NetSuite Records Browser or field inspector to confirm internal IDs before querying.
Known gotchas
OAuth 1.0a signature generation must use exact URL encoding and parameter sorting as specified in the OAuth 1.0 spec; even minor deviations produce INVALID_LOGIN_ATTEMPT errors with no useful detail.
Saved search results via SuiteScript getRange are limited to 1000 rows per call; a search returning more requires looping with incremented start indices, and performance degrades on very large result sets.
SuiteQL access requires the SuiteAnalytics Workbook feature to be enabled in the NetSuite account, and the integration role must have the SuiteQL permission; missing permissions return a generic 403 rather than a descriptive error.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp