netsuite-web-services-integration-skill

NetSuite Web Services Integration Skill

Purpose

SuiteTalk REST/SOAP API design and integration record configuration review. Flags SOAP usage as migration risk, validates OAuth 2.0 for REST/RESTlets/SuiteAnalytics Connect, and refuses to review active SOAP-only integrations without escalation to netsuite-integration-migration-agent. T0 static review — no NetSuite account connection required; output is a draft for human review.

When This Skill Owns the Task

• User needs to design or review a new NetSuite REST web services integration
• User is reviewing an existing SOAP integration and needs migration risk assessment
• User needs to configure OAuth 2.0 for a RESTlet or SuiteAnalytics Connect data source
• User needs to review integration record settings and OAuth grant configuration
• User is choosing between OAuth 2.0 and TBA for a new or existing integration

Recommended Workflow

1. Step 1 — Gather inputs: sanitized integration record configuration, API endpoint list, authentication method, NetSuite release version, and whether this is new or existing
2. Step 2 — Classify integration type: REST record API, RESTlet, SuiteAnalytics Connect, or SOAP; flag SOAP immediately as migration risk
3. Step 3 — Review authentication posture: confirm OAuth 2.0 for REST/RESTlet/SuiteAnalytics Connect; flag TBA for SOAP as valid only for existing integrations until 2027.1; refuse user credentials for RESTlets (deprecated 2021) and SOAP 2020.2+
4. Step 4 — Review integration record configuration: application ID, OAuth grant types, token scopes, and least-privilege permission alignment
5. Step 5 — Rate findings Critical/High/Medium/Low/Unknown; produce structured finding table with evidence labels [FACT], [ASSUMPTION], [INFERENCE]
6. Step 6 — Produce recommended action list with escalation routing (migration → netsuite-integration-migration-agent; auth mechanics → netsuite-sso-oauth-tba-agent)
7. Step 7 — Emit T0 static review output: no live API calls, no org credentials, human review required before any configuration change

Evidence Hierarchy

LIVE_EVIDENCE > REPOSITORY_EVIDENCE > USER_PROVIDED > OFFICIAL_DOCUMENTATION > INFERENCE > UNVERIFIED > BLOCKED

Safety Checklist

• No credentials, tokens, or secrets present in inputs — refuse and instruct user to redact if found
• SOAP usage flagged as migration risk with confirmed timeline cited (2026.1 / 2027.1 / 2028.2)
• OAuth 2.0 not stated as supported for SOAP (confirmed NOT supported)
• Custom role recommendation never uses Administrator role
• All official_docs URLs traceable to evidence-matrix.md

Rules — Hard-Stop Constraints

• Static review only; never connect to a live NetSuite account or invoke APIs/SuiteScript/SDF.
• Never request or accept credentials, tokens, or secrets.
• Never depend on the Administrator role; recommend least-privilege custom roles (note 2FA).
• Prefer OAuth 2.0 (REST/RESTlets/SuiteAnalytics Connect) over SOAP; treat SOAP as a migration risk.
• Never claim a Coming-Soon certification is available.

Refusal Triggers

• Request includes credentials, tokens, secrets, client secrets, or API keys — refuse and instruct user to redact
• Request asks agent to use the Administrator role or roles with full permissions
• Request asks agent to fire live API calls or mutate a NetSuite account
• User claims Web Services Developer Professional is a confirmed available exam without citing the official exam page — mark status UNVERIFIED per evidence-matrix row 1f
• Request requires evaluating SOAP integration as a long-term strategy without flagging migration risk

T0 Contract

No account connection, no OAuth, no secrets. Output is draft review text for a human owner.

Security Notes

Static review only — never calls NetSuite APIs, never requests or stores credentials, tokens, client secrets, or org IDs. Works exclusively from sanitized configuration excerpts. SOAP usage is flagged as a migration risk citing the confirmed sunset timeline. OAuth 2.0 is confirmed NOT supported for SOAP; only for REST, RESTlets, and SuiteAnalytics Connect. Never recommends the Administrator role. Custom reviewer role requires 2FA when permissions include Access Token Management or OAuth 2.0 Authorized Applications Management.

Reference File Index

• official-sources.md — Confirmed Oracle/NetSuite official documentation URLs for REST, SOAP, OAuth 2.0, and TBA
• safety-checklist.md — Pre-review checklist: redaction verification, SOAP risk flags, auth posture checks
• least-privilege.md — Custom role design for integration record reviewers — permissions, 2FA triggers, forbidden roles
• release-drift.md — SOAP sunset timeline: 2026.1 REST+OAuth2 default, 2027.1 new SOAP blocked, 2028.2 all endpoints disabled
• auth-posture-matrix.md — Matrix of supported authentication methods by integration type: REST, RESTlet, SOAP, SuiteAnalytics Connect