Developer GuideAPI Reference
API Overview
SuitePortal REST API for accessing synced transaction data
API Overview
The SuitePortal API provides read-only access to transaction data synced from NetSuite. All endpoints require authentication via Better Auth API keys.
Base URL
https://suiteportal.io/api/v1Authentication
All requests require an API key in the Authorization header:
Authorization: Bearer sp-{timestamp}-{hash}API keys are scoped to an organization. The tenantId is automatically derived from the API key—no tenant parameter is required.
See Authentication for details on obtaining API keys.
Available Endpoints
| Endpoint | Method | Description |
|---|---|---|
/api/v1/invoices | GET | List invoice transactions |
/api/v1/sales | GET | List sales order transactions |
/api/v1/purchases | GET | List purchase order transactions |
/api/v1/fulfillments | GET | List item fulfillment transactions |
Common Query Parameters
All transaction endpoints support:
| Parameter | Type | Default | Description |
|---|---|---|---|
page | number | 1 | Page number (1-indexed) |
pageSize | number | 50 | Records per page |
search | string | — | Text search across tranId, entity, memo |
sortBy | string | tranDate | Field to sort by |
sortDirection | asc | desc | asc | Sort order |
filters[] | string | — | Filter in key:value format (repeatable) |
Response Format
{
"data": [
{
"_id": "tenant-123:transaction:invoice:456",
"nsId": "456",
"recordType": "invoice",
"syncedAt": "2024-01-15T10:30:00.000Z",
"data": {
"tranId": "INV-001",
"entity": "12345",
"tranDate": "2024-01-15",
"amount": 1000.00
}
}
],
"total": 100,
"page": 1,
"pageSize": 50,
"totalPages": 2
}Response Fields
| Field | Type | Description |
|---|---|---|
data | array | Array of transaction records |
data[]._id | string | Unique record identifier |
data[].nsId | string | NetSuite internal ID |
data[].recordType | string | Transaction type |
data[].syncedAt | string | ISO timestamp of last sync |
data[].data | object | Transaction data fields |
total | number | Total matching records |
page | number | Current page |
pageSize | number | Records per page |
totalPages | number | Total pages |
Error Responses
| Status | Error | Description |
|---|---|---|
| 400 | Invalid record type | Endpoint path not recognized |
| 401 | API key required | Missing Authorization header |
| 401 | Invalid API key | API key not found or expired |
| 403 | Access denied | User not member of organization |
| 500 | Server error | Internal server error |
Row-Level Security
Data access is automatically scoped by portal type:
| Portal Type | Access |
|---|---|
| Tenant | All transactions for the tenant |
| Customer | Transactions where entity = customer ID |
| Vendor | Transactions where entity = vendor ID |
API Capabilities
| Feature | Supported |
|---|---|
| Read transactions | ✓ |
| Create transactions | — |
| Update transactions | — |
| Delete transactions | — |
| Write to NetSuite | — |
The API is read-only. To modify data, make changes in NetSuite and sync.
Rate Limits
Rate limiting is currently disabled. Fair usage policies apply.
Next Steps
- Transaction Endpoints - Detailed endpoint documentation
- API Keys - Create and manage API keys
- Authentication - Authentication methods