npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@suiteinsider/netsuite-mcp

v1.0.2

Published

NetSuite MCP server with OAuth 2.0 PKCE authentication. Works seamlessly with Claude Code, Cursor IDE, and other MCP clients.

Downloads

93

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

suiteinsidersuiteinsider

Keywords

netsuitemcpmodel-context-protocoloauthpkceclaudeclaude-codecursor-idenetsuite-apinetsuite-integrationsuiteqlerp-integration

Readme

NetSuite MCP Server

A Model Context Protocol (MCP) server providing access to NetSuite data through OAuth 2.0 with PKCE authentication. Works seamlessly with any MCP-compatible client including Claude Code, Cursor IDE, and Gemini CLI.

Features

  • OAuth 2.0 with PKCE - Secure authentication without client secrets
  • Automatic Token Refresh - Tokens refresh automatically before expiration
  • Environment Variable Support - Configure credentials once in your MCP config
  • Session Persistence - Authentication survives server restarts
  • Universal MCP Integration - Works with Claude Code, Cursor IDE, Gemini CLI, and other MCP clients
  • NetSuite MCP Tools - Access to all NetSuite MCP capabilities (SuiteQL, Reports, Saved Searches, etc.)
  • Modular Architecture - Clean, maintainable codebase following single-responsibility principle

Quick Start

1. NetSuite Setup

Step 1: Install NetSuite AI Connector SuiteApp

Before creating the integration record, you must install and configure the NetSuite AI Connector SuiteApp:

Important: The NetSuite AI Connector SuiteApp is required for MCP functionality. Without it, the MCP tools will not be available even after authentication.

Step 2: Create OAuth Integration Record

After installing the SuiteApp, create an integration record:

  1. Navigate to Setup > Integration > Manage Integrations > New
  2. Fill in the details:
    • Name: "MCP Server Integration"
    • OAuth 2.0: Checked Authorization Code Grant Checked Public Client
    • Redirect URI: http://localhost:8080/callback (or your custom port)
  3. Save and copy the Client ID (consumer key)

Note: we dont need client secret (since this is public client and Authorization Code Grant with pkce)

2. MCP Client Configuration

Add to your MCP client's configuration file:

Claude Code: ~/.claude.json Cursor IDE: .cursor/mcp.json Gemini CLI: Per Gemini's MCP setup

Option A: Using npx (Recommended - No Installation Required)

{
  "mcpServers": {
    "netsuite": {
      "command": "npx",
      "args": ["@suiteinsider/netsuite-mcp@latest"],
      "env": {
        "NETSUITE_ACCOUNT_ID": "your-account-id",
        "NETSUITE_CLIENT_ID": "your-client-id",
        "OAUTH_CALLBACK_PORT": "8080"
      }
    }
  }
}

Benefits:

  • No manual installation required
  • Always uses the latest version with @latest
  • Clean, simple configuration
  • Works immediately after MCP client restart

Optional Environment Variables:

  • OAUTH_CALLBACK_PORT - OAuth callback port (default: 8080)

Option B: Local Development Setup

For contributing or local development:

# Clone the repository
git clone https://github.com/dsvantien/netsuite-mcp-server.git
cd netsuite-mcp-server

# Install dependencies
npm install

# Test locally with npm link
npm link

Then configure with absolute path:

{
  "mcpServers": {
    "netsuite": {
      "command": "node",
      "args": ["/absolute/path/to/netsuite-mcp-server/src/index.js"],
      "env": {
        "NETSUITE_ACCOUNT_ID": "your-account-id",
        "NETSUITE_CLIENT_ID": "your-client-id",
        "OAUTH_CALLBACK_PORT": "8080"
      }
    }
  }
}

Option C: Without Environment Variables

{
  "mcpServers": {
    "netsuite": {
      "command": "npx",
      "args": ["@suiteinsider/netsuite-mcp@latest"]
    }
  }
}

Note: You'll need to provide credentials when calling netsuite_authenticate

3. Authenticate & Use

Start your MCP client and authenticate:

Authenticate with NetSuite

A browser window opens → Login to NetSuite → Authentication complete!

Important: After authentication, you'll need to restart your chat or reconnect the MCP server to see NetSuite tools. This is normal MCP behavior.

Once authenticated, use natural language queries:

Show me all customers
List available saved searches
Run a SuiteQL query to get sales orders from last month
Execute the "Monthly Revenue" report

Architecture

MCP Client (Claude Code, Cursor, Gemini, etc.)
       │
       │ stdio (JSON-RPC)
       ▼
┌──────────────────────────────┐
│   MCP Server (Node.js)       │
│                              │
│  ┌────────────────────────┐ │
│  │ OAuth Manager          │ │
│  │ - PKCE generation      │ │
│  │ - Local HTTP server    │ │
│  │   (port 8080 default)  │ │
│  │ - Token storage        │ │
│  └────────────────────────┘ │
│                              │
│  ┌────────────────────────┐ │
│  │ MCP Tools              │ │
│  │ - ns_runCustomSuiteQL  │ │
│  │ - ns_runReport         │ │
│  │ - ns_listSavedSearches │ │
│  └────────────────────────┘ │
└──────────────────────────────┘
       │
       │ HTTPS + Bearer Token
       ▼
┌──────────────────────────────┐
│  NetSuite MCP REST API       │
└──────────────────────────────┘

Project Structure

netsuite-mcp-server/
├── src/
│   ├── index.js              # Main MCP server entry point
│   ├── oauth/
│   │   ├── manager.js        # OAuth flow orchestrator
│   │   ├── pkce.js           # PKCE challenge/verifier generation
│   │   ├── callbackServer.js # HTTP callback server with CSRF protection
│   │   ├── sessionStorage.js # Session file management
│   │   └── tokenExchange.js  # Token exchange & refresh operations
│   ├── mcp/
│   │   └── tools.js          # NetSuite MCP API client
│   └── utils/
│       └── browserLauncher.js # Cross-platform browser launcher
├── sessions/                 # OAuth tokens (gitignored)
├── authenticate.js           # Standalone CLI authentication utility
├── package.json
├── .gitignore
└── README.md

Modular Design Benefits

The codebase follows the single-responsibility principle:

  • pkce.js - PKCE utilities (base64 encoding, challenge generation)
  • callbackServer.js - HTTP callback handling (CSRF protection, HTML pages, timeouts)
  • sessionStorage.js - Session persistence (save, load, clear, isAuthenticated)
  • tokenExchange.js - NetSuite OAuth API communication (token exchange/refresh)
  • browserLauncher.js - Cross-platform URL opening (macOS, Windows, Linux)

This modular structure enables:

  • ✅ Independent testing of each module
  • ✅ Easy maintenance and debugging
  • ✅ Reusability in other projects
  • ✅ Clear separation of concerns

Environment Variable Configuration

Configuration Example

Recommended npx setup:

{
  "mcpServers": {
    "netsuite": {
      "command": "npx",
      "args": ["@suiteinsider/netsuite-mcp@latest"],
      "env": {
        "NETSUITE_ACCOUNT_ID": "123456-sb1",
        "NETSUITE_CLIENT_ID": "your-client-id-here",
        "OAUTH_CALLBACK_PORT": "8080"
      }
    }
  }
}

Local development setup:

{
  "mcpServers": {
    "netsuite": {
      "command": "node",
      "args": ["path/to/src/index.js"],
      "env": {
        "NETSUITE_ACCOUNT_ID": "123456-sb1",
        "NETSUITE_CLIENT_ID": "your-client-id-here",
        "OAUTH_CALLBACK_PORT": "8080"
      }
    }
  }
}

Environment Variables

  • NETSUITE_ACCOUNT_ID - Your NetSuite account ID (required)
  • NETSUITE_CLIENT_ID - Your OAuth client ID (required)
  • OAUTH_CALLBACK_PORT - OAuth callback port (optional, default: 8080)

Resolution Order

  1. Check arguments first: If accountId or clientId provided as arguments, use them
  2. Fallback to environment variables: If no arguments, use env vars
  3. Validation: If neither source provides credentials, show error with instructions

Security Best Practices

  1. File Permissions: Ensure config file has restrictive permissions
    chmod 600 ~/.claude.json
  2. No Secrets: Client secrets not required (PKCE authentication)
  3. Local Token Storage: OAuth tokens stored in sessions/ directory
  4. Never Commit: Don't commit config files with credentials to git

Available NetSuite MCP Tools

Once authenticated, you'll have access to NetSuite's native MCP tools:

  • ns_runCustomSuiteQL - Execute SuiteQL queries
  • ns_listAllReports - List available financial reports
  • ns_runReport - Execute a specific report
  • ns_listSavedSearches - List saved searches
  • ns_runSavedSearch - Execute a saved search
  • ns_getRecord - Retrieve a specific record
  • ns_createRecord - Create a new record
  • ns_updateRecord - Update an existing record
  • And more...

The exact tools available depend on your NetSuite account configuration.

OAuth Flow

  1. Initiation: User calls netsuite_authenticate with credentials
  2. PKCE Generation: Server generates code verifier and SHA-256 challenge
  3. Authorization URL: Server generates NetSuite OAuth URL and starts local callback server
  4. User Login: Browser opens NetSuite login page
  5. Authorization: User approves access
  6. Callback: NetSuite redirects to http://localhost:8080/callback with authorization code
  7. Token Exchange: Server exchanges code for access/refresh tokens (public client pattern)
  8. Session Storage: Tokens stored in sessions/session.json (persists across restarts)
  9. Auto-Refresh: Tokens automatically refresh when expiring (5-minute buffer)

Troubleshooting

now uses absolute paths based on script location

Issue: "Port already in use"

Cause: Another application using the OAuth callback port

Solution:

# Check what's using the port (example for port 8080)
lsof -i :8080

# Option 1: Kill the process
# Option 2: Change port via environment variable

Set custom port in your MCP config:

{
  "env": {
    "OAUTH_CALLBACK_PORT": "9000"
  }
}

Remember to update the redirect URI in your NetSuite integration to match the new port!

Issue: Tools not appearing after authentication

Cause: MCP clients cache tool list at session start

Solution:

  • Restart chat - Open new conversation
  • Reconnect MCP - Use /mcp command (Claude Code)
  • Restart app - Close and reopen your IDE

This is normal MCP behavior - tool lists are fetched once per session.

Development

Standalone Authentication

Test authentication without MCP client:

node authenticate.js <accountId> <clientId>

Clearing Session

rm -rf sessions/

Or use the netsuite_logout tool in your MCP client.

Viewing Logs

All server logs output to stderr. When running in MCP clients, these logs appear in the client's console/logs.

Technical Details

PKCE Implementation

  • Code Verifier: 32 random bytes, base64url encoded
  • Code Challenge: SHA-256 hash of verifier, base64url encoded
  • Challenge Method: S256 (required by NetSuite)

Token Exchange (Public Client Pattern)

POST https://{accountId}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code={authorization_code}
&redirect_uri=http://localhost:8080/callback
&client_id={client_id}
&code_verifier={verifier}

Important: No Authorization header (public client).

Token Refresh

Tokens automatically refresh when expiring in < 5 minutes:

POST https://{accountId}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token
&refresh_token={refresh_token}
&client_id={client_id}

Prerequisites

  • Node.js 18.0.0 or higher
  • NetSuite Account with MCP access
  • NetSuite AI Connector SuiteApp (Bundle ID: 522506) installed and configured
  • NetSuite Integration Record with OAuth 2.0 and PKCE enabled
  • MCP Client - Any MCP-compatible client (Claude Code, Cursor IDE, Gemini CLI, etc.)

License

MIT

References