Passthrough

Rutter offers a passthrough interface that allows you to fetch the underlying API keys and tokens that are used to make authenticated requests for each platform. Depending on the type of authentication used in the underlying platform, different fields may be returned. You should view the platform-specific API pages to properly format your request.

Fetch Connection Credentials

1
GET https://production.rutterapi.com/versioned/connections/credentials

This endpoint is available on the following platforms:

  • Accounting: Dynamics 365, FreshBooks, NetSuite, QuickBooks, Sage Business Cloud, Sage Intacct, Wave, Xero, Zoho Books
  • Ads: Facebook, Google, TikTok
  • Commerce: Amazon, BigCommerce, Chargebee, Chargify, eBay, Etsy, Lazada, Magento, MercadoLibre, PayPal, Recurly, Shopify, Shopee, Shoper, Squarespace, Stripe, Walmart, Wix, WooCommerce

OAuth

If the credential type is oauth, then an access_token property will be included along with any other required pieces of information to make a direct API call. This can be used to make authenticated requests to the platform directly.

Note: Refresh Tokens are not returned, to prevent loss of access.

1
{


2
    "credential": {


3
        "type": "oauth",


4
        "access_token": "ACCESS_TOKEN",


5
        "store_url": "test.myshopify.com"


6
    },


7
    "connection": {


8
        "id": "0f801665-5caa-4717-8ff0-9bfdb351ce11",


9
        "platform": "SHOPIFY"


10
    }


11
}

OAuth 1.0a

If the credential type is oauth1.0a, then the four fields necessary to generate an authenticated request are returned. A sample response is below:

1
{


2
    "credential": {


3
        "type": "oauth1.0a",


4
        "oauth_consumer_key": "CONSUMER_KEY",


5
        "oauth_consumer_secret": "CONSUMER_SECRET",


6
        "oauth_token": "OAUTH_TOKEN",


7
        "oauth_token_secret": "OAUTH_TOKEN_SECRET"


8
    },


9
    "connection": {


10
        "id": "0f801665-5caa-4717-8ff0-9bfdb351ce02",


11
        "platform": "ETSY"


12
    }


13
}

Basic

If the credential type is basic, then the platform API uses Basic Access authentication.

1
{


2
    "credential": {


3
        "type": "basic",


4
        "username": "USERNAME",


5
        "password": "PASSWORD"


6
    },


7
    "connection": {


8
        "id": "0f801665-5caa-4717-8ff0-9bfdb351ce02",


9
        "platform": "SHOPIFY"


10
    }


11
}

Query Params

access_token string

The access token of the connection.

Response Body

A sample response body can be found below.

1
{


2
  "credential": {


3
    "type": "oauth1.0a",


4
    "oauth_consumer_key": "CONSUMER_KEY",


5
    "oauth_consumer_secret": "CONSUMER_SECRET",


6
    "oauth_token": "OAUTH_TOKEN",


7
    "oauth_token_secret": "OAUTH_TOKEN_SECRET"


8
  },


9
  "connection": {


10
    "id": "0f801665-5caa-4717-8ff0-9bfdb351ce02",


11
    "platform": "ETSY"


12
  }


13
}

Once you have the underlying credentials of the Rutter connection, you will now be able to call the underlying platform APIs to take actions that are not available in Rutter's built-in endpoints.

NetSuite

NetSuite offers multiple passthrough methods for accessing data and functionality beyond Rutter's built-in endpoints. Start by getting your platform credentials using the GET /connections/credentials endpoint described above.

Authentication Setup

All NetSuite passthrough requests require OAuth 1.0a authentication. The credentials response will include:

  • oauth_consumer_key
  • oauth_consumer_secret
  • oauth_token
  • oauth_token_secret
  • realm (your NetSuite account ID)

You'll need to generate the OAuth signature for each request following the OAuth 1.0a specification.

Additionally, the oauth_signature_method must be set to "HMAC-SHA256".

Use NetSuite's SQL-like query language to retrieve data from standard tables.

Endpoint:

1
POST https://{{account_id}}.suitetalk.api.netsuite.com/services/rest/query/v1/suiteql?offset=0&limit=1000

Headers:

1
Prefer: transient


2
Content-Type: application/json


3
Authorization: OAuth realm="{{realm}}",oauth_consumer_key="{{oauth_consumer_key}}",oauth_token="{{oauth_token}}",oauth_signature_method="HMAC-SHA256",oauth_timestamp="{{timestamp}}",oauth_nonce="{{nonce}}",oauth_version="1.0",oauth_signature="{{signature}}"

Request Body:

1
{


2
  "q": "SELECT id, tranid, entity FROM transaction WHERE type = 'Invoice'"


3
}

Example cURL:

1
curl --location 'https://{{account_id}}.suitetalk.api.netsuite.com/services/rest/query/v1/suiteql?offset=0&limit=1000' \


2
--header 'Prefer: transient' \


3
--header 'Content-Type: application/json' \


4
--header 'Authorization: OAuth realm="{{realm}}",oauth_consumer_key="{{oauth_consumer_key}}",oauth_token="{{oauth_token}}",oauth_signature_method="HMAC-SHA256",oauth_timestamp="{{timestamp}}",oauth_nonce="{{nonce}}",oauth_version="1.0",oauth_signature="{{signature}}"' \


5
--data '{


6
    "q": "SELECT id, tranid, entity FROM transaction WHERE type = '\''Invoice'\''"


7
}'

Common SuiteQL Tables:

  • transaction - All transaction records (invoices, bills, payments, etc.)
  • customer - Customer records
  • vendor - Vendor records
  • item - Inventory and service items
  • account - Chart of accounts
  • employee - Employee records

See NetSuite's SuiteQL documentation for complete table reference.

2. Rutter's Custom RESTlet

Rutter provides a custom SuiteScript RESTlet to support specific use cases.

Base Endpoint:

1
https://{{account_id}}.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=customscript_accountlink&deploy=customdeploy_accountlink

Get Paginated Records

Parameters:

  • function=getRecordPagedData
  • recordType - The NetSuite record type (required)
  • pageSize - Number of records per page (default: 20, max: 1000)
  • pageIndex - Page number (starts at 0)
  • lastModifiedDate - Filter for records modified after this date (ISO format)
  • beforeLastModifiedDate - Filter for records modified before this date (ISO format)

Example:

1
GET https://{{account_id}}.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=customscript_accountlink&deploy=customdeploy_accountlink&function=getRecordPagedData&recordType=invoice&lastModifiedDate=2024-01-01T00:00:00.000Z&pageSize=100&pageIndex=0

Get Single Record

Parameters:

  • function=getRecordById
  • recordType - The NetSuite record type
  • id - The internal ID of the record

Example:

1
GET https://{{account_id}}.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=customscript_accountlink&deploy=customdeploy_accountlink&function=getRecordById&recordType=invoice&id=12345

Get Multiple Specific Records

Parameters:

  • function=getRecordsOfIds
  • recordType - The NetSuite record type
  • ids - Comma-separated list of internal IDs

Example:

1
GET https://{{account_id}}.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=customscript_accountlink&deploy=customdeploy_accountlink&function=getRecordsOfIds&recordType=invoice&ids=123,456,789

Supported Record Types

Record TypeDescription
classificationClass records
creditcardchargeCredit card charges
creditcardrefundCredit card refunds
creditmemoInvoice credit memos
currencyCurrency records
customerCustomer records
customerpaymentCustomer payments
departmentDepartment records
inventoryitemInventory items
invoiceSales invoices
itemAll item records
journalentryJournal entries
locationLocation records
othernameOther name records
purchaseorderPurchase orders
salestaxitemSales tax items
subsidiarySubsidiary records
vendorVendor records
vendorbillBills
vendorcreditBill credit memos
vendorpaymentBill payments

3. File Operations

Download Files

Endpoint:

1
GET https://{{account_id}}.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=customscript_accountlink&deploy=customdeploy_accountlink&function=getFile&id={{file_id}}

Parameters:

  • id - The NetSuite file ID

4. Custom Operations

For create, update, or delete operations, use the POST method with the RESTlet:

Endpoint:

1
POST https://{{account_id}}.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=customscript_accountlink&deploy=customdeploy_accountlink

Request Body: Include the operation details and data in the request body as JSON. For example payloads, head to the NetSuite Request Logs in your Rutter Dashboard and expand the "Rutter -> Platform Request Body" toggle.

Best Practices

  1. Use SuiteQL when possible - It's more efficient and follows NetSuite's modern API patterns
  2. Implement proper error handling - NetSuite APIs can return various error types
  3. Respect rate limits - NetSuite has governance limits on API calls
  4. Use pagination - Always paginate large result sets to avoid timeouts
  5. Filter by date - Use date filters to reduce data transfer and improve performance

Error Handling

Common NetSuite error responses include:

  • INVALID_LOGIN_CREDENTIALS - Authentication failed
  • EXCEEDED_REQUEST_LIMIT - Rate limit exceeded
  • INVALID_RECORD_TYPE - Unsupported record type
  • RECORD_NOT_FOUND - Record doesn't exist

Additional Resources

For additional platform-specific passthrough guidance, please contact Rutter Support.

Next
Syncing Rutter Data