{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"8eaf9cf4-18a6-4a2c-b33c-d5f715e6a1ce","name":"ZoneBilling API","description":"# Overview\n\nZoneBilling for NetSuite is an enterprise grade subscription & billing management system built entirely within NetSuite and designed to handle everything from simple to complex billing scenarios. The product is developed and sold on a subscription basis by Zone & Company Software Consulting LLC.\n\nFor companies that need to expand access to ZoneBilling beyond the NetSuite user interface (such as a company's proprietary system, website, or third-party application), Zone has developed an API to handle the majority of functions available within the product.\n\nAccess to the API is a licensable option in certain editions of the ZoneBilling subscription. Please contact your Zone&Co sales representative for details on access to these features.\n\nZone & Company Software Consulting  \n(800) 760-7401  \n[www.zoneandco.com](http://www.zoneandco.com)\n\n# Permissions, Authentication & Connection\n\nNetSuite supports token-based authentication (TBA) a robust, industry standard-based mechanism that increases the overall security of the system. This authentication mechanism enables client applications to use a token to access NetSuite through APIs, eliminating the need for RESTlets to store user credentials. A token is valid for one specific company, user entity, and role only.\n\nWhen you use token-based authentication, password rotation policies in the account do not apply to tokens and password management is unnecessary for your RESTlets integrations. Token-based authentication allows integrations to comply with any authentication policy that is deployed in a NetSuite account for UI login, such as SAML Single Sign-on, Inbound Single Sign-on, or Two-Factor Authentication. To enable token-based authentication, see\n\n<a href=\"https://netsuite.custhelp.com/app/answers/detail/a_id/41898#bridgehead_4253254429\">Enabling the Token-based Authentication Feature</a>\n\n.\n\n## Setting up Token-based Authentication for a RESTlet integration\n\n### Configuring Role\n\nThe ZAB API's access to NetSuite is determined by the setup of the role that is configured for the user's access token. This role will need (at a minimum) the following access in order to properly work.\n\n- **Single-Sign On Only** - unchecked\n    \n- **Web Services Only** - unchecked\n    \n- **Permissions > Lists > Documents & Files** - Edit\n    \n- **Permissions > Lists > Export Lists** - Create\n    \n- **Permissions > Lists > Perform Search** - Full\n    \n- **Permissions > Lists > Persist Search** - Create\n    \n- **Permissions > Setup > Allow JS / HTML Uploads** - Full\n    \n- **Permissions > Setup > Log in using Access Tokens** - Full\n    \n- **Permissions > Setup > SuiteScript** - Full\n    \n- **Permissions > Setup > SuiteScript Scheduling** - Full\n    \n- **Permissions > Custom Record > ZAB API Export** - Full\n    \n- **Permissions > Custom Record > ZAB Automation** - Full\n    \n- **Permissions > Custom Record > ZAB Process** - Full\n    \n\nThe above list of permissions is a minimum; additionally, the role will need access to every custom and standard record type that it may be interacting with.\n\nThe Zone Advanced Billing Administrator role is often used when configuring an integration to NetSuite with the ZAB API. If its access is too open or restrictive, it can be used as a template that includes the above required permissions, as well as the other common permissions needed to interact with NetSuite's standard records and ZoneBilling's Bundled records.\n\n### Creating Access Tokens\n\nIn order to generate a Consumer Key and Consumer Secret, you can create a new NetSuite Integration record by going to Setup > Integration > Manage Integrations > New within the NetSuite UI. Fill out any mandatory fields, including a unique name. Make sure that **Token-based Authentication** is checked. Upon save, the Consumer Key and Consumer Secret values will be displayed on the page in the \"Client Credentials\" section of the page. Save these values for your integration, upon exiting the page, you will not be able to access these values again.\n\nIn order to generate a Token ID and Token Secret, you can create a new Access Token by going to Setup > Users/Roles > Access Tokens > New within the NetSuite UI. Select the application created above. Select the user that this integration will act on behalf of, and select the user role that the user will be logging in with. A unique Token Name will be generated, but a unique name can be set. Upon save, the Token ID and Token Secret values will be displayed on the page. Save these values for your integration, upon exiting the page, you will not be able to access these values again.\n\n## Creating ZAB API REST Requests\n\n### Authorization Header - OAuth 1.0\n\nWhen calling a RESTlet, follow the OAuth 1.0 specification to generate a token. A description of the OAuth 1.0 protocol and signature validation is available at\n\n<a href=\"https://tools.ietf.org/html/rfc5849\">https://tools.ietf.org/html/rfc5849</a>\n\n.\n\nOAuth 1.0 passes in the following parameters:\n\n- **oauth_signature** (required) - Credentials to verify the authenticity of the request, generated by calling your application. The Token Secret and Consumer Secret are constructed as a key to sign the request, using a supported signature method (HMAC-SHA256).\n    \n- **oauth_version** (required) - Must be set to “1.0”.\n    \n- **oauth_nonce** (required) - Passes in a unique, random, alphanumeric string. String must be a minimum of 6 characters, and the maximum length is 64 characters. Used to verify that a request has never been made before.\n    \n- **oauth_signature_method** (required) - Must be set to HMAC-SHA256. Declares which signature method is used.\n    \n- **oauth_consumer_key** (required) - Consumer Key (client application ID) generated for the token-based application in NetSuite. The unique value is matched to the token to establish ownership of the token.\n    \n- **oauth_token** (required) - Token ID generated for the token-based application in NetSuite.\n    \n- **oauth_timestamp** (required) - Passes in a positive integer expressed as the number of seconds since January 1, 1970 GMT.\n    \n- **realm** (required) - NetSuite Account ID (capitalized)\n    \n\nAdditionally, a 'Content-Type' header should be added to your request with the value being `application/json`.\n\n### Authorization Header - OAuth 2.0\n\nWhen calling a RESTlet using OAuth 2.0, follow the OAuth 2.0 specification to generate a token.  \nA description of the OAuth 2.0 protocol and signature validation is available at\n\n<a href=\"https://datatracker.ietf.org/doc/html/rfc6749\">https://datatracker.ietf.org/doc/html/rfc6749</a>\n\n.\n\nThe \"bearer\" token type defined in\n\n<a href=\"https://datatracker.ietf.org/doc/html/rfc6750\">https://datatracker.ietf.org/doc/html/rfc6750</a>\n\nis used by simply including the access token string in the request:\n\n- GET /resource/1 HTTP/1.1\n    \n- Host: example.com\n    \n- Authorization: Bearer mF_9.B5f-4.1JqM\n    \n\nAdditionally, a 'Content-Type' header should be added to your request with the value being `application/json`.\n\n### Endpoint (Applies to both OAuth 1.0 and OAuth 2.0)\n\nThe ZAB API endpoint will be specific to the NetSuite account that is being targeted. This URL is dictated by NetSuite and incorporates your NetSuite Account ID, the ZAB API Restlet Script, and the ZAB API Restlet Deployment.\n\nTo determine your NetSuite Account ID, in the NetSuite UI, go to Setup > Company > Company Information. Your Account ID will be listed under the 'Account ID' field.\n\n- **Base URL**: `https://{account_id}.restlets.api.netsuite.com/app/site/hosting/restlet.nl` (Where {account_id} is the unique account ID of the target NetSuite environment)\n    \n- **Parameter**: script `customscriptzab_api_restlet`\n    \n- **Parameter**: deploy `customdeployzab_api_restlet`\n    \n\nOAuth 1.0 Example:\n\n```\nGET https://tstdrv123456.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=customscriptzab_api_restlet&deploy=customdeployzab_api_restlet HTTP/1.1\nAuthorization:\n               OAuth oauth_signature=\"MgN1gZztYspNQXA576plPD14OWM=\",\n               oauth_version=\"1.0\",\n               oauth_nonce=\"207310548\",\n               oauth_signature_method=\"HMAC-SHA256\",\n               oauth_consumer_key=\"fvFwnmvurChjol7SZiF2pQ1oJ/ceRV8vqA/rZtzLEo=\",\n               oauth_token=\"00076e1415667a6c555f5d43582134c87d6367ab456fd2\",\n               oauth_timestamp=\"1418647040\",\n               realm=\"TSTDRV123456\" \nHTTP/1.1 200 OK\nDate: Mon, 15 Dec 2018 12:37:42 GMT\nContent-Type: application/json\n\n ```\n\nOAuth 2.0 Example:\n\n```\nGET https://tstdrv123456.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=customscriptzab_api_restlet&deploy=customdeployzab_api_restlet HTTP/1.1\nAuthorization:\n--header 'Content-Type: application/json' \\\n--header 'Authorization: Bearer eyJraWQiOiablasldkhwNzIwNDcuMjAyMS0wNy0wM18xMC0zOS0wNiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0....\nHTTP/1.1 200 OK\nDate: Mon, 13 Dec 2021 12:37:42 GMT\nContent-Type: application/json\n\n ```\n\n### Response Codes (Applies to both OAuth 1.0 and OAuth 2.0)\n\nThe actual response depends on the request method used. For a GET request, the response contains an entity corresponding to the requested resource. For a POST request the response contains an entity describing or containing the result of the action.\n\n#### Success Code\n\nRESTlets support the following HTTP success code:\n\n- **200 OK**: The RESTlet request was executed successfully.\n    \n\n#### Error Codes\n\nRESTlets support the following HTTP error codes:\n\n- **302 Moved Temporarily**: The request was sent to a different data center than the data center in which your company’s account resides. When you receive a 302 response, you must recalculate the signature on the request to the correct data center, because the signature is also computed from URL.\n    \n- **400 BAD_REQUEST**: The RESTlet request failed with a user error.\n    \n- **401 UNAUTHORIZED**: There is not a valid NetSuite login session for the RESTlet calls.\n    \n- **403 FORBIDDEN**: RESTlet request sent to invalid domain, meaning a domain other than [https://rest.netsuite.com](https://rest.netsuite.com).\n    \n- **404 NOT_FOUND**: A RESTlet script is not defined in the RESTlet request.\n    \n- **405 METHOD_NOT_ALLOWED**: The RESTlet request method is not valid.\n    \n- **415 UNSUPPORTED_MEDIA_TYPE**: An unsupported content type was specified. (Only JSON and text are allowed.)\n    \n- **500 INTERNAL_SERVER_ERROR (unexpected errors)**: Occurs for non-user errors that cannot be recovered by resubmitting the same request. If this type of error occurs, contact Zone Customer Support to file a case.\n    \n- **503 SERVICE_UNAVAILABLE**: The NetSuite database is offline or a database connection is not available.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"4702167","team":115827,"collectionId":"8eaf9cf4-18a6-4a2c-b33c-d5f715e6a1ce","publishedId":"SWE56Jkk","public":true,"publicUrl":"https://zab-docs.zoneandco.com","privateUrl":"https://go.postman.co/documentation/4702167-8eaf9cf4-18a6-4a2c-b33c-d5f715e6a1ce","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"documentationLayout":"classic-double-column","version":"8.11.4","publishDate":"2019-12-06T20:37:00.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/86b1907ae3246ba1a957e8df48e96ca5e8d66f60782a026f04a3f0d1c8ee5aa5","favicon":"https://zoneandco.com/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://zab-docs.zoneandco.com/view/metadata/SWE56Jkk"}