Sebastian Correa
What is NetSuite MCP?
NetSuite MCP is Oracle's implementation of the Model Context Protocol — a protocol-driven integration service that lets AI models like Claude, ChatGPT, or any LLM interact with your NetSuite data and business logic securely. Oracle describes it as a "bring-your-own-assistant" service — instead of being locked into a single AI vendor, you connect whichever AI model fits your needs.
TL;DR: The NetSuite AI Connector Service uses the Model Context Protocol (MCP) to let you connect any AI model to your ERP. The MCP Standard Tools SuiteApp provides pre-built tools for records, reports, saved searches, and SuiteQL queries. MCP is disabled by default and must be explicitly enabled per role. All actions respect existing NetSuite roles and permissions with full audit logging. Setup takes a few hours. The practical impact: ask your AI "what are our top 10 overdue invoices?" and it queries NetSuite directly, with live data, in seconds.
Think of MCP as a standardized protocol for how AI models talk to NetSuite — what data they can see, what actions they can perform, and what permissions govern the interaction. Before MCP, connecting an LLM to NetSuite meant building custom REST API integrations, handling authentication, writing data transformation logic, and maintaining it all. MCP replaces that with an Oracle-supported, standards-based connection.
How NetSuite MCP works
The architecture
The flow is straightforward:
- Your AI client (Claude Desktop, ChatGPT, Cursor, a custom app) sends a natural language request
- The MCP protocol translates that request into structured NetSuite operations
- NetSuite's MCP server executes the operations using the authenticated user's role and permissions
- Results return to the AI client for analysis, visualization, or further action
The AI never has direct database access. Every interaction goes through NetSuite's standard security layer — the same roles, permissions, and audit trails that govern manual user access.
The MCP Standard Tools SuiteApp
Oracle provides the MCP Standard Tools SuiteApp — a set of pre-built tools that handle the most common AI-to-NetSuite interactions:
- Record operations — create, read, update records using NetSuite's REST Web Services APIs (customers, invoices, sales orders, custom records)
- Saved searches — execute any saved search and return results to the AI
- SuiteQL queries — construct and run SQL-like queries against NetSuite data using natural language
- Reports — view and interact with standard and custom reports
All operations are permission-based: the tools don't provide any additional access beyond what the connected NetSuite role allows.
The SuiteApp installs in your NetSuite instance and registers the MCP tools. When an AI client connects, it discovers the available tools automatically — no manual configuration of endpoints or data schemas.
What AI clients work with NetSuite MCP?
Any AI client that supports the MCP protocol:
- Claude Desktop (Anthropic) — Pro plan or higher required. The most commonly used client for NetSuite MCP
- ChatGPT — Plus plan or higher required for MCP support
- Cursor and VS Code with MCP extensions — useful for developers querying NetSuite while coding
- Custom applications — build your own MCP client using the protocol specification
- Enterprise AI platforms — Airia, Workato, and others adding MCP support
The "bring your own AI" approach is the key differentiator. You're not locked into Oracle's Ask Oracle or any single AI vendor. Use whichever model works best for your use case.
Setting up NetSuite MCP
Prerequisites
- NetSuite account with administrator access
- MCP Standard Tools SuiteApp installed (available from the SuiteApp Marketplace)
- An MCP-compatible AI client
- A NetSuite user role with appropriate permissions for the data you want the AI to access
Setup steps
1. Install the MCP Standard Tools SuiteApp
Install the MCP Standard Tools SuiteApp from the SuiteApp Marketplace. Once installed, it adds the MCP server endpoint and tool definitions to your NetSuite instance. Review which users and roles have the "MCP Server Connection" permission before enabling.
2. Configure permissions
Assign the "MCP Server Connection" permission to the role that will be used for AI access. Create a dedicated role with minimum required permissions — Oracle blocks MCP for Administrator roles by default. See required features and permissions.
3. Connect your AI client
Follow Oracle's connection guide to link your AI client. OAuth 2.0 authorization is required, and each AI agent needs explicit user consent. Each client has its own connection method:
- Claude Desktop: Add the NetSuite MCP server configuration with your account ID and OAuth credentials
- ChatGPT: Configure through the MCP plugin settings (Plus plan or higher required)
- Cursor/VS Code: Add to your MCP configuration file
4. Test the connection
Ask your AI a simple question: "How many customers do we have in NetSuite?" If it returns a number from your actual data, the connection works.
Configuration time
Basic setup takes 1–3 hours for someone familiar with NetSuite administration. The MCP Standard Tools SuiteApp handles most of the complexity — you don't need to write SuiteScript or build API endpoints. Organizations can also create custom tools for specialized workflows beyond what the standard tools provide.
Need help setting up NetSuite MCP?
We've been building AI integrations with NetSuite since before MCP existed. We'll get your AI connected, secured, and useful in days, not weeks.
Talk to our AI integration teamPractical use cases
Finance and accounting
- "Show me all invoices over $10,000 that are more than 30 days overdue"
- "What's our accounts receivable aging summary by customer?"
- "Compare this month's revenue by product line versus last month"
- "List all journal entries posted in the last week over $50,000"
The AI runs SuiteQL queries or saved searches against live NetSuite data and returns formatted results. No more building saved searches for one-off questions.
Operations and inventory
- "What items are below their reorder point right now?"
- "Show me open purchase orders from our top 5 vendors by amount"
- "How many units of SKU-1234 shipped last quarter?"
- "Which warehouses have negative available-to-promise inventory?"
Sales and CRM
- "List all opportunities in the Negotiation stage with expected close this month"
- "What's the total pipeline value by sales rep?"
- "Show me customers who haven't placed an order in 90 days"
- "Pull the commission report for Q1"
Development and administration
- "Show me all SuiteScript deployments that failed in the last 24 hours"
- "What custom records exist in this account?"
- "List all workflows that are currently active"
- "Run SuiteQL: SELECT id, companyname FROM customer WHERE datecreated > '2026-01-01'"
Developers using Cursor or VS Code can query NetSuite data while writing SuiteScript — no switching between IDE and browser.
Security and governance
Oracle takes a conservative approach to MCP security. Understanding the risks and controls is essential before enabling it. See Oracle's full risks, controls, and mitigation strategies documentation.
MCP is disabled by default
No users have MCP access unless an administrator explicitly grants the "MCP Server Connection" permission to a role. This is a conscious design choice — Oracle requires deliberate opt-in, not opt-out.
Role-based access control
Every MCP interaction runs under a NetSuite user's role. The AI can only access data and perform actions that the role permits. MCP tools cannot:
- Execute with Administrator or full-permission roles (blocked by default)
- Invoke SuiteScript scripts with elevated privileges
- Invoke Suitelets
- Perform HTTP requests to external destinations
- Access a broader set of SuiteScript APIs than the restricted subset Oracle allows
Audit trail
All MCP tool usage is logged for traceability. OAuth 2.0 authorization requires explicit user consent for each AI agent connection.
Risks Oracle warns about
Oracle's documentation explicitly calls out two inherent LLM risks that MCP cannot eliminate:
- Prompt injection — malicious instructions hidden in documents, web pages, or MCP tool responses could cause unintended actions (unauthorized commands, data leakage)
- Hallucination — the AI may generate information that appears accurate but is fabricated
These are LLM-level risks, not NetSuite-specific vulnerabilities. Oracle's mitigation: conservative defaults, granular permissions, and comprehensive logging.
Best practices (from Oracle's documentation)
- Grant MCP permission only to users who require it
- Never assign MCP to high-privilege roles — create dedicated AI roles with minimum permissions
- Install and enable only the MCP tools you need
- Use AI agents that prompt for confirmation before executing sensitive actions
- Start with limited scope when testing new agents or tools
- Train end users on the risks of external AI agents and best practices for safe usage
- Review concurrency governance limits for high-volume usage
What the AI can and cannot do
| Can do | Cannot do (by default) |
|---|---|
| Read records | Run as Administrator role |
| Run saved searches | Invoke SuiteScript with elevated privileges |
| Execute SuiteQL queries | Invoke Suitelets |
| Create/update records (if role allows) | Make HTTP requests to external systems |
| Access reports | Bypass record-level security |
Concerned about AI security in your ERP?
We'll help you design the right role permissions, audit controls, and data boundaries for your NetSuite MCP setup. Security-first AI integration.
Get a security reviewMCP vs. traditional NetSuite integrations
| Aspect | MCP | REST/SOAP API | SuiteScript RESTlets |
|---|---|---|---|
| Setup time | Hours | Days–weeks | Days–weeks |
| Custom code needed | None (SuiteApp) | Yes | Yes (SuiteScript) |
| AI-native | Yes | No (manual integration) | No (manual integration) |
| Dynamic queries | Natural language | Hardcoded endpoints | Hardcoded endpoints |
| Maintenance | Oracle maintains SuiteApp | You maintain code | You maintain code |
| Flexibility | Any MCP-compatible client | Any HTTP client | Any HTTP client |
| Best for | AI-driven queries and actions | System-to-system integration | Custom business logic |
MCP doesn't replace traditional APIs — they serve different purposes. Use MCP for AI-driven interactions. Use REST API for system-to-system integrations (Shopify, Salesforce). Use RESTlets for custom business logic endpoints.
NetSuite MCP vs. Ask Oracle
Both are AI features in NetSuite, but they serve different needs:
| Feature | NetSuite MCP | Ask Oracle |
|---|---|---|
| AI model | Bring your own (Claude, ChatGPT, etc.) | Oracle's built-in AI |
| Interface | External AI client | Inside NetSuite UI |
| Customization | Full control over prompts and workflows | Pre-built experience |
| Data access | Whatever the role permits | Whatever the role permits |
| Cost | Included (AI Connector Service) | Included (NetSuite Next) |
| Best for | Technical teams, custom workflows | Business users, ad-hoc queries |
Many organizations will use both: Ask Oracle for business users who want answers inside NetSuite, and MCP for technical teams building custom AI workflows.
What we've learned building AI for NetSuite
At BrokenRubik, we've been connecting AI to NetSuite since before MCP existed. We built ContextQL — a tool that teaches AI to understand NetSuite's data model and write accurate SuiteQL queries. That experience informs how we approach MCP implementations:
Start with read-only. Give the AI access to query data before allowing it to create or modify records. This builds confidence in the AI's accuracy and limits risk.
Define clear use cases first. "Connect AI to NetSuite" is not a use case. "Automate weekly AR aging analysis and email to the CFO" is. Start with 2–3 specific workflows, not a general-purpose AI assistant.
Test with real data volumes. An AI that works with 10 records may struggle with 10,000. Test SuiteQL queries and saved searches with production-scale data to verify performance and governance limits.
Monitor governance usage. NetSuite has SuiteScript governance limits. AI queries that trigger saved searches or SuiteQL consume governance units. High-frequency AI queries can hit limits — design for batch queries rather than rapid-fire individual lookups.
Keep humans in the loop. AI is excellent at finding patterns and surfacing insights. It's not ready to approve purchase orders or post journal entries autonomously. Use AI to recommend, let humans approve.
Want to connect AI to your NetSuite?
We built ContextQL before MCP existed. Now we help companies set up MCP with the right security, the right use cases, and AI that actually understands your data.
Start with a free AI assessmentFrequently Asked Questions
Need help with your NetSuite project?
Whether it's integrations, customization, or support — let's talk about how we can help.
Sebastian Correa
Co-Founder & CCO
Co-founder and Chief Commercial Officer at BrokenRubik with 12+ years of experience in NetSuite consulting and e-commerce development. Specializes in helping businesses optimize their ERP operations and scale their online presence through strategic technology implementations.
Get More Insights Like This
Join our newsletter for weekly tips, tutorials, and exclusive content delivered to your inbox.
Related Articles
NetSuite 2026.1 Release Notes: Developers & IT Architects
NetSuite 2026.1 for developers: REST batch operations, SuiteScript 2.1 runtime upgrades, AI coding in VS Code, and the TBA deprecation deadline.
NetSuite API Guide: REST, SOAP & SuiteScript for Developers
Complete guide to NetSuite APIs. Learn about SuiteTalk REST and SOAP APIs, SuiteScript, authentication methods, and best practices for NetSuite integrations.
NetSuite Customization Guide: Configure vs Customize (2026)
SuiteBuilder vs SuiteScript vs SuiteFlow — when to use each. Custom records, workflows, SDF deployments, and the mistakes that make upgrades painful.