SuiteTalk (Web Services) Platform Guide - NetSuite

Web Services Operationslogin193loginThe login operation is used to authenticate a user and start a new Web services session inNetSuite. The login operation is similar to the login for the UI. This operation provides apassport that includes a username, password, account and role. On success, the NetSuite serversets a cookie and establishes a session.Important: Users can also authenticate to NetSuite by providing their user credentials inthe SOAP header of each request; they do not need to invoke the loginoperation. With user credentials provided in each request, the need forsession management and separate logins is eliminated. For moreinformation, see Authentication Using Request Level Credentials.All available Web services operations require that the user first be logged in. Once successfullycompleted, a login creates a session that allows subsequent operations to be performed withouthaving to log in again until the session expires or the logout operation is invoked. If the sessiontimes out, the next operation fails. Web services requests initiated through a client applicationmust have the ability to execute the login operation when a session has timed out and thensubmit the original request again.Note: For information on session management, refer to Session Management.If an operation is executed before a login is performed, it fails and the InvalidSessionFault isreturned. Also note that after login, only one Web services request may be in flight at a time fora given session. Any attempt to violate this will result in a SOAP fault.NetSuite Web services will use the last logged-in role when users do not specify a role in thelogin request and no default role is set. This makes the Web services login behavior consistentwith the UI login behavior. Partner applications that rely on a specific role should be careful tospecify that role in the login request, otherwise their users might be logged in with a role that isnot appropriate for that application.The login operation also verifies that the specified account has the Web Services featureenabled. If Web services is not enabled in your account, the SOAP fault InvalidCredentialsFaultis returned with a code of WEB_SERVICES_NOT_ENABLED. (See Enabling the Web ServicesFeature for steps on enabling this feature.)RequestThe LoginRequest type is used for this request. It contains the following fields:Element Name XSD Type Notespassport Passport Contains all the required credentials including username,password, account and role to authenticate the user and create anew session.SuiteTalk Platform Guide