SuiteTalk (Web Services) Platform Guide - NetSuite

Web Services SecurityAuthentication77Authentication Using the Login OperationThe SuiteTalk requires a valid user name, password, account number, and role forauthentication. These are provided through the login operation using the Passport object.ExampleAfter the requester has been successfully authenticated, a new session is created for that user.When using the login operation to authenticate to NetSuite, user credentials are stored inHTTP headers and a JSESSIONID is assigned to every session.Important: For session information to be successfully transported in SOAP, you mustenable support for multiple cookie management in your application. Forexample, in Microsoft .NET, include the following line:service.CookieContainer = new CookieContainer();Authentication Using Request Level CredentialsRather than authenticating to NetSuite by invoking login, users have the option of sendingtheir credentials in the SOAP header of each request. Sending credentials with each requesteliminates the need for session management and separate logins. This approach, in particular,benefits developers using PHP or other scripting languages that do not have built-inmechanisms for session management, manipulating HTTP headers, or tracking session IDs.Best practices to avoid concurrency errors include the use of request level credentials, alongwith retries upon concurrency errors.Note the following about using request level credentials:• In order to avoid errors, you should not accept cookies when you use request levelcredentials. If a JSESSIONID is sent, request level credentials cannot be expected towork.• To prevent the acceptance of cookies in Java: use setMaintainSession(false).• To prevent the acceptance of cookies in .NET, do not create a CookieContainer.• Users must submit a role with every request.SuiteTalk Platform Guide