ml-connector
Oracle NetSuiteGoCardless

Oracle NetSuite and GoCardless integration

Oracle NetSuite runs your finance and customer master data. GoCardless collects payments directly from customer bank accounts on a recurring schedule. Connecting the two keeps your AR clean and your cash flow predictable. Invoices created in NetSuite trigger collection mandates in GoCardless, and when payments succeed, they post back to NetSuite as reconciled customer payments without manual re-keying. ml-connector handles OAuth credentials, HMAC signature verification, and the mapping of customers and invoices between the two platforms.

How Oracle NetSuite works

Oracle NetSuite exposes customers, invoices, vendors, purchase orders, and payments through SuiteTalk REST Web Services, authenticated with OAuth 2.0 Client Credentials (certificate-based, recommended). The base URL is tenant-specific at <accountId>.suitetalk.api.netsuite.com. NetSuite publishes Event Subscriptions on supported record types like Invoices and Customers via webhooks with no native HMAC signature (requiring IP allowlist or secret-in-URL instead), and offers SuiteQL for polling bulk data. OAuth tokens are valid for 60 minutes and do not have a refresh token in M2M flow, so ml-connector must request a new token for each session or cache until expiry.

How GoCardless works

GoCardless exposes customers, mandates, payments, and payouts through a REST API at api.gocardless.com, authenticated with a Bearer token from the merchant dashboard or via OAuth 2.0 authorization-code flow. Every webhook request from GoCardless carries an HMAC-SHA256 signature in the Webhook-Signature header, computed over the raw request body with the shared secret, and ml-connector must verify the signature before processing. Webhooks batch up to 250 events per POST. Payouts are read-only and generated automatically by GoCardless, and amounts are in the smallest currency unit (pence/cents). HTTPS is required in production; HTTP is allowed in sandbox only.

What moves between them

The main flow is NetSuite to GoCardless. When a customer invoice is created or posted in NetSuite, ml-connector reads the customer and invoice, matches the customer to a GoCardless customer (by email or external ID), and triggers a payment mandate and collection request. When the payment succeeds in GoCardless, a payout event arrives via webhook with the transaction details. ml-connector maps the payout back to the NetSuite invoice and posts a customer payment record with the amount and reference, marking the invoice paid. Reference data such as customer names, emails, and bank country are kept in sync in both directions.

How ml-connector handles it

ml-connector stores the NetSuite OAuth credential set (client ID and certificate) and the GoCardless Bearer token encrypted, and refreshes the NetSuite token every 60 minutes or when OAuth returns a 401. On the GoCardless side, it validates the HMAC-SHA256 signature on every inbound webhook by recomputing the hash with the shared secret over the raw request body, returning 401 if the signature does not match (not 200, which would mark the endpoint healthy and halt retries). The integration polls NetSuite for new invoices on a schedule tied to your billing cycle, since NetSuite webhooks require IP allowlist configuration. When posting a customer payment to NetSuite, it includes the GoCardless payout ID as the reference, so your AR team can trace collections back to the source. Currency amounts from GoCardless are in the smallest unit (pence/cents), so ml-connector converts them to the NetSuite accounting currency to avoid rounding errors. Mandate creation and payment triggering are idempotent: GoCardless deduplicates by customer and mandate type, so retries do not create duplicate collections.

A real-world example

A mid-sized SaaS company bills customers monthly with NetSuite invoices and collects using GoCardless bank debits across Europe and the UK. Before the integration, the finance team manually exported overdue invoices from NetSuite, created mandates in GoCardless, and after collections succeeded, re-entered each payment into NetSuite, spending days chasing mismatches between GoCardless payouts and NetSuite customer payments. With NetSuite and GoCardless connected, each month the integration automatically creates mandates for new customers, triggers collections for invoices past due, and posts successful payments back to NetSuite the same day. Month-end close runs faster because AR is already reconciled, and the manual data-entry step is gone.

What you can do

  • Trigger GoCardless bank debit collections from customer invoices in Oracle NetSuite, creating mandates automatically for new customers.
  • Sync successful GoCardless payouts back to Oracle NetSuite as customer payments, linked by invoice and mandate.
  • Map customer names, emails, and bank countries between NetSuite and GoCardless, keeping both systems aligned.
  • Verify every GoCardless webhook with HMAC-SHA256 signature validation before processing payout events.
  • Poll Oracle NetSuite on a billing cycle schedule and retry failed collections with exponential backoff.

Questions

How are customers matched between Oracle NetSuite and GoCardless?
Customers are matched by email address or an external ID field if present in both systems. When a new NetSuite customer is created with a bank country supported by GoCardless, ml-connector creates or retrieves the matching GoCardless customer using the email as the primary key. Customer names and metadata are synced bidirectionally to keep both systems current.
What happens when a GoCardless webhook signature fails verification?
ml-connector verifies the HMAC-SHA256 signature on every webhook by recomputing the hash with the shared secret over the raw request body and comparing to the Webhook-Signature header. If the signature does not match, ml-connector returns 401 instead of 200. Returning 200 on a bad signature would mark the endpoint healthy in GoCardless and halt retries, so the 401 response is critical to the security model.
How are currency amounts handled between NetSuite and GoCardless?
GoCardless amount fields are integers in the smallest currency unit for each country (pence in GBP, cents in EUR, etc). ml-connector converts these amounts to the NetSuite accounting currency before posting customer payments to avoid rounding errors. Exchange rates, if needed, are applied using NetSuite's built-in currency conversion or a fixed rate per accounting period.

Related integrations

More Oracle NetSuite integrations

Oracle NetSuite and Adobe CommerceOracle NetSuite and ADPOracle NetSuite and AdyenOracle NetSuite and AirbaseOracle NetSuite and Amazon Seller CentralOracle NetSuite and AnaplanOracle NetSuite and SAP AribaOracle NetSuite and AsanaOracle NetSuite and AvalaraOracle NetSuite and AvidXchangeOracle NetSuite and BambooHROracle NetSuite and Basware

Other systems that connect to GoCardless

Acumatica and GoCardlessDATEV and GoCardlessDeltek and GoCardlessMicrosoft Dynamics 365 Business Central and GoCardlessMicrosoft Dynamics 365 F&O and GoCardlessMicrosoft Dynamics GP and GoCardlessMicrosoft Dynamics NAV and GoCardlessEpicor Kinetic and GoCardlessExact Online and GoCardlessFreshBooks and GoCardlessIFS Cloud and GoCardlessInfor CloudSuite and GoCardless

Connect Oracle NetSuite and GoCardless

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started