ml-connector
Oracle NetSuiteShopify

Oracle NetSuite and Shopify integration

Oracle NetSuite is your ERP and order source of truth. Shopify is your e-commerce front end. Connecting them keeps inventory, customer records, and order status aligned in both directions. New orders placed in Shopify flow into NetSuite with correct line items, pricing, and tax, ready for fulfillment. Customer data created or updated in Shopify syncs to NetSuite to keep your customer file complete. Inventory movements in NetSuite can be reported back to Shopify to keep storefront stock counts accurate.

How Oracle NetSuite works

Oracle NetSuite exposes sales orders, invoices, customers, inventory items, departments, locations, and accounts through SuiteTalk REST Web Services with base URLs per account ID. Authentication is OAuth 2.0 client credentials with a certificate (recommended) or token-based authentication with static tokens. NetSuite publishes event subscriptions as push webhooks for record create/edit/delete on sales orders, invoices, customers, and inventory items, with exponential backoff retries and IP allowlist or shared secret validation. For bulk or historical reads, polling via SuiteQL queries retrieves records and custom fields by date range. OAuth tokens valid 60 minutes with no refresh token in the M2M flow.

How Shopify works

Shopify exposes orders, customers, transactions, inventory levels, and fulfillments through the Shopify Admin API in GraphQL and REST formats (REST is legacy; new integrations use GraphQL). Authentication uses OAuth 2.0 with offline tokens (shpat_ prefix, long-lived) or online tokens (shpua_ prefix, session-bound). Webhooks deliver events for orders/create, orders/updated, orders/paid, orders/cancelled, customers/create, customers/update, inventory_levels/update, and fulfillments with X-Shopify-Webhook-Id deduplication. Endpoints must return 401 on bad signature. Shopify has no native vendor/supplier entity (product.vendor is a string only) and no purchase order object; Draft Orders serve as order proxies when needed.

What moves between them

The main flow runs from Shopify into Oracle NetSuite. When a customer places an order in Shopify, ml-connector receives the order webhook, maps line items and customer details to NetSuite sales order format, and writes the transaction via the NetSuite REST API. Customer create and update webhooks sync shopper data to NetSuite customer records. Inventory level changes can flow from NetSuite back to Shopify via polling NetSuite inventory counts and updating Shopify inventory levels on a scheduled cadence. Payment and fulfillment status from Shopify updates NetSuite transaction records to keep order state synchronized.

How ml-connector handles it

ml-connector stores both credential sets encrypted and presents the OAuth token on every request to each system, refreshing NetSuite tokens before the 60-minute expiry window closes. On the Shopify side it validates webhook signatures using the HMAC-SHA256 hash against the shared secret and deduplicates using the X-Shopify-Webhook-Id header so a retry does not double-post an order. On the NetSuite side it maps Shopify orders to sales order records, matching line items to NetSuite inventory items by SKU and writing the transaction with account and department defaults. Because Shopify webhook delivery can lag and orders may arrive out of sequence, ml-connector stores each webhook event in the audit log and can replay it if a downstream write fails. For bulk reads, it polls NetSuite SuiteQL for customer or inventory updates by timestamp and Shopify GraphQL for historical orders, and it handles GraphQL pagination with cursor-based traversal. When NetSuite rate limits or returns 429, ml-connector backs off exponentially and retries, and it tracks OAuth token expiry on both sides so renewal does not turn into an outage.

A real-world example

An online retailer runs Shopify as the storefront and Oracle NetSuite as the back-office ERP. Orders arrive in Shopify and historically were exported as CSV and manually entered into NetSuite for fulfillment and accounting. Inventory counts in the two systems drifted because stock movements in NetSuite were not reflected on the Shopify website, leading to overselling or customer confusion about availability. With Shopify and NetSuite connected, each order created on the website flows into NetSuite automatically with customer details and line items pre-mapped. Inventory levels sync from NetSuite back to Shopify every few hours so the website always shows accurate stock. Fulfillment updates from NetSuite appear in Shopify so customers see tracking and status in their order history without manual sync.

What you can do

  • Write Shopify orders and customer records into Oracle NetSuite sales orders and customer entities, with line items mapped to NetSuite inventory items.
  • Keep Oracle NetSuite inventory counts synced to Shopify inventory levels on a scheduled cadence so storefront stock is always current.
  • Validate Shopify webhook signatures using HMAC-SHA256 and deduplicate using the X-Shopify-Webhook-Id header to prevent duplicate orders.
  • Refresh OAuth tokens before expiry on both Oracle NetSuite and Shopify and handle 401 responses with token re-issue.
  • Replay failed webhook events from the audit log when downstream writes to Oracle NetSuite fail, with exponential backoff retries on rate limits.

Questions

Which direction does data move between Oracle NetSuite and Shopify?
The main flow is Shopify into NetSuite. Orders and customers created or updated in Shopify flow into NetSuite as sales orders and customer records. Inventory counts can flow from NetSuite back to Shopify on a schedule so the storefront stock levels stay current. Payment status and fulfillment updates from NetSuite sync back to Shopify customer order records.
How does ml-connector handle OAuth token expiry on both systems?
NetSuite OAuth tokens are valid 60 minutes with no refresh token, so ml-connector refreshes the token before the window closes and stores the new token encrypted. Shopify offline tokens do not expire but online tokens are session-bound, so ml-connector refreshes before any 401 response and retries the request with the new token.
What happens if a Shopify webhook arrives out of order or is retried?
ml-connector validates the webhook signature using the shared secret and the X-Shopify-Webhook-Id header to deduplicate retries. Each event is stored in the audit log with full context so if the write to NetSuite fails, the event can be replayed. If orders arrive out of sequence, the audit log preserves the original timestamp so reconciliation is possible.

Related integrations

More Oracle NetSuite integrations

Oracle NetSuite and Adobe CommerceOracle NetSuite and ADPOracle NetSuite and AdyenOracle NetSuite and AirbaseOracle NetSuite and Amazon Seller CentralOracle NetSuite and AnaplanOracle NetSuite and SAP AribaOracle NetSuite and AsanaOracle NetSuite and AvalaraOracle NetSuite and AvidXchangeOracle NetSuite and BambooHROracle NetSuite and Basware

Other systems that connect to Shopify

Acumatica and ShopifyDATEV and ShopifyDeltek and ShopifyMicrosoft Dynamics 365 Business Central and ShopifyMicrosoft Dynamics 365 F&O and ShopifyMicrosoft Dynamics GP and ShopifyMicrosoft Dynamics NAV and ShopifyEpicor Kinetic and ShopifyExact Online and ShopifyFreshBooks and ShopifyIFS Cloud and ShopifyInfor CloudSuite and Shopify

Connect Oracle NetSuite and Shopify

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started