Available now for macOS & Windows

A fast, easy-to-use, secure,
local NetSuite API.

Chartstone turns a NetSuite session into a secure HTTP API that runs on your own machine. SuiteQL, saved searches, RESTlets, reports — your scripts and AI agents can call any of them in seconds, without provisioning OAuth, generating TBA tokens, or storing API keys.

 Download Chartstone See what's inside
The Chartstone control panel showing the connected NetSuite account, the local HTTP server, endpoint access, and the Lite-tier subscription card.
One window. Sign in to NetSuite, start the local server, point your scripts at 127.0.0.1.

Every NetSuite call, without the API setup

Each endpoint runs through your live NetSuite session — no OAuth provisioning, no TBA keys, no credentials in client apps. Log in once; your scripts and agents stay signed in.

SuiteQL queries

POST /suiteql — auto-paginated, returns structured JSON with column-keyed objects. Token-optimized format available for LLMs.

Saved searches

POST /search — run any saved search by ID. Append filters, override columns, get raw or display-text values.

RESTlet invocation

POST /restlet — call any deployed RESTlet with GET/POST/PUT/DELETE, custom headers, and JSON payloads.

Ad-hoc SuiteScript

POST /script — send raw SuiteScript as the request body. Disabled by default; opt in per-install if you understand the risk.

Reports

/reports, /report-info, /report — enumerate, inspect filters, run with overrides. Raw CSV or structured JSON.

Record XML & JSON

/record-xml and /record-json — pull the full XML representation of any entity or transaction, parsed to JSON on request.

Records Catalog

/records-catalog + /records-catalog/schema — full schema crawl that discovers every record type and field your role can see.

Session bridging

Your NetSuite cookies stay in the app's sandboxed session. Every outbound call reads them fresh — cookie rotation handled for you.

Multi-account

Switch NetSuite accounts or roles in the embedded NetSuite browser window. Chartstone auto-detects the change and adjusts accordingly.

Secure local API

Only processes on your own machine can reach the server — nothing on your network sees it. Every request is authenticated with a unique secret token, generated on first launch and encrypted using your OS keychain (Keychain on macOS, Credential Manager on Windows). Rotate it any time.

Built for LLMs

Send Accept: application/toon on any JSON endpoint to get a token-optimized format that's 25–50% cheaper to feed to an LLM context.

Per-endpoint access

Toggle endpoints individually. Reset to safe defaults, enable all, or disable all — changes apply live, no restart required.

All available endpoints

GET /health GET /session GET /session/permissions POST /suiteql POST /search POST /restlet POST /script POST /reports POST /report-info POST /report POST /record-xml POST /record-json POST /records-catalog POST /records-catalog/schema POST /page

How it works

Three steps, no server config, and zero credentials in client apps.

1

Log in

Open Chartstone and log in to NetSuite the way you always do. Your session lives in the app's sandbox.

2

Start the server

Chartstone binds an authenticated HTTP server to 127.0.0.1 with a unique secret token, generated on first launch.

3

Call from anywhere local

AI agents, scripts, CLIs, spreadsheets — anything that can curl can now talk to NetSuite as you.

Built for AI agents

Chartstone is an HTTP API, but the experience it unlocks shows up most clearly when you point an AI agent — Claude Code, Cursor, ChatGPT’s desktop tools, your own custom agent — at it. Ask a question in plain English, the agent translates it into the right call, Chartstone runs it against your live NetSuite session.

Ask

“Show me the top 10 customers by total invoice amount this year.”

Chartstone delivers

The agent writes SuiteQL aggregating invoices by customer, posts it to /suiteql, and gets ranked rows back in seconds — no saved search, no report design, no preconfigured endpoint required.

Ask

“Who changed any credit limit in the last 30 days, and what to?”

Chartstone delivers

The agent queries systemNote filtered to the creditlimit field over the date range, returns a full audit trail with old value, new value, user, and timestamp.

Ask

“What fields does the salesorder record have? Which ones are required?”

Chartstone delivers

The agent calls /records-catalog/schema for salesorder, returns the full field list with types and required flags. It can keep going — “and what about the line items?” — without you naming any tables in advance.

Ask

“Run the A/R Aging Summary report for last quarter and flag anyone over 90 days.”

Chartstone delivers

The agent uses /reports to find the report ID, /report-info to inspect filters, /report to run it with the right period, and filters the result rows to overdue customers — all in one conversation.

The architecture is what makes this fast and cheap: TOON output keeps LLM context tokens small, schema is discoverable so agents don’t need pre-registered tools per record type, and everything runs on loopback so there are no API keys for the agent to fumble.

See the full agent cookbook  →

Get Chartstone

Available now for macOS and Windows. Lite tier is free — generous enough for daily light use. Upgrade to Pro for unlimited usage.

 Download Chartstone

New to Chartstone? Read the user guide.  |  View pricing to compare tiers.