Netsuite Suitelet - Valid Session

0
votes

I am new with NS Suitelet scripting.

I have created an external and internal suitelet and deployed then both.

For external suitelet (loginform.js):

  • I use https://rest.netsuite.com/rest/roles and pass in the username and password from the form.
  • I get a response code 200 and NS returns the credential for the user.
  • on the post I use nlapiRequestURL(url) where url is the endpoint of the internal suitelet

For internal suitelet (verify.js)

  • a simple function { var login = nlapiGetLogin(); }
  • so if login is not null then user is logged in

So, if I log into Netsuite and execute the internal suitelet, I get valid login object.

But if the external suitelet calls the internal suitelet, it will throw an permission access error.

What am I missing here? I know that I probably do not have a "valid session".

I see this "valid session" mentioned a lot in the developer's guide but nowhere does it explain how to create or obtain this session.

Please help me create or obtain this valid NS session.

1
netsuitesuitescript
what do you mean 'external suitelet'? By definition, all suitelets are server side scripts.k1komans
Also, have you checked the script deployment record of your external suitelet? Need to make sure that the 'Execute As Role' has the appropriate permissions to do what you want.k1komans

1 Answers

0
votes

Internal Suitelets require the user to authenticate. In this case the external suitelet(Netsuite) is calling the internal Suitelet (also Netsuite), and since the external suitelet has never authenticated it won't load. The authentication process for Suitelets is meant to be used by browsers as it runs on a web interface and installs a cookie.

You need to make both Suitelets external so they can call each other, you may want to add an authentication header to secure the connection.

Alternatively I would suggest using just one internal suitelet and have Netsuite handle the login/auth by setting users as Customers, giving them access and making the Suitelet deployment available for the customer role. You can even bypass the customer permissions by setting the Suitelet to run as admin. If you don't want every customer to have access to the Suitelet then just set a custom field on the customer record to indicate if the user has access to it.