Hi I created API secrets in company API secrets stored passw NetSuite Professionals #suitescript

Hi I created API secrets in - company - API secre...

Shu Jia

01/26/2024, 2:13 AM

Hi I created API secrets in - company - API secrets, stored password and made available to all scripts

Copy code

const username = 'username@username.com';
const password = 'custsecret1';   //internal id of created API secret
//const password = 'hardcode password value works';
return encode.convert({
            string: `${username}:${password}`,
            inputEncoding: encode.Encoding.UTF_8,
            outputEncoding: encode.Encoding.BASE_64
        });

It does not work, also i tried

Copy code

const username = 'username@username.com';

var secretKey = crypto.createSecretKey({
    secret: '{custsecret1}'  
});
log.debug('Secret ID', secretKey);

also no luck, logged

{"secret":"{custsecret1}","encoding":"HEX"}

, then I tried

Copy code

const username = 'username@username.com';
const password = 'custsecret1'; 
var secretKey = https.createSecureString({
   input:  "{" + password + "}"
});
return encode.convert({
            string: `${username}:${secretKey}`,
            inputEncoding: encode.Encoding.UTF_8,
            outputEncoding: encode.Encoding.BASE_64
        });

None of these work...Not sure which part went wrong

battk

01/26/2024, 2:37 AM

secrets are used like templates, they are rendered by specific modules

battk

01/26/2024, 2:38 AM

the most common being N/https, N/crypto, and N/sftp

battk

01/26/2024, 2:38 AM

none of the modules that use secrets allow you to directly log it

battk

01/26/2024, 2:39 AM

you can take a look at the documentation for each of the 3 for example on how they use secrets

Shu Jia

01/26/2024, 3:41 AM

Thanks for replying..the code above tried both

crypto.createSecretKey

and

https.createSecureString

non of them work.. code from suiteanswer 100920 and 98376

battk

01/26/2024, 8:41 AM

the code you shared are not attempts to use the secret, they are attempts to log it, which will all fail

battk

01/26/2024, 8:42 AM

you are also trying to use N/encode, which will again fail, N/encode is not one of the modules that can use secrets

battk

01/26/2024, 8:46 AM

pay closer attention to how Use API Secrets From API Secret Manager in Scripts SuiteAnswer uses the SecureString with N/https, and makes no attempt to log the secureStringUrl

battk

01/26/2024, 8:47 AM

SecretKey.secret as the Important section notes, is non functional

battk

01/26/2024, 8:47 AM

its only to show the syntax

battk

01/26/2024, 8:49 AM

Each SuiteScript module has examples, for N/crypto, thats N/crypto Module Script Samples

battk

01/26/2024, 8:51 AM

which show how to use the module, though I would add thats its exceedingly rare for a secret to be represented in UTF-8

battk

01/26/2024, 8:52 AM

secrets used in N/crypto represent binary data, and utf-8 cant represent all binary data

battk

01/26/2024, 8:53 AM

you will find very few external tools that let you represent the data as utf-8

battk

01/26/2024, 8:54 AM

there is various levels of support for turning passphrases (which can be in utf-8) into that binary key, but NetSuite has no support for them

battk

01/26/2024, 8:58 AM

my personal guess is that you are trying to do Basic Authentication, in which case you want to pay close attention to Create an Authentication Header Using a Secure String

battk

01/26/2024, 9:14 AM

its actually surprisingly difficult to do basic authentication using secrets, official support was only added in 2021.2

Timothy Wong

01/26/2024, 2:20 PM

For basic auth I could only make it work if I stored the basic authentication string

${username}:${secretKey}

as the custsecret... Thats what I ended up doing

Shu Jia

01/26/2024, 3:18 PM

Yes, doing base auth here. Pretty much copied everything from Create an Authentication Header Using a Secure String . Got 401 response from boomi. replace line 2 with line 3, which is the real password, got 200.

Copy code

const username = '<mailto:username@username.com|username@username.com>';
const password = 'custsecret_internalid';   //custsecret id
//const password = 'xxxx-xxxx-xxxx' real password

       const secStringKeyInBase64 = https.createSecureString({
            input: "{" + username + "}:{" + password + "}"
        });

       secStringKeyInBase64.convertEncoding({
            toEncoding: encode.Encoding.BASE_64,
            fromEncoding: encode.Encoding.UTF_8
        });

        const secStringBasicAuthHeader = https.createSecureString({
            input: "Basic "
        });

        secStringBasicAuthHeader.appendSecureString({
            secureString: secStringKeyInBase64,
            keepEncoding: true
        });
const response = <http://https.post|https.post>({
            url: url,
            headers: {
                HTTP: '1.1',
                Accept: 'application/json',
                Authorization: secStringBasicAuthHeader,
               'Content-Type': 'application/json'
            },
            body: JSON.stringify(body)
        });

battk

01/26/2024, 3:23 PM

you still seem to be misunderstanding the template part

battk

01/26/2024, 3:26 PM

the template you are generating is:

Copy code

{username@username.com}:{custsecret_internalid}

battk

01/26/2024, 3:26 PM

with {custsecret_internalid} being replaced by whatever is in the secret

battk

01/26/2024, 3:27 PM

and {username@username.com} failing to be replaced

🙌 2

battk

01/26/2024, 3:27 PM

because thats not a valid secret

battk

01/26/2024, 3:28 PM

nor is it the value you wish to use with basic authentication

Shu Jia

01/26/2024, 4:29 PM

finally it worked. moved username@username.com to api secret. Thanks so much for the help.

13 Views

Open in Slack

Previous Next