https://netsuiteprofessionals.com logo
Join Slack
Powered by
Hi All, How to make restlet call using ajax (jQuer...
# suitescript
a
Hi All, How to make restlet call using ajax (jQuery) ? code snippet will be helpful
n
Are you doing inside a SuiteScript. If so, which type?
a
No it is from outside of Netsuite
b
um, how secure is your environment
restlets require authentication
a
Basically we have created HTML pages in netsuite there we require to call restlet perform operation
since HTML pages dont have context object of netsuite
it will act as cross origin
since these pages built inside the netsuite - I could say it is secure
b
secure enough for you to basically hardcore passwords in it?
s
is there any specific reason you are using restlet?
a
no I am trying OAuth 1,0
We are using suitelet post to perform the operation
as @battk pointed out it is not secure
I mean suitelet is less secure than restlet
Also there is issue of CROS origin
s
I guess you use the same suitelet perform the operation in post method if you are using with NS and same account.
a
you have to use extension every time
@samyt we already using the same
but user needs to have CORS enable all time
which we want to eliminate using restlet
s
Ok @aaz
can use crossDomain:true if you are using jquery ajax? And which version of jquery you are using ?
a
jquery 3.3.1
b
if you are having issues with CORs, im not sure how a RESTlet solves the issue
n
Well, I don't know about you, but we have been calling some of our RESTlets using TBA from outside NS with no CORs issues. And we don't have any special XSS related stuff that would cause any difference.
b
To answer the question, if you somehow fix the CORS issue the example code is:
Copy code
var oauth = OAuth({
	consumer: {
		key: 'My consumer key',
		secret: 'which really should not be hardcoded like this'
	},
	signature_method: 'HMAC-SHA256',
	realm: 'TSTDRV1234567',
	hash_function(base_string, key) {
		return CryptoJS.HmacSHA256(base_string, key).toString(CryptoJS.enc.Base64);
	}
});
var token = {
	key:'my token key',
	secret:'this is why ouath is not used like this'
};
var request_data = {
	url: '<https://rest.netsuite.com/app/site/hosting/restlet.nl?script=1234&deploy=1234>',
	method: 'GET'
};
jQuery.get({
	url: request_data.url,
	headers: oauth.toHeader(oauth.authorize(request_data, token)),
	complete: function(response) {
		console.log(response.responseText);
	}
});
you would need to include jquery, oauth-1.0a and crypto-js (https://github.com/brix/crypto-js)
s
@battk why use crypto?
b
some sort of crypto library is required if you want to use OAuth
if you didn't want crypto, then the headers would look like:
headers: {Authorization: 'NLAuth nlauth_account=TSTDRV1234567, nlauth_email=my@email.com, nlauth_signature=MyPassword, nlauth_role=1234'}
honestly the NLAuth is prettier to look at, but makes it much more obvious that it is insecure and tied to a user's password, which means password changes
👍 1
s
Thank you.I have never used crypto. So was curious to know about it.
a
This will enough to give a try - Thank you all
I will try this will update if it solve my problem
@Nik you are right it is not the issue for external application (SFDC , SAP) etc.My problem statement is more on what we have build upon netsuite using suitelet as response element to build pages using HTML and CSS .Now those pages is act as external not part of NS - I will give try solution suggested
lets hope it will workout
@battk I am getting 401 error
I have checked the keys all are good
b
401 implies that there is no authorization header, you may need to use a debugger to figure out why oauth.toHeader is not generating a headers object
n
Log the header and use Postman to hit it.
b
even if the header was working, ouath is specifically designed to make that not work
you would have better luck plugging in the parameters directly into postman so it can generate the Authorization header
n
That also sounds like a good idea but even if that generates the header successfully, he won't know what's wrong. But yeah that would establish that something's off in the code
Actually, why don't you try hitting the URL in the Postman first. Might be the 2019.1 may be causing some issues. Also, verify the realm. You need to have _SB1 or _SB2 in case of sandboxes.
Open in Slack
PreviousNext
Powered by