https://netsuiteprofessionals.com logo
Join Slack
Powered by
I'm trying to send a get request to a restlet and ...
# suitescript
a
I'm trying to send a get request to a restlet and I'm getting INVALID_LOGIN_ATTEMPT error. any idea how to fix this?
is a specific header required?
r
How are you authenticating?
Fairly sure it's OAuth1.0 but I'm not sure if there are other options.
a
what's the best way for authentication
c
Depends what is supported by your caller/client
r
OAuth1.0/TBA is fairly easy to get going. As @Craig said, it really depends on your use case and where the RESTlet will be called from.
a
from both internal and external
r
An external code-base? What language?
a
do we need authentication for internal users as well?
javascript
r
iirc RESTlets have an external & internal URL, the internal one doesn't need authentication but obviously that's only useful for your NetSuite scripts.
a
yes
is restlet running as admin?
or it depends where you call it
c
That will be defined on the deployment record
a
no
I can't see anything on the deployment
for restlet
c
actually
it depends
with NL AUTH the role is set in the header
with TBA it's set on the on integration record
Go to your integration record, it will be there.
a
integration record?
r
For JS, you'll need the following libaries (been a while so versioning might be wrong).
Copy code
"crypto": "^1.0.1",
    "oauth-1.0a": "^2.2.6",
Then you'll want to do something like the following:
Copy code
const oauth = OAuth({
          consumer: {
            key: "",
            secret: "",
          },
          signature_method: "HMAC-SHA1",
          realm: "ns_account_id",
          hash_function(base_string, key) {
            return crypto
              .createHmac("sha1", key)
              .update(base_string)
              .digest("base64");
          },
        });
.
Copy code
const requestParams = {
          url:
            "",
          method: "GET",
        };

        const token = {
          key: "",
          secret: "",
        };

        request(
          {
            url: requestParams.url,
            method: requestParams.method,
            headers: oauth.toHeader(oauth.authorize(requestParams, token)),
          },
c
If you want an external service to call your RESTlet, you need an integration record
a
ok
so I have another issue with internals
we can't set client script to run as admin
so I thought we can create a restlet or suitelet
and then call it
internal users are able to call the restlet
but it will complain that they don't have permission
and for internal users I'm not adding header to the call
am I missing something here
can we create a restlet to run tasks as admin?
c
Take a step back
What are you trying to achieve?
a
I want to create and delete some records
in the client script
c
Why does it need to be a client script?
a
so I need to run the client script as admin
c
and what was the problem with the client script?
a
so the problem is I need to run it as admin
I thought we can create a restlet or suitelet
and call that
to run the tasks as admin
c
What are you actually trying to do?
a
so I've created a restlet
c
Take a big step back
a
so let's say we have check box
if user check it I want to create record A and Delete B
if uncheck create record B and Delete A
c
Does the record deletion and creation have to happen immediately or can you wait until the current record has been saved by the user?
a
immediately
c
Ok - so I would prefer a UserEvent script with an afterSubmit entry point
but then you'd have to save the record before the other stuff happens
if it needs to be a client script that's fine, but I think the client script will run with the same permissions as the user that accesses the record.
a
so what will you do if you need to run something as an admin in client script
c
I would never do that
Why can't this be done in a user event script?
a
thanks for your help
c
YOu can easily do this in a UE script
a
as I said it should happen in cs
c
so give your users higher permissions
then it will work
Just enough perms to access the records you want to create and delete
Or carry on down the Suitelet route
Suitelet will be easier than RESTlet
You can call the Suitelet from the Clientscript
a
ok if I don't want to choose the easy path
how can I run restlet as admin
for internal users
c
I think you need to pass the NLAUTH header
and one of the fields needs to have the internal ID of the admin role
Actually, that would be for external - I'm not too sure about internal
a
why one of the filds need to have the internal id
c
Can't you just use a Suitelet?
and call it from the clientscript?
a
to get the value and pass it to header
I can but the issue is for the similar issue long time ago
someone suggest both restlet and suitelet will work
c
When you call a restlet externally, you usually pass the ID of the role you want to execute as assuming you're using HTTP BASIC
a
and I believe at that time that was right
based on my testing
I wanted to know something has changed in netsuite
or I need to add something to the script
c
I think
I think if you call a restlet from a client script, it will NOT run as admin
it will run with the same permissions as the users because it's coming from the clientscript
Are you calling it from a client script?
a
yes
c
Yeah I don't think that will ever work then
The docs don't specify which role it will run as so it must be the same role as the user
There are several solutions to what you're doing here - the easiest is to increase the permissions of your users
the second one would be to move the restlet to a suitelet and deploy as admin
the third would be to do this as a user event script
a
is it depends on methods
c
I prefer the second or third but I don't know what you're dealing with - could be a 4000 line long script for all I know and you don't want to touch it too much!
a
get, post, delete
because I've checked and I have another reslet that use post method
and runs as admin
c
Ok so it looks like you've found out that what you're doing can't work
only an admin can call delete
Or someone with privs on that record
why not just give your users privs for that record?
They're deleting and adding them anyway, so clearly they need access
a
but they are doing that via that specific script
if you give them permission they can do that outside the script
c
Yeah, so it's a little more controlled with the script.
I get that
Maybe someone else can advise differently but I'm not sure you can do this with a restlet
a
that's weird
it seems post is working
but not get
c
Not sure why it would be like that
is this SS2?
a
yes
c
Does it work if you call GET as an admin?
a
yes
b
suitelets are the normal tool for permission escalation
though i agree with craig in this matter, you might as well give your user permission to delete since thats basically what the suitelet will do
5 Views
Open in Slack
PreviousNext
Powered by