https://netsuiteprofessionals.com logo
Join Slack
Powered by
Has anybody access the API Secrets through script ...
# suitescript
z
Has anybody access the API Secrets through script yet? If so, do you have any examples?
c
I've used 
N/keyControl
- let me know if I can be of help with that
z
@CD Can that retrieve a key as well?
c
Yeah, just use 
keyControl.findKeys()
z
Thanks, just found that.
c
The documentation was pretty good, to be honest. My code worked first time
c
API secrets and API keys are 2 different APIs. I made a thread about this like 2 days ago if you scroll up.
I was trying to use the API Secrets to store 3rd party API info and read it back but it did not work that way.
z
@creece Bummer, that's what I was looking to do as well. I don't see your thread. So we cant use it that way?
Are the private keys just for SSH?
That actually works pretty easily. Seems to be working const apiKey = https.createSecureString({ input: '{custsecret_apikey}', });
c
createSecureString is pulling in the password value of the API Secret?
b
in this case, it uses a template which only consists of an expression representing the secret key
N/https will render the template before it sends the request
same thing as before, you will never be able to read the actual secret
you only tell netsuite how to use your secret
z
@creece Yep, I stored an api key in the password and then just do a createSecureString and set that value to the API key in the call and it works
It's actually a really fast call too. Took 4 milliseconds
c
I'll try it again. I swear it wasn't working for me yesterday and if this is it i feel super stupid and thank you
z
const apiKey = https.createSecureString({
input: '{custsecret_apikey}', }); var config = { headers: { 'Content-Type': 'application/json', 'DD-API-KEY': apiKey }, body: JSON.stringify(body), url: 'https://website.com/api/v2/logs' };
c
I'm seeing https.SecureString now (since it doesn't show the actual value) but my authentication is failing. Probably an encoding issue.
b
usually helps to post to an echo service like httpbin.org
c
Awesome thanks. I can see the values are coming over if I send them individual. Any string manipulation involving the created secure string results in a https.SecureString as a placeholder. Even using appendSecureString. This has to be the weirdest api i've messed w/ in netsuite.
b
you have to share the code
c
im just talking ill figure it out
b
usual answer is that using the plus operator to add a string and a secureString results in a regular string
losing out on all the information in the secure string
c
Copy code
const CREDENTIALS = https.createSecureString({
            input: (TYPE + '.' + VERSION + '_')
        }).appendSecureString({
            secureString: https.createSecureString({
                input: '{custsecret_api_key}',
            }),
            keepEncoding: true
        }).appendSecureString({
            secureString: https.createSecureString({input: ':'}),
            keepEncoding: true
        }).appendSecureString({
            secureString: https.createSecureString({
                input: '{custsecret_api_secret}',
            }),
            keepEncoding: true
        });
tried making them all secure strings
b
and how are you using it in N/https
c
function that gets the headers returns:
Copy code
{
            'Authorization': CREDENTIALS
                   'Accept': 'application/json',
             'Content-Type': 'application/json',
        };
which im using to post to the service:
Copy code
<http://https.post|https.post>({
                    url: API_ENDPOINT,
                    body: JSON.stringify(apiPayload),
                    headers: HEADERS
                })
The issue is CREDENTIALS winds up just saying https.SecureString rather than doing the combining. If you just use createSecureString on a single value it reads it back fine.
im sure its a concat issue im just not sure what the issue is
b
looks fine to me
Copy code
const TYPE = "Type";
const VERSION = "Version";
const CREDENTIALS = https
  .createSecureString({
    input: TYPE + "." + VERSION + "_",
  })
  .appendSecureString({
    secureString: https.createSecureString({
      input: "{custsecret_api_key}",
    }),
    keepEncoding: true,
  })
  .appendSecureString({
    secureString: https.createSecureString({ input: ":" }),
    keepEncoding: true,
  })
  .appendSecureString({
    secureString: https.createSecureString({
      input: "{custsecret_api_secret}",
    }),
    keepEncoding: true,
  });
const HEADERS = {
  Authorization: CREDENTIALS,
  Accept: "application/json",
  "Content-Type": "application/json",
};
const API_ENDPOINT = "<https://www.httpbin.org/post>";
const apiPayload = { payload: "is payload" };
const response = <http://https.post|https.post>({
  url: API_ENDPOINT,
  body: JSON.stringify(apiPayload),
  headers: HEADERS,
});
results in
Copy code
{
  "args": {},
  "data": "{\"payload\":\"is payload\"}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json",
    "Accept-Encoding": "gzip, deflate",
    "Authorization": "Type.Version_my key:my secret",
    "Content-Length": "24",
    "Content-Type": "application/json",
    "Host": "<http://www.httpbin.org|www.httpbin.org>",
    "User-Agent": "NetSuite/2021.2 (SuiteScript)",
    "X-Amzn-Trace-Id": "Root=1-61d77fe3-58c5d7821a34f0f80ccef9b6"
  },
  "json": {
    "payload": "is payload"
  },
  "origin": "167.216.131.180",
  "url": "<https://www.httpbin.org/post>"
}
c
Yep its working now thanks! I had a extra cleartext space by mistake and it threw it all off.
p
first post... just want to say thanks alot @battk! i've been fighting with API secrets for awhile now trying to use them to connect to Salesforce and this finally solved it for me.
b
using securestring is overkill if you dont plan on doing encoding or hashing
you can just use normal strings if you dont need to do something complicated
p
my issue was that i was concatenating the value from securestring with something else (either in the body or as a url parameter) when using it in the https request. this was causing the securestring to just return "http.createSecureString" instead of the actual value from secret. testing with httpbin.org per your suggestion is what made me realize the issue. solution was to just use an object in the body instead of a string with one of the values set to the securestring.
💯 1
z
@Patrick It will actually parse the string if you put the url in the input string as well.
Copy code
var secureStringURL = https.createSecureString({
          input: '<https://api.website.com/api/v1/series?api_key={custsecret_apikey}>'
        });
p
thanks @Zack. that didn't work for me initially but I'll give it another shot.
c
Hi all. I’ve been looking at API Secrets recently and one thing that seems to be killing it for me is this… I’d like to point to the Secret from a script parameter. Great - that works. However, it’s no use since I get an internal ID and the templating uses the script ID. And I can see no way to get at this from the internal ID. Curious if/how you guys are doing this.
10 Views
Open in Slack
PreviousNext
Powered by