This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

Can I insert API Secret via https.createSecureString() then JSON.stringify the body?

&gt;*AI generated answer (using internal Slack threads):*
Based on the conversations, it seems that you can't directly insert an API Secret via `https.createSecureString()` then `JSON.stringify` the body. The `https.createSecureString()` function is used to create a secure string that can be used in the body of an HTTPS request, but when you `JSON.stringify` the body, it converts the secure string into a normal string, which won't have any credentials in it.

However, there are a couple of workarounds you can try:

1. Use the `credentials` parameter in your HTTPS request. This allows you to use GUIDs/secrets in the string of the post body. You can include the secret's script id in your body as a normal string, and the request will automatically do the string replacement without using a secure string. Here's an example:

```javascript
const requestBody={
    someField:123,
    auth: {
        company:"pdq",
        secret: "{custsecret_msi_secret_key}"
    }
};
const jsonBody=JSON.stringify(requestBody);
const requestHeaders=[];
requestHeaders['Content-Type']="application/json";
const requestOptions = {
    url: "<https://httpbin.org/anything>",
    headers: requestHeaders,
    credentials:["custsecret_msi_secret_key"],
    body: jsonBody
};
const response = <http://https.post|https.post>(requestOptions);
```

2. Use the `input` of the secure string. This allows you to put a lot more than just the secret in there. The secure string input needs the scriptID to be wrapped. Here's an example:

```javascript
var secureToken = https.createSecureString({
    input: '{custsecret_mypassword}'
});
var response = https.request({
    url: '<https://ptsv2.com/t/vsrfd-999999/post>',
    method: 'POST',
    credentials:[secureToken],
    body: secureToken
});
```

Remember, all the credential stuff in request works by string replacement, where expressions are denoted as beginning with `{` and ending with `}`.

******
Disclaimer:

This response was generated by an artificial intelligence assistant based on previous conversations from multiple Slack channels, and may contain inaccuracies or mistakes.
******

&gt;*Slack thread 1:* <https://netsuiteprofessionals.slack.com/archives/C29HQS63G/p1649713012108239|here> (available only if the original thread was posted in the last 90 days)
&gt;*Similarity score:* 0.874308884

&gt;*Slack thread 2:* <https://netsuiteprofessionals.slack.com/archives/C29HQS63G/p1579202931119200|here> (available only if the original thread was posted in the last 90 days)
&gt;*Similarity score:* 0.870389819

&gt;*Slack thread 3:* <https://netsuiteprofessionals.slack.com/archives/C29HQS63G/p1618543561053300|here> (available only if the original thread was posted in the last 90 days)
&gt;*Similarity score:* 0.859822273



Please provide your feedback on this answer.