Hello guys,
Does anyone know of a way to securely ...
# suitecommercek
Kevin Eimer
05/07/2020, 5:52 PMHello guys,
Does anyone know of a way to securely validate calls from SuiteCommerce to a Suitelet?
I know that SuiteCommerce internally does it through its API, but with external Suitelets how would it be?
I only know by URL, but there must be some other better way, without using NLAuth or Token, it would be executed by the Customer
p
PabloZ
05/07/2020, 5:53 PMwell, one thing you can do and avoid all issues is just calling the suitelet via the frontend itself.
PabloZ
05/07/2020, 5:54 PMthe other option can be forwarding all headers from the request to the suitelet (by sending request.getAllHeaders() to nlapiRequestUrl(url, postData, headers). SCA does it on some very edge cases, on cancelling return auths and orders.
k
Kevin Eimer
05/07/2020, 6:04 PMIm sending all the headers from the ServiceController to the Suitelet, but how can I validate this headers ?
p
PabloZ
05/07/2020, 6:05 PMyou don't, you just deploy the suitelet only to customers.
PabloZ
05/07/2020, 6:05 PMThat being said, it's dangerous and it has ugly edge cases.
PabloZ
05/07/2020, 6:06 PMIf it's for an isolated service for a logged in user it will work fine i guess.
k
Kevin Eimer
05/07/2020, 6:06 PMInteresting about the deploy.
Do you know any way to make it safer?
Kevin Eimer
05/07/2020, 6:06 PMJust logged in customers
p
PabloZ
05/07/2020, 6:07 PMCalling the suitelet directly is not an option?
PabloZ
05/07/2020, 6:07 PMyoursite.com/suiteletUrl.nl should work and keep the session.
k
Kevin Eimer
05/07/2020, 6:15 PMI think its not working
You do not have privileges to view this page 😕
k
Kearobi
05/11/2020, 9:32 PM@Kevin Eimer, is your suitelet available without login?
k
Kevin Eimer
05/13/2020, 1:10 PMYes it is
2 Views