https://netsuiteprofessionals.com logo
Join Slack
Powered by
Anyone know what parameters need to be passed for ...
# suitescript
m
Anyone know what parameters need to be passed for GET https://demo123.suitetalk.api.netsuite.com/services/rest/record/v1/customer?q=email START_WITH barbara it's from https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/section_1545222128.html I passed in Bearer token, and I still get Invalid login using postman
b
m
Do you recommend OAuth 2.0 or OAuth 1.0 (which is basically Token Based Authenthication TBA. I think)
b
tba is easier
and more useful
the oauth 2 types have expiring access tokens
m
So I shouldn't follow the documentation in the link you sent me because it's for OAuth 2.0 right? I should find one for TBA? the thing is that I was following the TBA instructions, and I got stuck on the step where I need to generate a Obtain An Unauthorized Request Token
b
failed login attempts go to the same place no matter the authentication method
m
what do you mean goes to the same place?
b
the login audit trail covers successful and failed login attempts
regardless of method
m
i'm not sure if I setup the filter in the login audit trail search wrong, but whenever I search, I never see the failed attempts from my postman. Would you have any ideas?
b
it suggests thats your attempts dont contain enough information to identify the user
setup netsuite's postman collection
m
okay, I already set it up. However, I am not sure how to use it in the API's
b
as in you dont know how to send the requests in the collection?
m
Yeah. I am not sure how to use the collection in the requests. However, all the requests I send, I put in the right credentials. Like Consumer_key, consumer_secret, ETC.
b
you wouldnt if you have all the tokens already
and you would have had trouble following the instruction on how to setup the environment if you didnt have them already
m
Okay thanks for that. I will check it out. Thank you so much btw for assisting me with this.
So, I followed that documentation. And I went to the 0 Test collection, and Example 0.1: Test Request, and it when I click send, i get INVALID_LOGIN_ATTEMPT. So, this means that my environment variables aren't setup correctly, or the request isn't using the environment variable?
b
anything in the login audit trail
m
No, there doesn't look like there is anything. Just to confirm, I set the DATE as "within today"
b
im usually lazier than that
no filters
and just sort by date
m
Yeah, there isn't anything in the login audit trail search, besides myself logging in, successfully
b
which environmental values did you fill in
and where did you get their values
m
just to confirm, this is where I choose to select which environment I want, and that's all I have to do? I just click the dropdown, select the right environment, and it'll automatically apply to all requests I do?
message has been deleted
b
it looks like you have a duplicate, so i would delete the duplicate
but yes, you choose an enviroment
variables will go into template expressions on requests
m
Account_id: i got from being logged in, and looking at URL Consumer_key, i got that from integration record consumer_secret: got that from integration record token_id: i got from when I created the token token_secret: same thing from creating token company_url: I went into company information to find that rest_services: i left it the way it is
this is what my integration record looks like. You think I should uncheck the OAuth2.0?
b
url isnt good enough for account id
m
oh
b
m
oh wooow
the real account id is a underscore, i had it as a dash
okay, well, i just copeid the account_id straight from the link you sent me, and I send the request again and it still gives invalid login, so that can't be the only issue. You think it's the integration record
b
m
okay, so basically, i'll just reset credentials, and copy that into the environment
b
same thing for the access token
m
okay. I will do those both right now, and store the new credentials into the environment
ugh, what great timing. Whenever I try to go to integrations, the page turns into unexpected error. The servers might be having some issues or something
Hey, so I realized that I actually had the wrong integration record credentials inputted. So I tried running the request again, and it failed. however this time, i can see it on the login audit trail. It says failure
and I can see that it was my name trying to login and it failed
b
follow the full instructions for the login audit trail
you want the details
m
Hello, I am trying to find the login audit trail details. When I just do a regular search, there is no details tab. only these:
I'm looking at a documentation and it says I need to Use Advanced Search
1. Go to Setup > Users/Roles > User Management > View Login Audit Trail. 2. Check the Use Advanced Search box. 3. Click the Results subtab to define the columns that are displayed in the search results. To view more verbose information about login attempts, add the Detail result field. 4. Click Submit to run the search and display the results.
I don't see a checkbox for "use Advanced Search" and I don't see any "Results" subtab.
Hey, it looks like the website was bugging out. I had to do a hard refresh, and the check box is there. Looks like the issue in the detail is EntityOrRoleDisabled
Would you have any ideas how to fix the EntityOrRoleDisabled? I'm guessing it has to do with the token based authenthication role I created. But I assigned it to myself.
b
Did you use User Access Token – Create a TBA Token to create the token?
m
wooooooooow. i cannot believe this. In the documentation you sent me, i've seen that before. But I couldn't find "In the settings portlet, click the manage access token link" so i've used the search bar and searched "manage token" and i used that page to create the token. But now, I found the manage access token link from settings portlet, and i created a new token, and that token credentials and secret works now.
🤦‍♂️.
b
Access Token Management – Create and Assign a TBA Token is for assigning tokens to other users
notably it does not work for assigning administrator based roles
m
wooooow. that's crazy
I would never have known.
b
user access token is different in that it assigns the token to the current user/role, including administrator
m
So, how would I go about using this say an API? Like lets say I want to make an API, and if someone calls the API, it just returns all the customers. Should I create a process.env, and in it will be the credentials? The thing is that the token is under my name.
If I were to make an API for general public, that means all the API call would be under my name?
b
assuming you didnt choose the wrong employee or role, you want to make sure that you Set Up Token-based Authentication Roles with the correct permissions
m
Yeah, so I would just make it "log in using access tokens" and that's it
b
you wouldnt really want to make a public api using any of the integration methods
m
Oh. well, i don't know if you would consider it public. But like only employees will use the API.
b
all requests will be made using your login and role
and shouldnt really be considered secure if you are sharing it with other people
m
Ah I see. So, how would you go about making an API? Like lets say you're making a website, and you want to display all the current employees on the website. What method would you use?
b
depends on the website
m
Lets say it's a website for only the employees to look at. So not just anybody will visit the website
b
but if its a self hosted website, then you would be using the server hosting the website to make the api requests
you would not use client side code to make the requests
CORS restrictions wont let you
m
Right, so it'll have to be the client makes an API request to a server. then the server makes the API request to netsuite
b
depends on how fancy the website is
but thats a reasonable approach
key is that the server makes the request to netsuite, so only people with access to the server get access to the tokens
m
Right, that makes sense. I wouldn't be having the credentials of netsuite being passed into the frontend client code. so what do you mean by "fancy" for website
what makes a website "fancy"
b
there are lots of solutions for generating dynamic content on websites
its not uncommon for them to have ways of integrating api requests from other servers
m
Thank you so much for your help. You told me so many things that aren't said in the docs. Like how would I know the importance of setting up the postman environment. I would've followed the other step. and also, the tokens and the account_id is different
6 Views
Open in Slack
PreviousNext
Powered by