NetSuite Restlet Using jQuery

Question

I am trying to access a NetSuite restlet using jQuery. Here is my code for that:

jQuery.ajax({
    url: "https://rest.na2.netsuite.com/app/site/hosting/restlet.nl?script=270&deploy=1&searchId=customsearch_active_models",
    type: "GET",
    dataType: "json",
    contentType: "application/json",
    beforeSend: function (xhr) {
        xhr.setRequestHeader("Authorization", "NLAuth nlauth_account=ACCOUNT#, nlauth_email=EMAIL, nlauth_signature=XXXXXX, nlauth_role=ROLE#")
    }
})
.done(function(data){
    console.log(data);
});

When I check the "Network" tab in Chrome/FF it's giving me the following 401 response:

XMLHttpRequest cannot load https://rest.na2.netsuite.com/app/site/hosting/restlet.nl?script=270&deploy=1&searchId=customsearch_active_models. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.tracksandtires.com' is therefore not allowed access. The response had HTTP status code 401.

Am I not formatting the Authorization part correctly? I can't find any documentation on accessing a NetSuite Restlet via jQuery so I'm sort of shooting blind here. Should I just use vanilla javascript and not jQuery? Any help would be much appreciated!

score 4 · Accepted Answer · edited May 23 '17 at 12:00

4

Try using jsonp like this:

jQuery.ajax({
    url: "https://rest.na2.netsuite.com/app/site/hosting/restlet.nl?script=270&deploy=1&searchId=customsearch_active_models",
    type: "GET",
    crossDomain: true,
    dataType: "jsonp",
    contentType: "application/json",
    beforeSend: function (xhr) {
        xhr.setRequestHeader("Authorization", "NLAuth nlauth_account=ACCOUNT#, nlauth_email=EMAIL, nlauth_signature=XXXXXX, nlauth_role=ROLE#")
    }
})
.done(function(data){
    console.log(data);
});

More info: How does Access-Control-Allow-Origin header work?

edited May 23 '17 at 12:00

Community

1
1

answered Mar 22 '17 at 17:07

Adolfo Garza

2,966
12
15

1

This is correct which is why I marked it as such but I'm opting for cURL because of the security risk that @bknights brought up in the answer below. – dvarney Mar 22 '17 at 18:02
Yeah, good catch by @bknights. I was so preoccupied with whether or not you could, I didn't stop to think if you should. – Adolfo Garza Mar 22 '17 at 20:05

score 4 · Answer 2 · answered Mar 22 '17 at 17:23

4

Basically don't

Although @adolfo-garza 's answer does show JSONP correctly you gain nothing by using a Restlet and you give up a login that can never be used for something sensitive. Basically you've put one of your Netsuite credentials out on the public internet. Nothing good can come of this.

This is one of the use cases for Suitelets. You create a Suitelet that has public access (available without login; audience all roles) and then you don't need authentication (though there are ways to rely on shopping session or checkout session authentication if you need filtering information by customer).

If you are just trying to test a real Restlet Use Case then you should use Node or some non-browser based application to do that.

answered Mar 22 '17 at 17:23

bknights

14,408
2
18
31

So basically use something like cURL to get our data and then utilize what we retrieved from NetSuite within our site. Is that correct? – dvarney Mar 22 '17 at 17:33
Thank you. I'll just be using cURL for this. – dvarney Mar 22 '17 at 18:03
Do you mean cURL in PHP to get the data from the RestLet and display it as a server side render? or Use curl to test the RestLet from the command line? – bknights Mar 23 '17 at 01:49
I meant use cURL within a PHP script to bring our data over. – dvarney Mar 23 '17 at 15:33

NetSuite Restlet Using jQuery

2 Answers2