HTTPS.requestSuitelet

The method https.requestSuitelet(options) sends an HTTPS request to another Suitelet (i.e., a script deployed as type “Suitelet”) within the same NetSuite account, and returns a ClientResponse object.

Key facts:

  • It is part of the N/https module and can be executed from client and server scripts (for example a Client script, UserEvent script, Suitelet etc).
  • The options object includes at least:
  • scriptId: the script record ID of the target Suitelet.
  • deploymentId: the deployment record ID of that Suitelet.
  • Additional parameters may include:
  • urlParams: object of query‑string parameters to append.
  • method: HTTP method (GET, POST, PUT, DELETE, HEAD) — defaults to GET if no body, or POST if body is provided.
  • body: a string or an object (ignored unless method is POST or PUT) for the POST data.
  • headers: object containing additional HTTPS headers.
  • It returns an https.ClientResponse object for synchronous calls (or a promise if using https.requestSuitelet.promise(...)).
  • Governance cost is 10 units.
  • The feature has been documented as “Since 2023.1” in the help center for this method.

In practical terms, this method is used when you want one piece of NetSuite script code to call another Suitelet internally (within the same NetSuite account), passing parameters, and consume the response – without needing to expose a public URL, manage authentication manually, or resolve external URLs.

 Things to Note

Here are key considerations and best practices when using https.requestSuitelet:

  1. Authenticated / Internal Context Only
  • The method is designed to call internal Suitelets in a trusted context (i.e., scripts running under an authenticated NetSuite session). It cannot be used in an anonymous client‐side context such as a public website for shoppers.
  • So you cannot use this method to call a Suitelet that is open to “Anyone” or externally accessible without login; it assumes the calling script has proper session credentials.
  1. Avoiding URL resolution / external HTTP call
  • Because the method bypasses publicly constructing a full URL (with script and deployment), you avoid exposure of internal IDs and reduce authentication complexity.
  • Also reduces risk of mis‐resolving URLs (for example with url.resolveScript) and avoids needing to manage sessions/tokens for internal call.
  1. Governance units
  • The method consumes 10 governance units. It’s relatively expensive compared to simple logic, so use judiciously especially in loops or bulk contexts.
  1. Avoid infinite loops / recursive calls
  • If your Suitelet calls the same or another Suitelet which in turn calls the first, you may run into the error SSS_REQUEST_LOOP_DETECTED. The help doc lists this as a possible error.
  • Ensure you have safeguards (e.g., flags / parameters) to prevent unintended recursive calls.
  1. Parameters must be valid
  • If scriptId or deploymentId are missing or invalid you’ll get SSS_MISSING_REQD_ARGUMENT or INVALID_SCRIPT_DEPLOYMENT_ID_1 or INVALID_SCRIPT_ID_1.
  • If headers contain invalid values you might hit SSS_INVALID_HEADER.
  1. HTTP method & body semantics
  • If you pass a body, default method becomes POST (unless overridden). If no body passed, default method is GET.
  • For urlParams, ensure they are simple key:value string/object pairs; if invalid you might see SSS_INVALID_URL_PARAMS.
  1. Session & Context Privileges Flow Through
  • The target Suitelet will execute under the same user context/permissions as the calling script, so security/permission boundaries are preserved (assuming internal context).
  • Because of this, you don’t need to expose the Suitelet externally or give it “Execute as Administrator” purely for internal calls

Advantages Over Using url.resolveScript + Generic https Calls

A commonly used alternative (in older patterns) is where you use url.resolveScript (or url.resolveRecord, etc.) to build the full external URL of a Suitelet, and then call something like https.get(options) or https.post(options) to hit that URL. Here are the specific advantages of using https.requestSuitelet instead:

  • No need to resolve the URL: When you call https.requestSuitelet, you only provide the scriptId and deploymentId. You don’t need to build the full URL string for the Suitelet. This reduces error risk.
  • No external request overhead: Because this is managed internally, you avoid external call latency (URL DNS resolution, SSL handshake) for internal flows.
  • Avoids authentication complexity: If you build a URL and hit it via generic https, you may need to ensure the session cookie, tokens, or authentication headers are managed. requestSuitelet handles this internally because it’s within the same account.
  • Less exposure of internal URLs: Using URL strings often means you expose script/deploy IDs in logs or URLs; with requestSuitelet you reduce that surface.
  • Better governance tracking for internal calls: It appears as a proper internal API call rather than a generic HTTP call to self, making monitoring/governance more straightforward.
  • Cleaner code structure: Calling via requestSuitelet makes it clear you’re invoking an internal Suitelet, which helps readability and maintainability rather than “we hit our own URL” patterns.

In short: https.requestSuitelet is the preferred internal‐Suitelet invocation method when you know the target Suitelet is in the same NetSuite account and you’re not doing an external integration.

Example of calling a suitelet from another SuiteScript:

Suitelet:

/**

 * @NApiVersion 2.1

 * @NScriptType Suitelet

 */

define([‘N/ui/serverWidget’], function(serverWidget) {

  function onRequest(context) {

    var request = context.request;

    var response = context.response;

    // Get any parameters if passed via urlParams or body

    var paramFoo = request.parameters.foo || ‘defaultFoo’;

    // Do your processing

    // … (business logic)

    response.write({ output: ‘Processed foo=’+paramFoo });

  }

  return {

    onRequest: onRequest

  };

});

UserEvent Script where the suitelet is called:

/**

 * @NApiVersion 2.1

 * @NScriptType UserEventScript

 */

define([‘N/https’, ‘N/log’], function(https, log) {

  function beforeLoad(context) {

    try {

      var response = https.requestSuitelet({

        scriptId: ‘customscript_sl_process_data’,    // your target Suitelet script ID

        deploymentId: ‘customdeploy_sl_process_data’,  // your target Suitelet deployment ID

        method: https.Method.GET,

        urlParams: { foo: ‘bar123’ }

      });

      log.debug(‘Suitelet Response Code’, response.code);

      log.debug(‘Suitelet Response Body’, response.body);

    } catch (e) {

      log.error(‘Error calling suitelet’, e.toString());

    }

  }

  return {

    beforeLoad: beforeLoad

  };

});

Leave a comment

Your email address will not be published. Required fields are marked *