Changes to External Suitelet URLs

Suitelets that are available without login have updated External URLs as of May 9, 2024.

The new URL is displayed in the External URL field on the script deployment record and uses the &ns-at= parameter followed by a new value. The previous URL format will continue working for a limited time, but it is recommended that you update links to use the new URL as soon as possible to avoid broken links in the future.

Impact

All hard-coded URLs are impacted. References pointing to the old external URL of the Suitelet will result in broken links after upgrade to NetSuite 2024.2.

Hard-coded URLs can be found in various places:

  • In scripts and HTML files in your account
  • Occasionally in other places like script parameters
  • In external systems that retrieve information or trigger actions
  • Links on your Web site
  • In rare cases, where a Suitelet is used as a public Web site, it might be referenced by search engines

What to look for?

  • An example of the previous format for external URLs:
  • /app/site/hosting/scriptlet.nl?script=123&deploy=123&h=ABCDFEFGHIJKLMNOPRSTUV
  • An example of the updated external URL format:
  • /app/site/hosting/scriptlet.nl?script=123&deploy=123&ns-at=KLMNOPRSTUVABCDFEFGHIJ

The effective change to the External URL is:

  • &h=ABCDEFGHIJKLMONPQRSTUV is replaced by &ns-at=KLMNOPRSTUVABCDFEFGHIJ

Recommended actions

  1. Locate any existing hard-coded URLs calling the external Suitelet in the old format:
  2. Manually go through each script file and script parameter to find the hard-coded references
  3. Create a script and a Documents and Scripts Search to display the scripts that contain hard-coded URLs using the &h=

Estimated Level of effort: 4-8 hours

  1. Get the new URL of your external Suitelet:
  2. Go to the Script Deployment page of the Suitelet and copy the updated external URL displayed there.
  3. Update links or references to the old URL with the new copied URL.

Estimated Level of effort: 2-4 hours

  1. Inform external system developers of the change so they they update their system. Possible references include the following situations:
  2. Requests to external Suitelets from external systems, including requests using HTTP verbs such as POST or PUT
  3. Links to external Suitelets from Web sites

Review the guidelines for usage of Suitelets marked Available Without Login and changing them to internal Suitelets when possible. See Suitelets and UI Object Best Practices and the Setting Available Without Login section of the Suitelet Script Deployment Page.

Changes to url.resolveScript(options) and https.requestSuitelet(options)

Starting July 30, 2024, returning external URLs with url.resolveScript(options) will only be allowed for authenticated sessions.

Effective June 13, 2024, https.requestSuitelet(options) will be supported for internal URLs in trusted contexts. This will become the default behavior, without the need of setting the option.external parameter.

Impact

Scripts using url.resolveScript(options) with the returnExternalUrl parameter set to true will no longer work in untrusted contexts.

On July 30, 2024, use of option.external=true will stop working, and https.requestSuitelet(options) will only work for internal Suitelets. This change also applies to the promise version: https.requestSuitelet.promise(options).

Untrusted contexts include:

  • A client script where all roles are selected in the Roles field on the Audience subtab of the script deployment, AND
  • The client script is running for users whose identity cannot be identified, such as customers and shoppers on Web sites.
  • An external Suitelet calling another Suitelet script

Trusted contexts include:

  • External Suitelets accessed with the updated External URL (using ns-at parameter) from the script deployment record.
  • Suitelets called within an authenticated session, such as within NetSuite UI pages for logged in users. These Suitelets are internal and do not require the Available Without Login preference to be enabled.
  • Client scripts called within an authenticated session, such as within NetSuite UI pages for logged in users.

Recommended actions

  1. Locate scripts that use the (1) resolveScript(options) method with the returnExternalUrl parameter set to true, (2) https.requestSuitelet(options) method with the external parameter set to true, and/or (3) https.requestSuitelet.promise (options) method with the external parameter set to true.

a. Manually go through each script file to find the references.

b. Create a script and a Documents and Scripts Search to display the scripts that contain returnExternalUrl: true or external: true.

  1. Check if the API call is used in a trusted/untrusted context.

If untrusted context:

Get the external URL of your Suitelet:

a. Go to the Script Deployment page of the Suitelet and copy the external URL displayed there.

b. Update the script that uses the API and hard code the external URL instead.

If trusted context but need the full URL of the Suitelet:

Option 1: Update the script to use url.resolveScript(options) with the returnExternalUrl parameter set to true instead of https.requestSuitelet(options)

Option 2: Update the script to hard code the external URL instead

Leave a comment

Your email address will not be published. Required fields are marked *