Authentication and Authorization for SuiteScript Applications
Authentication and authorization differences between Suitelets, RESTlets, SSP applications, and Scriptable Carts enhance user access control.
The authentication and authorization mechanisms for SuiteScript applications play a vital role in defining how different application types interact with users. Understanding these differences helps developers implement the appropriate security measures for their applications.
What Are the Different Authentication Options?
The following table outlines the authentication capabilities across Suitelets, RESTlets, SSP applications, and Scriptable Carts:
| Feature | Suitelet | RESTlet | SSP Application | Scriptable Cart |
|---|---|---|---|---|
| Available Without Login | Supported | Not Supported | Supported | Supported |
| Recognized User (Cookies) | Not Supported | Not Supported | Supported | Supported |
| Shopper | Not Supported | Not Supported | Supported | Supported |
| User (Entity Record) | Supported | Supported | Supported | Supported |
| Authentication Mechanism | JSessionId | JSessionId/nlAuth | JSessionId | JSessionId |
| Audience | Supported | Supported | Not Applicable | Not Applicable |
| Execute As Admin | Supported | Not Supported | Not Supported | Not Supported |
Supported Mechanisms
- JSessionId: This token is used to manage user sessions effectively across different types of applications, enabling secure and seamless user experiences.
- nlAuth: Specific to RESTlets, providing an additional layer of authentication for API calls.
Who This Affects
Understanding these authentication methods primarily impacts:
- Developers: Ensure the right security layers are implemented for web application development.
- Administrators: Manage user permissions and access effectively across different application types.
- Security Teams: Monitor and uphold application security standards and practices.
Key Takeaways
- Different SuiteScript applications have varied authentication and authorization capabilities.
- Each application type uses specific mechanisms that affect user experience and security.
- Developers must choose the right application type based on the authentication requirements.
Source: This article is based on Oracle's official NetSuite documentation.
Frequently Asked Questions (4)
What authentication mechanism is specific to RESTlets in SuiteScript applications?
Can Suitelets be accessed without user login in SuiteScript applications?
Are SSP Applications able to recognize users through cookies in NetSuite?
Is the 'Execute As Admin' feature available for RESTlets in SuiteScript?
Was this article helpful?
More in SuiteScript
- Scheduling Map/Reduce Script Submissions in NetSuite
Learn how to schedule map/reduce scripts for one-time or recurring submissions in NetSuite, enhancing automation and efficiency.
- API Governance Units Calculation in NetSuite 2026.1
NetSuite 2026.1 introduces examples illustrating API governance unit calculations for both user event and scheduled scripts.
- Binary File Support in N/https Module for SuiteScript
SuiteScript enhances capabilities with binary file support in the N/https module, allowing improved data handling in external communications.
- Attach and Detach Operations in NetSuite 2026.1
Attach and detach operations for record relationships in NetSuite enhance data management and connectivity.
