HTTP Request Parameters in SuiteScript for NetSuite
Understand how to handle HTTP request parameters in SuiteScript for effective web communication.
TL;DR Opening
This article provides a detailed overview of how to handle HTTP request parameters in SuiteScript, emphasizing the importance of validation to avoid security risks like cross-site scripting (XSS) injections.
What Are HTTP Request Parameters?
HTTP request parameters are key-value pairs that facilitate the exchange of information between a client and a server in NetSuite's scripting environment. These parameters vary based on the type of HTTP request:
- GET Request: Parameters are included in the URL as part of the query string.
- POST Request: Parameters are sent in the body of the request.
Important Considerations
When working with HTTP request parameters, adhere to the following best practices:
- Input Validation: Always validate parameters to prevent security vulnerabilities such as XSS injections. Avoid including
<script>tags in your parameters. - Data Structure: Note that parameters cannot be arrays. Instead, utilize
JSON.stringifyandJSON.parsefor array handling.
Property Description
The parameters are treated as an object of name-value pairs:
| Field Name | Type | Description |
|---|---|---|
| parameters | Object (read-only) | Contains server request parameters. |
Error Handling
When trying to modify this property, the following error may be encountered:
- Error Code:
READ_ONLY_PROPERTY- Thrown If: An attempt is made to modify the read-only property.
Sample Code
Here’s a basic example demonstrating how to access parameters within a Suitelet's onRequest method:
1// Add additional code 2...3// example from a Suitelet4 5onRequest: function(context) {6 // The context.request is an http.ServerRequest7 if (context.request.method === 'GET') { 8 var myName = context.request.parameters.custpage_nameParam; 9 var myPhone = context.request.parameters.custpage_phoneParam; 10 }11 if (context.request.method === 'POST'){ 12 var myName = context.request.parameters.nameFld; 13 var myPhone = context.request.parameters.phoneFld;14 }15}16...17// Add additional codeRelated Topics
- N/http Module: Understanding the module helps in making HTTP calls from server or client scripts in NetSuite.
- ServerRequest Object: This object provides detailed information on HTTP requests.
Who This Affects
Roles impacted include:
- Developers who write SuiteScript for custom applications.
- Administrators overseeing script security and performance.
Key Takeaways
- Validate all parameters to prevent XSS vulnerabilities.
- Use JSON methods to manipulate arrays in parameters.
- Understand the read-only nature of the
parametersproperty. - Be aware of how parameters differ in GET and POST requests.
Source: This article is based on Oracle's official NetSuite documentation.
Frequently Asked Questions (4)
How should I handle arrays in HTTP request parameters in SuiteScript?
What error might I encounter when trying to modify request parameters in SuiteScript?
Does the handling of parameters differ between GET and POST requests in SuiteScript?
What security measure should be taken when handling HTTP request parameters in SuiteScript?
Was this article helpful?
More in Integration
- Natural Language Queries in NetSuite AI
MCP Standard Tools SuiteApp enables AI-driven data tasks in NetSuite, aligned with role permissions.
- Square Connector Integration in NetSuite 2026.1
Discover the Square Connector for seamless integration with NetSuite 2026.1, synchronizing transactions, orders, and inventory effortlessly.
- SuiteTalk Web Services Updates for NetSuite Integrations
SuiteTalk Web Services adds new Item Supply Plan support, enhancing integrations for efficient data management.
- SuiteTalk Web Services Enhancements in NetSuite
Explore the latest enhancements to SuiteTalk Web Services, improving integration and API functionalities in NetSuite.
Advertising
Reach Integration Professionals
Put your product in front of NetSuite experts who work with Integration every day.
Sponsor This Category