Creating unique URLs for customers using N/crypto module

I’m getting ready to send an email to customers containing a summary of purchases in the prior year. I’d like to include a simple way for customers to access a more detailed version of the report if they choose, without needing to log in. (Most business is done offline, majority of customers don’t have access to login)

The report is created/emailed by a Map/Reduce script.

My plan is to use the N/crypto module when creating each email to encrypt the customers internal id, and store it as a parameter in a link on the email. The link would be to a Suitelet having “Available Without Login” enabled.

On request to the Suitelet, the URL parameter would be decrypted followed by performing a search and rendering the results to a PDF template, which is then served to the user.

Is there anything I may be overlooking here? I have read that encrypting/decrypting with SS2.0 is a little more work because of generating the GUID and such, is it recommended to use a JS library to handle cryptography instead?

Beginner Asked on January 9, 2020 in SuiteScript.
Add Comment
1 Answer(s)
Best answer

Looks reasonable in theory. You would be using the cipher and decipher related methods of N/crypto to do your work. Using N/crypto is hard due to spase documentation and examples. Use N/crypto if you must protect your secret key such that only NetSuite’s servers knows its value. If you can get by with hiding the secret key in something like a custom record or script parameter, use your favored javascript crypto library.

I personally think its a lot of work to hide an internal id number.

Intermediate Answered on January 9, 2020.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.