Published on April 22, 2020.

Last week I finished a NetSuite integration project for one of my promotional products clients. What made the project interesting was that it required integrating NetSuite with the company's custom Adobe ColdFusion-based ecommerce system.

The integration primarily involves pushing data from the ColdFusion system to the company's NetSuite instance. On the NetSuite side of the integration, I had considered using the REST Web Services that are now available as part of SuiteTalk. I had been beta testing those services for quite awhile, and found them to be a nice, powerful addition to NetSuite's integration capabilities. However, because of the complex business rules that were involved in this integration, I decided to use custom SuiteScript RESTlets instead.

The most challenging aspect of the project was making the call from ColdFusion to the RESTlet. In particular, authenticating the calls was complicated because it required use of NetSuite's Token-based Authentication (TBA) mechanism. TBA is based on OAuth 1.0.

Included below is a custom function that I developed to make the calls between ColdFusion and the RESTlets a little easier. To use the function, you pass it a few NetSuite settings (account number, URL, etc) and a JSON-encoded payload. The function calls a RESTlet, authenticates using TBA, sends the payload, and returns the RESTlet's response as a ColdFusion structure.

I hope that you find the ColdFusion function helpful. If you have any questions about it, or need help with an integration project, please feel free to reach out to me.

After many years of being away from the ColdFusion space, I'm now finding myself doing an increasing amount of work in it. This was an interesting and challenging project, but the NetSuite aspect of it made it fun to work on.

<!--- NetSuite Settings --->
<cfset ns_settings = structnew()>
<cfset ns_settings.script_id = ***YOUR-SCRIPT-ID***>
<cfset ns_settings.deployment_id = ***YOUR-DEPLOYMENT-ID***>
<cfset ns_settings.account_number = ***YOUR-ACCOUNT-NUMBER***>
<cfset ns_settings.consumer_key = "***YOUR-CONSUMER-KEY***">
<cfset ns_settings.consumer_secret = "***YOUR-CONSUMER-SECRET***">
<cfset ns_settings.token_id = "***YOUR-TOKEN-ID***">
<cfset ns_settings.token_secret = "***YOUR-TOKEN-SECRET***">
<cfset ns_settings.url = "***YOUR-RESTLET-URL***">

<!--- Example Payload --->
<cfset payload = structnew()>
<cfset payload.function = "orderGenerate">
<cfset payload.customer_id = "1816">
<cfset payload.source = "dev01-chartstonepromo-com">
<cfset payload.terms = "cc">
<cfset payload.cc_auth_source = "stripe">
<cfset payload.cc_auth_ref = "20200315-1322-0012">
<cfset payload.cc_auth_amt = "112701.00">
<cfset payload.tax_calc_source = "avatax">
<cfset payload.tax_calc_ref = "ava-20200315-1322-0003">

<!--- Convert the payload from a structure to a JSON-encoded string. --->
<cfset payload = serializeJSON( payload )>

<!--- Send the payload to the RESTlet. --->
<cfset response = post_to_restlet( ns_settings, payload )>

<!--- Dump the response. --->
<cfdump var="#response#">

<!--- Custom Function: post_to_restlet --->
<cffunction
	name="post_to_restlet"
	access="public"
	returntype="struct"
	output="false"
	hint="Posts a payload to a NetSuite RESTlet. Uses Token Based Authentication (TBA).">
    
	<cfargument
		name="settings"
		type="struct"
		required="true"
		hint="The NetSuite settings."
		/>   
		
	<cfargument
		name="payload"
		type="string"
		required="true"
		hint="The payload to send."
		/> 

	<!--- Create a nonce. --->
	<cfset oauth_nonce = hash( rand(), "MD5", "UTF-8") >	
	
	<!--- Get the current timestamp. --->
	<!--- Note: This is the equivalent of the PHP time function. --->
	<cfset oauth_timestamp = datediff( "s", createdate( 1970, 1, 1 ), dateadd( "s", gettimezoneinfo().utctotaloffset, now() ) )>

	<!--- Create an encoded base string. --->
	<cfset base_string = "POST&"
		& encodeForURL( settings.url ) & "&"
		& encodeForURL(
			"deploy=" & settings.deployment_id
			& "&oauth_consumer_key=" & settings.consumer_key
			& "&oauth_nonce=" & oauth_nonce
			& "&oauth_signature_method=HMAC-SHA1"
			& "&oauth_timestamp=" & oauth_timestamp
			& "&oauth_token=" & settings.token_id
			& "&oauth_version=1.0"
			& "&script=" & settings.script_id
		)
	> 	

	<!--- Create a composite key. --->
	<cfset composite_key = encodeforurl( settings.consumer_secret ) & "&" & encodeforurl( settings.token_secret )>
		
	<!--- Create the signature. --->
	<!--- Note: This is the equivalent of the PHP hash_hmac function with raw_output set to TRUE. --->
	<cfset signature = binaryEncode( binaryDecode( hmac( base_string, composite_key, "HMACSHA1" ), "hex"), "base64" ) >
		
	<!--- Create the authorization header. --->
	<cfset auth_header = "OAuth "
		& "oauth_consumer_key=""" & encodeForURL( settings.consumer_key ) & """, "
		& "oauth_nonce=""" & encodeForURL( oauth_nonce ) & """, "
		& "oauth_signature=""" & encodeForURL( signature ) & """, "
		& "oauth_signature_method=""HMAC-SHA1"", "
		& "oauth_timestamp=""" & encodeForURL( oauth_timestamp ) & """, "
		& "oauth_token=""" & encodeForURL( settings.token_id ) & """, " 
		& "oauth_version=""1.0"", "
		& "realm=""" & encodeForURL( settings.account_number ) & """"
	>
		
	<!--- Create the full URL to send the request to. --->
	<cfset full_url = settings.url & "?&script=" & settings.script_id & "&deploy=" & settings.deployment_id>     
    
	<cfhttp
		url="#full_url#"
		method="post"
		result="http_response">

		<cfhttpparam
			type="header"
			name="Authorization"
			value="#auth_header#"
		/>      
		
		<cfhttpparam
			type="header"
			name="Content-Type"
			value="application/json"
		/>  
		
		<cfhttpparam 
			type="body" 
			value="#payload#"
		/>    

	</cfhttp>
		
	<cfif http_response.statuscode eq "200 OK">	
		<cfset data = deserializejson( http_response.filecontent )>		 		
	<cfelse>
		<cfset data = structnew()>
	</cfif>
	
	<cfreturn data>
  
</cffunction>