Back to Release Notes
SuiteCommerce
NetSuite 2025.2
2026-04-19

SuiteCommerce 2025.2 Minor Releases: CAPTCHA Secret Key Moves to API Secrets Manager, Subscriptions Page Fix

The 2025.2.10 minor release moves CAPTCHA secret keys out of the SuiteCommerce Configuration record and into API Secrets, eliminating plaintext storage. The 2025.2.20 patch fixes a Subscriptions page loading failure.

Affects:SuiteCommerceSuiteCommerce AdvancedSuiteCommerce MyAccountAPI Secrets ManagerSuiteCommerce Configuration Record

What changed

2025.2.10 — CAPTCHA Secret Key Relocated to API Secrets Manager

Previously, the CAPTCHA secret key was stored as plaintext directly in the SuiteCommerce Configuration record. Starting with 2025.2.10, the secret key must be created in Setup > Company > API Secrets and only the resulting secret ID is entered into the SuiteCommerce Configuration record.

At runtime, NetSuite resolves the secret by its ID from the API Secrets store, so CAPTCHA verification behavior is unchanged from the shopper's perspective. The benefit is that plaintext credentials are no longer sitting in a configuration record accessible to anyone with config-level permissions — access is now governed by the API Secrets ACL.

2025.2.20 — Subscriptions Page Loading Fix

A configuration-level bug in SuiteCommerce Subscriptions caused the subscriptions page to fail to load for certain shoppers after login. No specific record or field was identified in the release notes; the fix is delivered automatically with the 2025.2.20 patch.

What to do

  1. Migrate your CAPTCHA secret key (required for 2025.2.10+): Navigate to Setup > Company > API Secrets. Create a new secret and paste your existing CAPTCHA secret key value into it. Note the generated secret ID.
  2. Open your SuiteCommerce Configuration record and replace the plaintext secret key with the secret ID you just created. Follow Oracle's instructions under How to Enable and Configure SuiteCommerce CAPTCHA for field-level guidance.
  3. Verify CAPTCHA still works on your web store after the change — submit a form that triggers CAPTCHA (e.g., registration, contact) and confirm it validates correctly.
  4. If you have any custom SuiteScript that reads the CAPTCHA key directly from the SuiteCommerce Configuration record (e.g., via N/record or N/search), update it to retrieve the secret through the API Secrets mechanism instead. Direct reads of the old plaintext field will return only the ID, not the key itself.
  5. Subscriptions fix (2025.2.20): No action required — this is an automatic platform-side fix. If you were experiencing the loading issue, confirm it is resolved after your account receives the 2025.2.20 patch.

Notes

Oracle's notes do not specify which field on the SuiteCommerce Configuration record holds the secret ID, nor do they document the API Secrets record's internal ID or any SuiteScript API for programmatic secret retrieval. If you have integrations that depend on reading the CAPTCHA key, consult the Creating Secrets documentation or open a case with NetSuite support to confirm the correct retrieval pattern in your scripting context.

Source: Oracle NetSuite Release Notes

More in SuiteCommerce

SuiteCommerce
2023.1

ACH Payments Now Available on SuiteCommerce Web Stores

SuiteCommerce, SuiteCommerce MyAccount, and SCA 2023.1+ now support ACH (Automated Clearing House) payments in checkout and My Account flows, requiring the Payment Instruments feature to be enabled.

SuiteCommerce
Mont Blanc

SuiteCommerce Advanced Mont Blanc: Quotes, SCIS Integration, Site Access Restriction, and Payment Method Changes

The Mont Blanc release of SuiteCommerce Advanced adds front-end quote creation (Estimate records), SuiteCommerce InStore integration, site-wide password protection, alternative payment gateways, and breaks the creditCardIcons configuration in SC.Configuration.js — requiring a migration to the new paymentmethods array and Payment Method record URL fields.