Download a NetSuite OAuth Token Based Authentication Sample Node.js Program

This article is relevant if you are seeking to learn how to authenticate and use NetSuite’s Token Based Authentication which utilizes the OAuth 1.0 specification against RestLets.


NetSuite is promoting more use of token based authentication mechanisms to consume API services from external sources. Thus restlets and web services can authenticate using tokens versus user credential information. I welcome this capacity as holding a specific user credential to drive an integration was always worrisome. In practice, password policies forced credential resets which would cause integration down time as it required infrequent but periodic application configuration maintenance.

In theory, using the authentication methods should be straightforward.  But in practice, it is tricky especially because NetSuite is using the older version 1.0a specification; most general OAuth examples now use version 2.0.

You may be using a test tool, such as Postman, and find you are frustrated getting INVALID_LOGIN_ATTEMPT Invalid login attempt messages. While I, and many others, love the Postman tool, there does indeed seem to be some type of bug in the current version with this older OAuth 1.0a specification. Thus, I worked with Marko, one of our consultants, who recently built out a Node.js framework for another client integration. My aim was for Marko to create a simple and easy to understand example project which can help you verify your Restlet connectivity.

Sample Node.js Project to Confirm Connectivity

Simple Echo Back Restlet 2.0 Endpoint

We created a very simple Restlet that echos back a post response. Here is the server side SuiteScript 2.0 Restlet code:

 * @NApiVersion 2.x
 * @NScriptType restlet
define([ 'N/record' ], function(record) {
   return {
      post : function(restletBody) 
    	 log.debug("PRI OAuth Restlet Post Start");
         log.debug("datain ", JSON.stringify(restletBody));
         return {
             "success" : "true",
             "datain" : restletBody

We also have this running in one of our TSTDRV accounts to act a sample REST endpoint against the supplied client project code.

Simple Node.js Console Program

We then created a simple Node.js program leveraging work offered by another fellow NetSuite developer offered up on GitHub. We packaged our working example for you to download as a zip here.   Check out the readme.txt file once you expand the zip fie.

The Node.js program is easy to take apart to understand as it is basically well crafted JavaScript. Furthermore, the program has a nicely organized wrapper class around all the OAuth header work. If needed, you can dissect the pattern to craft your own OAuth 1.0 headers for use in other environments.

Finally, the program can be used to help you confirm and test that your NetSuite Restlet and related token based authentication credentials are all in sync.

Sample Console Outputs from NetSuite OAuth Endpoint

Here is what it may look like to send a request with incorrect credentials:

C:\Users\mzigman\>node start.js
{"error" : {"code" : "INVALID_LOGIN_ATTEMPT", "message" : "Invalid login attempt."}}

Here is what it may look like with Correct credentials:

C:\Users\mzigman\>node start.js
{"customer":"Prolecto Sample Customer","dts":"2017-10-14T20:51:21.017Z","os_info":{"hostname":"x1-carbon-3g","platform":"win32"}}

Be Appreciated for your NetSuite Technical Brilliance

My hope is that this article illustrates the basic work we do in our NetSuite Systems Integration Practice. I consider OAuth work “software infrastructure plumbing” and not that interesting compared to more complex business logic problems we face day-in and day-out. Yet, many times we must address these plumbing problems to have our clients realize the brilliance in our business logic work.

If you are an individual who feels under appreciated for the way you see the world and for the contributions you produce, perhaps we should have a conversation?

Be Sociable, Share!

Marty Zigman

Holding all three official certifications, Marty is Southern California's NetSuite expert and leads a team of senior professionals at Prolecto Resources, Inc. He is a former Deloitte & Touche CPA and has held CTO roles. For over 25 years, Marty has produced leadership in ERP, CRM and eCommerce business systems. Contact Marty to setup a conversation.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

| Category: NetSuite, Technical | 4 Comments


  1. Ignacio
    Posted December 7, 2017 at 8:57 am | Permalink

    Hi Marty! I found all you posts very helpful. Can I ask you a quick question? I’m trying to integrate netsuite with my own app that I’m working on. I want to be able to login using oAuth 2.0 protocol from netsuite…for what I’m reading about Restlets, it doesn’t seem this is supported.
    Do you know if there’s anyway this can be implemented?
    Many thanks in advance!

  2. Posted December 9, 2017 at 3:45 pm | Permalink

    Hi Ignacio,

    From my understanding, OAuth 2.0 is not supported by NetSuite nor do I hear rumor it is going to be… Good luck!

  3. Orion
    Posted December 22, 2017 at 8:40 am | Permalink

    Hi Marty,
    I downloaded the zip from here, unpacked it and ran the node start.js per the readme.
    However I got an “INVALID_LOGIN_ATTEMPT” response. I’ve been trying to get this to work on my own instance and have been looking for working examples.
    I can make the requests work in Postman but when I try to generate the header in my code with the oauth-1.0a library it fails with the “INVALID_LOGIN_ATTEMPT” error.

  4. Posted December 28, 2017 at 12:45 pm | Permalink

    Hi Orion,

    Thank you for the follow up. I discovered that we needed to remove the na1 in the domain name. I have updated the start.js file to now just reference and it works on my side. The download link should contain the latest software but you can modify your copy.


Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>