Download a NetSuite OAuth Token Based Authentication Sample Node.js Program

This article is relevant if you are seeking to learn how to authenticate and use NetSuite’s Token Based Authentication which utilizes the OAuth 1.0 specification against RestLets.


NetSuite is promoting more use of token based authentication mechanisms to consume API services from external sources. Thus restlets and web services can authenticate using tokens versus user credential information. I welcome this capacity as holding a specific user credential to drive an integration was always worrisome. In practice, password policies forced credential resets which would cause integration down time as it required infrequent but periodic application configuration maintenance.

In theory, using the authentication methods should be straightforward.  But in practice, it is tricky especially because NetSuite is using the older version 1.0a specification; most general OAuth examples now use version 2.0.

You may be using a test tool, such as Postman, and find you are frustrated getting INVALID_LOGIN_ATTEMPT Invalid login attempt messages. While I, and many others, love the Postman tool, there does indeed seem to be some type of bug in the current version with this older OAuth 1.0a specification. Thus, I worked with Marko, one of our consultants, who recently built out a Node.js framework for another client integration. My aim was for Marko to create a simple and easy to understand example project which can help you verify your Restlet connectivity.

Sample Node.js Project to Confirm Connectivity

Simple Echo Back Restlet 2.0 Endpoint

We created a very simple Restlet that echos back a post response. Here is the server side SuiteScript 2.0 Restlet code:

 * @NApiVersion 2.x
 * @NScriptType restlet
define([ 'N/record' ], function(record) {
   return {
      post : function(restletBody) 
    	 log.debug("PRI OAuth Restlet Post Start");
         log.debug("datain ", JSON.stringify(restletBody));
         return {
             "success" : "true",
             "datain" : restletBody

We also have this running in one of our TSTDRV accounts to act a sample REST endpoint against the supplied client project code.

Simple Node.js Console Program

We then created a simple Node.js program leveraging work offered by another fellow NetSuite developer offered up on GitHub. We packaged our working example for you to download as a zip here.   Check out the readme.txt file once you expand the zip fie.

The Node.js program is easy to take apart to understand as it is basically well crafted JavaScript. Furthermore, the program has a nicely organized wrapper class around all the OAuth header work. If needed, you can dissect the pattern to craft your own OAuth 1.0 headers for use in other environments.

Finally, the program can be used to help you confirm and test that your NetSuite Restlet and related token based authentication credentials are all in sync.

Sample Console Outputs from NetSuite OAuth Endpoint

Here is what it may look like to send a request with incorrect credentials:

C:\Users\mzigman\>node start.js
{"error" : {"code" : "INVALID_LOGIN_ATTEMPT", "message" : "Invalid login attempt."}}

Here is what it may look like with Correct credentials:

C:\Users\mzigman\>node start.js
{"customer":"Prolecto Sample Customer","dts":"2017-10-14T20:51:21.017Z","os_info":{"hostname":"x1-carbon-3g","platform":"win32"}}

Be Appreciated for your NetSuite Technical Brilliance

My hope is that this article illustrates the basic work we do in our NetSuite Systems Integration Practice. I consider OAuth work “software infrastructure plumbing” and not that interesting compared to more complex business logic problems we face day-in and day-out. Yet, many times we must address these plumbing problems to have our clients realize the brilliance in our business logic work.

If you are an individual who feels under appreciated for the way you see the world and for the contributions you produce, perhaps we should have a conversation?

Be Sociable, Share!

Marty Zigman

Holding all three official certifications, Marty is Southern California's NetSuite expert and leads a team of senior professionals at Prolecto Resources, Inc. He is a former Deloitte & Touche CPA and has held CTO roles. For over 25 years, Marty has produced leadership in ERP, CRM and eCommerce business systems. Contact Marty to set up a conversation.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

| Category: NetSuite, Technical | 13 Comments


  1. Ignacio
    Posted December 7, 2017 at 8:57 am | Permalink

    Hi Marty! I found all you posts very helpful. Can I ask you a quick question? I’m trying to integrate netsuite with my own app that I’m working on. I want to be able to login using oAuth 2.0 protocol from netsuite…for what I’m reading about Restlets, it doesn’t seem this is supported.
    Do you know if there’s anyway this can be implemented?
    Many thanks in advance!

  2. Posted December 9, 2017 at 3:45 pm | Permalink

    Hi Ignacio,

    From my understanding, OAuth 2.0 is not supported by NetSuite nor do I hear rumor it is going to be… Good luck!

  3. Orion
    Posted December 22, 2017 at 8:40 am | Permalink

    Hi Marty,
    I downloaded the zip from here, unpacked it and ran the node start.js per the readme.
    However I got an “INVALID_LOGIN_ATTEMPT” response. I’ve been trying to get this to work on my own instance and have been looking for working examples.
    I can make the requests work in Postman but when I try to generate the header in my code with the oauth-1.0a library it fails with the “INVALID_LOGIN_ATTEMPT” error.

  4. Posted December 28, 2017 at 12:45 pm | Permalink

    Hi Orion,

    Thank you for the follow up. I discovered that we needed to remove the na1 in the domain name. I have updated the start.js file to now just reference and it works on my side. The download link should contain the latest software but you can modify your copy.


  5. Michael Pope
    Posted May 31, 2018 at 7:44 am | Permalink

    Hey Marty,

    Do you know if this code is still working for you? I’ve been running it and getting INVALID_LOGIN_ATTMEPTS (it says signature is invalid in the audit). I’m quite sure I’m grabbing the correct tokens.


  6. Posted May 31, 2018 at 8:38 am | Permalink

    I have a restlet that successfully authenticates using NLAuth method.
    When trying to authenticate (using your sample code that has been modified to my realm etc) I receive “user_error” , “message”,”header is not NLAuth schema”.
    Trying this on my sandbox with realm=XXXXXXX-sb1″ and uri of Can’t find any good explanation of this issue. Any ideas?

  7. Posted June 2, 2018 at 2:01 pm | Permalink

    Hi Michael,

    I downloaded it again, ran it, and no issues. I was able to connect. Have you tred a different machine?


  8. Posted June 2, 2018 at 2:02 pm | Permalink


    This is about Token Authentication and not old NLAuth method. Did you go through the process of creating your token?


  9. Michael Pope
    Posted June 4, 2018 at 8:16 am | Permalink

    Hey Marty,

    I didn’t try it on another machine, but got some other similar code to work. I think it had to do with the version of oauth-1.0a. Version 1.0.1 worked for me, whereas version 1.1.0 did not. See this thread:

    Thanks you for responding though and for posting this. It gave me a great place to start with what seemed to be somewhat intimidating.

    Hey Lawrence,

    When I saw that error, it was usually because the ‘realm’ part of the Authorization header wasn’t added. After you turn your authorization into a header, do you do something like this:

    header.Authorization += ', realm="' + accountID + '"';

  10. Posted June 5, 2018 at 11:56 am | Permalink

    Yes, I did assigned it to a user. Got all the keys (consumer and token) added then to your secret.js file and that is the error I keep receiving.
    Followed all the instructions from NS and checked all the tips on the NS Users group.
    Everything seems to be set up correctly.

  11. Posted June 5, 2018 at 3:45 pm | Permalink

    Hi Lawrence,

    I just installed nodejs on a clean linux workstation and the program ran for me without issue. Something is up.


  12. Manoj
    Posted November 7, 2018 at 9:37 am | Permalink

    Hi Lawrence,
    Were you able to resolve the issue you faced I am facing the same issue getting foloowing error –
    {“error” : {“code” : “USER_ERROR”, “message” : “header is not NLAuth scheme [ OAuth realm……

  13. Posted November 8, 2018 at 6:54 am | Permalink

    In my case, it was the client that sending information into my system. Turns out the timestamp he was generating was not within Netsuites parameters. The system time on his server was incorrect. The NS error is not very informative. I had them capture what they were sending, and realized their time stamp was way off. Once they corrected the time, there were no further issues.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>