Search code examples
javascriptrestoauthnetsuiterestlet

Netsuite - REST API (restlet)- creating record causes INVALID_LOGIN_ATTEMPT failure on the 2nd and more request for records

I have problems creating subsequent records with netsuite rest api using Token Based Authentication (TBA) oauth authentication. Here is my full code: https://gist.github.com/axilaris/428e63e5ff107d212fbcc07c5bdbce7a (it contains restlet, python code and the output of the python code).

The first record get created (you could see success) but the 2nd always get INVALID_LOGIN_ATTEMPT. If I remove creating the 2nd record, it will still be successful creating each time. But if I have in a process creating 2nd or more, its always the 2nd and more will have INVALID_LOGIN_ATTEMPT.

{'Authorization': b'OAuth realm="5504997_SB1", oauth_version="1.0", oauth_nonce="87811756", oauth_timestamp="1635417611", oauth_token="d0c58f511e12345678c3e969e09e0ae1d967869762a354523494f0b953e9", oauth_consumer_key="117123345674ffb0b98440badb57205b3542234832cbdbabca0", oauth_body_hash="2jmj7l5rSw0yVb%2FvlWAYeqweq%2FYBwk%3D", oauth_signature_method="HMAC-SHA256", oauth_signature="Apx76mZiSjKtF6WjLweqweqwRNV4KF1VEZAfURe8%3D"', 'Content-Type': 'application/json'}
Result: {"success":true}
{'X-N-OperationId': '42656b12-5874-4870-b958-631e8a298ecd', 'NS_RTIMER_COMPOSITE': '331252041:706172746E6572733031312E70726F642E6475622E6E65746C65646765722E636F6D:80', 'Strict-Transport-Security': 'max-age=31536000', 'Content-Type': 'application/json;charset=utf-8', 'Pragma': 'No-Cache', 'Cache-Control': 'No-Cache', 'Expires': '0', 'Content-Length': '17', 'P3P': 'CP="CAO PSAa OUR BUS PUR"', 'Vary': 'User-Agent', 'Date': 'Thu, 28 Oct 2021 10:40:11 GMT', 'Connection': 'keep-alive', 'Set-Cookie': 'NS_ROUTING_VERSION=LAGGING; path=/', 'Akamai-GRN': '0.57561b3a.1635417611.239d029f'}
Result: {"error" : {"code" : "INVALID_LOGIN_ATTEMPT", "message" : "Invalid login attempt."}}
{'WWW-Authenticate': 'OAuth realm="5008903_SB1"', 'Content-Type': 'application/json;charset=utf-8', 'Content-Length': '84', 'P3P': 'CP="CAO PSAa OUR BUS PUR"', 'Vary': 'User-Agent', 'Date': 'Thu, 28 Oct 2021 10:40:12 GMT', 'Connection': 'close', 'Set-Cookie': 'NS_ROUTING_VERSION=LAGGING; path=/', 'Akamai-GRN': '0.57561b3a.1635417611.239d0735'}

Here is the screenshot of the Audit Trail logs enter image description here

Can someone advise is authentication TBA required each time creating a record ? Is there a better way to handle this by doing TBA authentication first and then using that response (possibly a token) for creating multiple records ? Please advise as I have a platform that regularly creates records.

Solution

  • As per SuiteAnswer 74343

    For this example, combination of nonce + timestamp was already used by the user. Make sure to generate unique nonce to every request.

    Make sure to don't send the same request twice. (If the user need do the same operation, the user must generate a new TBA header).