RE: Python POST to RESTlet with Token Based Authentication and OAuth INVALID_REQUEST, Malformed Syntax

I am trying to do an integration with Token Based Authentication on a RESTlet script in Netsuite where I POST some data to it from Python using requests and oauth. I have followed some guides and am using this code below, but it produces the error message: {“error” : {“code” : “INVALID_REQUEST”, “message” : “The request could not be understood by the server due to malformed syntax.”}}.


After some research people have said that this could be that it requires a HMAC SHA 256 signature method which oauth does not support, but I saw on a Netsuite help page that they postponed the SHA 256 requirement.


Any help or insight would be amazing, thank you!


Heres the code:

import json
import oauth2 as oauth
import requests
import time
url = ‘’
token = oauth.Token(key=’xxxxxxxxxxxxxxxxxxx’, secret=’xxxxxxxxxxxxxxxxxxxx’)
consumer = oauth.Consumer(key=’xxxxxxxxxxxxxxxxxxxxxx’, secret=’xxxxxxxxxxxxxxxxxxx’)
httpMethod = ‘POST’
realm = ‘123_SB1’
payload = {
    ‘test’: ‘test’
params = {
    ‘oauth_version’: ‘1.0’,
    ‘oauth_nonce’: oauth.generate_nonce(),
    ‘oauth_timestamp’: str(int(time.time())),
    ‘oauth_token’: token.key,
    ‘oauth_consumer_key’: consumer.key
req = oauth.Request(method=httpMethod, url=url, parameters=params)
signatureMethod = oauth.SignatureMethod_HMAC_SHA1()
req.sign_request(signatureMethod, consumer, token)
header = req.to_header(realm)
headery = header[‘Authorization’].encode(‘ascii’, ‘ignore’)
headerx = {‘Authorization’: headery, ‘Content-Type’:’application/json’}
conn =, headers=headerx, data=json.dumps(payload))

cadew Rookie Asked on March 4, 2022 in How To's.
Add Comment
1 Answers

I think it’s definitely because you are using HMAC-SHA1… I did some testing on my end using postman and if I use HMAC-SHA1 I get the same error but if I switch to HMAC-SHA256 works fine!


Rookie Answered on March 7, 2022.

Can confirm I just need to use HMAC-SHA256 now that I have it working in Postman, it would be nice if I could figure out how to generate my own HMAC-SHA256 signature though.

on March 7, 2022.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.