Error Messages for RESTlets, SOAP Web Services, and REST Web Services

See the following table for information about resolving error messages for RESTlets, SOAP web services, and REST web services.


SOAP and REST Web Services





The application is in Blocked state on the integration record.

Enable the application on the integration record.

To enable the app:

  1. Go to Setup > Integration > Manage Integrations.

  2. Select the appropriate integration record, and click Edit.

  3. In the State field, change Blocked to Enabled.

  4. Save the record.



The appropriate integration record could not be found.

  • Ensure the consumer key is correct.

  • If this error occurs with a currently enabled application, you can attempt resetting the credentials (obtain new credentials).


    This action might break other integrations using this application. You must update the credentials in all integrations where they are used.

  • If there is no existing integration record for this application, create one. See Create Integration Records for Applications to Use TBA.



The Token-based Authentication feature in NetSuite is not enabled.

Enable the feature. See Enable the Token-based Authentication Feature.



The request is missing a required parameter.

Verify that all required parameters are included in the request.


The nonce was not long enough.

Nonce must be at least six characters long. An ideal nonce length is 20 characters.



The combination of nonce and timestamp has already been used by this user.

  • Ensure you generate a unique nonce for every request.

  • Do not send the same request more than one time. If you must perform the same operation, you must generate a new TBA header for each subsequent request.


The parameter was either:

  • sent twice.

  • sent with a malformed value.

  • sent with an empty value.

Ensure that you:

  • Only send OAuth parameters a single time.

  • Send all values in the correct format.

  • Do not send a parameter without a value.



The entity or role is not usable.

This error may have many causes.

  • Verify that the entity and role are both active in NetSuite.

  • Verify the entity has access.

  • Verify that the role has TBA permissions.

  • Verify that the user has not made the role inactive on the user’s View My Roles page.



The request was not signed correctly.

See Generate a Signature for the correct method of signing a request.



The algorithm used to create signature is not supported.

The only supported algorithm is HMAC-SHA256.


As of 2023.1, the support ended for the HMAC-SHA1 signature method.



The user is locked out of NetSuite.

The user was locked out of NetSuite after five failed login attempts. The user must wait 30 minutes to unlock access to the account. Or, the user can ask the Administrator for a password reset. See User Access Reset Tool.



The timestamp of the request must be within plus or minus five (+ or – 5) minutes of the server time.

Ensure that:

  • Your computer clocks are synchronized using the NTP protocol.

  • Requests are sent soon after generating the TBA header.

  • Requests are not being queued before being sent to NetSuite.



The token could not be found.

Ensure that the token:

  • Is correct.

  • Is active.

  • Is a token for the correct integration application.

If a token does not exist, create one. See Manage TBA Tokens in the NetSuite UI.


The request uses an invalid value for OAuth version parameter.

The value for the OAuth version parameter must be 1.0.

Related Topics

Token-based Authentication (TBA)
Token-based Authentication (TBA) Tasks for Administrators
Token-based Authentication (TBA) for Integration Application Developers
Troubleshoot Token-based Authentication (TBA)
TBA and the Login Audit Trail

General Notices