Unable to pass authentication information to NetSuite's REST interface using Python

Question

I've been trying to get a NetSuite Restlet to work with Python 3.3 using urllib, but I can't seem to get the authorization to take and continually return a urllib.error.HTTPError: HTTP Error 401: Authorization Required error.

Where am I going wrong with authentication?

My test code is as follows:

import urllib.request

url = 'https://rest.netsuite.com/app/site/hosting/restlet.nl?script=123&deploy=15&recordtype=salesorder&id=123456789'

authorization = 'NLAuth nlauth_account=111111,[email protected],nlauth_signature=password,nlauth_role=3' 

req = urllib.request.Request(url)
req.add_header('Authorization', authorization)
req.add_header('Content-Type','application/json')
req.add_header('Accept','*/*')
response = urllib.request.urlopen(req)
the_page = response.read()

For reference, NetSuite's REST help was used to build the authorization string as well as the Python docs on urllib located here

--EDIT--

The header that is passed (and works) via REST Console appears as follows:

Accept: application/json
Authorization: NLAuth nlauth_account=111111,[email protected],nlauth_signature=password,nlauth_role=3
Connection: keep-alive
Content-Type: application/xml
Origin: chrome-extension: //rest-console-id
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36

headers output from Python appear as:

{'Content-type': 'application/xml', 'Accept': 'application/json', 'Authorization': 'NLAuth nlauth_account=111111,[email protected],nlauth_signature=password,nlauth_role=3'}

still not sure why it's not working....

Answer 1

Issue was NetSuite related (an issue with roles): Code below yeilds a proper response:

import urllib.request
try:   
    url = 'https://rest.netsuite.com/app/site/hosting/restlet.nl?script=787&deploy=1&recordtype=salesorder&id=8111437'
    authorization = 'NLAuth nlauth_account=111111,[email protected],nlauth_signature=password,nlauth_role=correctRole' 
    req = urllib.request.Request(url)
    req.add_header('Authorization', authorization)
    req.add_header('Content-Type','application/xml')
    req.add_header('Accept','application/json')  
    response = urllib.request.urlopen(req)
    print(response.read())
except IOError as e:
    print("EXCEPTION OCCURRED--------------------")
    print("I/O error: {0}".format(e))
    print(e.headers)
    print(e.headers['www-authenticate'])

In my case, the original role did not have access to the record. The confusion was I was expecting an error of

error code: INVALID_ROLE
error message:Your role does not give you permission to view this page.

to be returned, not an authentication required which made me suspect the header was missing data.