OAuth 2.0 access is based on the authorization code grant flow for the generation of access tokens and refresh tokens, or the client credentials flow. The client credentials flow is a machine-to-machine flow for the generation of access tokens.
If we only require client credentials, still the authorization code grant flow should be checked and the browser-based authentication method to fetch the code should be used so that NetSuite can validate the certificates added for the M2M flow.