Do any document for oauth 2.0 bi-directional between servicenow and 3rd party application

Rumanu
Tera Contributor

‎01-16-2026 09:18 AM

 oauth 2.0 bi-directional between servicenow  and 3rd party application, i need to learn access token and refresh token. 

0 Helpfuls
  • 287 Views
4 REPLIES 4

Matthew_13
Mega Sage

a month ago

Hi Buddy,

Lets see for OAuth 2.0, the simplest way I know to understand this is:

  • Access token = the short lived “key” you actually send on every API call (Authorization: Bearer …). It expires quickly.

  • Refresh token = the longer-lived token you use only to get a new access token when the old one expires. You dont use refresh tokens to call APIs directly.

For a “bi-directional” integration (ServiceNow ↔ 3rd party), you normally end up with two setups:

  1. ServiceNow calling the 3rd party
    ServiceNow acts as the OAuth client. If you use Authorization Code, you usually get access plus refresh tokens. If you use Client Credentials system to system, you usually only get an access token and just request a new one when it expires.

  2. 3rd party calling ServiceNow
    ServiceNow acts as the OAuth provider. The 3rd party requests an access token from ServiceNow’s token endpoint and then uses it to call ServiceNow APIs. Whether refresh tokens exist depends on the grant type and how the provider is configured.

So the key thing really I think to learn is the grant type your using Authorization Code vs Client Credentials because that determines whether refresh tokens are even part of the flow.

 

@Rumanu - Please mark Accepted Solution and Thumbs Up if you found Helpful 🙂

MJG
0 Helpfuls

Aditya_hublikar
Kilo Sage

a month ago

Hello @Rumanu ,

 

OAuth 2.0 stands for Open Authorization. It is an industry-standard authorization framework that allows a third-party application to access user data without sharing the actual username and password. Instead of credentials, OAuth uses secure tokens to control access, which makes the process safer and more reliable.

For example, when a user chooses “Sign in with Google” while accessing a third-party application like GoDaddy, the user is redirected to Google for authentication. Google verifies whether the user is valid and checks if there are any security risks involved. Once authentication is successful, Google’s authorization server generates an access token. This access token is then sent back to the third-party application. After the token is validated by the authorization server, GoDaddy is allowed to access the required data from Google’s resource server. At no point are the user’s actual login credentials shared with the third-party application, ensuring secure and controlled access to data.

 

In a bi-directional integration, an access token is used to call APIs and allows one system to temporarily access another system’s data. It is sent with every request and expires after a short time for security. A refresh token is used when the access token expires to generate a new access token without logging in again. This allows both systems to securely communicate with each other without sharing usernames or passwords.

 

You can Refer following is simple servicenow-servicenow  bidirectional Integration steps :

OAuth – Source Instance

  1. Create REST Message – select OAuth profile

  2. Add endpoint of target instance

  3. Select Authentication type – OAuth 2.0

  4. Go to All => Application Registry => select 3rd-party OAuth provider

  5. Give Name, paste Client ID and Client Secret of target instance Application Registry

  6. Token URL = https://<instance>.com/oauth_token  <== target instance

  7. OAuth profile gets created below 

In Target Instance

  • Go to All => Application Registry => Create New

  • Select 1st option (Endpoint for External Client)

  • Create and Generate Client Secret => save it

To get OAuth Token

  • Add Username and Password of target instance

 

If this helps you then mark it as helpful and accept as solution.

Regards,
Aditya,

Technical Consultant

0 Helpfuls

Aditya_hublikar
Kilo Sage
In response to Aditya_hublikar

a month ago

Hello @Rumanu ,

 

Does my response helps you ? If my response helps you then mark it as helpful and accept as solution.

 

Regards,

Aditya,

Technical Consultant

0 Helpfuls

SumanthDosapati
Mega Sage

a month ago

@Rumanu 

 

Refer to this ServiceNow Official Docs for OAuth.

Also this article might help you.

 

Accept the solution and mark as helpful if it does, to benefit future readers.
Regards,
Sumanth

0 Helpfuls