How to get the access token from Rest Message to make it further outbound call ??

Go to solution
Manikantahere
Tera Contributor

‎02-14-2025 01:58 AM

When I click on Get OAuth token, I am getting OAuth flow successful and seeing access token in the OAuth Credentials but how I need to use it if I want to make a outbound call from a flow / schedule job by using rest message and corresponding http method.

0 Helpfuls
  • 4,113 Views
1 ACCEPTED SOLUTION

Go to solution
akashkumar1
Mega Expert

‎02-17-2025 10:42 PM

Hi @Manikantahere ,

 

1. When calling the REST message for the first time (OAuth profile attached), does it automatically generate a new token? Or do I need to manually get the OAuth token?

  • If the OAuth profile is correctly attached to the REST message, ServiceNow should automatically request and store an access token when the first request is made.
  • If it doesn't happen automatically, you might need to click on "Get OAuth Token" inside the REST message setup to fetch it manually the first time.

2. What happens when the access token expires (lifespan = 1 hour)?

  • If you have set up the OAuth profile properly, ServiceNow will automatically handle the refresh token process to obtain a new access token when the old one expires.
  • However, if the refresh token is not properly configured or expired, you might need to manually refresh the token by clicking "Get OAuth Token" or handling it in a script.

3. Do I need to manually pass the Authorization header with the access token every time I test the REST message?

  • No, you don’t need to manually pass the Authorization header when using an OAuth profile in the REST message.
  • ServiceNow will automatically inject the token in the header (Authorization: Bearer <access_token>), provided that the OAuth profile is correctly set up.
  • But if you're calling the REST message via script, then you do need to explicitly retrieve and pass the access token.

4. If I always need to pass the Authorization header in a script, then what’s the purpose of attaching the OAuth profile in the REST message?

  • The OAuth profile automates token generation and refreshing for REST messages defined in ServiceNow UI. This means that when you test API calls from the REST message UI, you don’t need to manually add the token.
  • However, if you are calling the REST message via a script (e.g., in a Scripted REST API or Business Rule), you need to fetch and include the token manually in the script because the script does not automatically use the OAuth profile attached to the REST message.

How to Automatically Use the OAuth Token in a Script?

If you are calling the REST message from a script, you can get the access token like this:

 

 
var oAuthClient = new sn_auth.GlideOAuthClient();
var tokenResponse = oAuthClient.getAccessToken('Your_OAuth_Profile_Name');

if (tokenResponse.access_token) {
    var token = tokenResponse.access_token;
} else {
    gs.error("Failed to retrieve access token");
}

Then, use this token when making the REST call:

 
var request = new sn_ws.RESTMessageV2('Your_REST_Message', 'Your_HTTP_Method');
request.setRequestHeader("Authorization", "Bearer " + token);
var response = request.execute();



@Manikantahere  If this helps, mark it as Helpful & Correct!

View solution in original post

10 REPLIES 10

Go to solution
Manikantahere
Tera Contributor
In response to Manikantahere

‎02-17-2025 10:28 PM

@akashkumar1  can you please clarify me if possible regarding above points so that I can close the thread.

0 Helpfuls

Go to solution
akashkumar1
Mega Expert

‎02-17-2025 10:42 PM

Hi @Manikantahere ,

 

1. When calling the REST message for the first time (OAuth profile attached), does it automatically generate a new token? Or do I need to manually get the OAuth token?

  • If the OAuth profile is correctly attached to the REST message, ServiceNow should automatically request and store an access token when the first request is made.
  • If it doesn't happen automatically, you might need to click on "Get OAuth Token" inside the REST message setup to fetch it manually the first time.

2. What happens when the access token expires (lifespan = 1 hour)?

  • If you have set up the OAuth profile properly, ServiceNow will automatically handle the refresh token process to obtain a new access token when the old one expires.
  • However, if the refresh token is not properly configured or expired, you might need to manually refresh the token by clicking "Get OAuth Token" or handling it in a script.

3. Do I need to manually pass the Authorization header with the access token every time I test the REST message?

  • No, you don’t need to manually pass the Authorization header when using an OAuth profile in the REST message.
  • ServiceNow will automatically inject the token in the header (Authorization: Bearer <access_token>), provided that the OAuth profile is correctly set up.
  • But if you're calling the REST message via script, then you do need to explicitly retrieve and pass the access token.

4. If I always need to pass the Authorization header in a script, then what’s the purpose of attaching the OAuth profile in the REST message?

  • The OAuth profile automates token generation and refreshing for REST messages defined in ServiceNow UI. This means that when you test API calls from the REST message UI, you don’t need to manually add the token.
  • However, if you are calling the REST message via a script (e.g., in a Scripted REST API or Business Rule), you need to fetch and include the token manually in the script because the script does not automatically use the OAuth profile attached to the REST message.

How to Automatically Use the OAuth Token in a Script?

If you are calling the REST message from a script, you can get the access token like this:

 

 
var oAuthClient = new sn_auth.GlideOAuthClient();
var tokenResponse = oAuthClient.getAccessToken('Your_OAuth_Profile_Name');

if (tokenResponse.access_token) {
    var token = tokenResponse.access_token;
} else {
    gs.error("Failed to retrieve access token");
}

Then, use this token when making the REST call:

 
var request = new sn_ws.RESTMessageV2('Your_REST_Message', 'Your_HTTP_Method');
request.setRequestHeader("Authorization", "Bearer " + token);
var response = request.execute();



@Manikantahere  If this helps, mark it as Helpful & Correct!

Go to solution
Manikantahere
Tera Contributor
In response to akashkumar1

‎02-17-2025 10:47 PM

The best and cool explanation I received so far. Thank you very much!! @akashkumar1 

0 Helpfuls

Go to solution
KM SN
Tera Expert
In response to akashkumar1

‎02-18-2025 12:59 AM - edited ‎02-18-2025 01:00 AM

var oAuthClient = new sn_auth.GlideOAuthClient();
var tokenResponse = oAuthClient.getAccessToken('da1494082bf7da104da7f81cfe91bf52');

if (tokenResponse.access_token) {
    var token = tokenResponse.access_token;
    gs.print(token);
} else {
    gs.error("Failed to retrieve access token");
}
 
I just replaced OAuth Profile name with sys Id of it. When I run it, I am getting only .."Failed to retrieve access token: no thrown error.
0 Helpfuls

Go to solution
MattTheList
Tera Contributor
In response to akashkumar1

‎08-05-2025 11:54 AM

The following statement appears incorrect...

  • However, if you are calling the REST message via a script (e.g., in a Scripted REST API or Business Rule), you need to fetch and include the token manually in the script because the script does not automatically use the OAuth profile attached to the REST message.

I see ServiceNow automatically injects the Authorization header and token when calling rest messages from scripts as well. 

0 Helpfuls