How to get the access token from Rest Message to make it further outbound call ??

Manikantahere · ‎02-14-2025

When I click on Get OAuth token, I am getting OAuth flow successful and seeing access token in the OAuth Credentials but how I need to use it if I want to make a outbound call from a flow / schedule job by using rest message and corresponding http method.

akashkumar1 · ‎02-17-2025

Hi @Manikantahere ,

1. When calling the REST message for the first time (OAuth profile attached), does it automatically generate a new token? Or do I need to manually get the OAuth token?

If the OAuth profile is correctly attached to the REST message, ServiceNow should automatically request and store an access token when the first request is made.
If it doesn't happen automatically, you might need to click on "Get OAuth Token" inside the REST message setup to fetch it manually the first time.

2. What happens when the access token expires (lifespan = 1 hour)?

If you have set up the OAuth profile properly, ServiceNow will automatically handle the refresh token process to obtain a new access token when the old one expires.
However, if the refresh token is not properly configured or expired, you might need to manually refresh the token by clicking "Get OAuth Token" or handling it in a script.

3. Do I need to manually pass the Authorization header with the access token every time I test the REST message?

No, you don’t need to manually pass the Authorization header when using an OAuth profile in the REST message.
ServiceNow will automatically inject the token in the header (Authorization: Bearer <access_token>), provided that the OAuth profile is correctly set up.
But if you're calling the REST message via script, then you do need to explicitly retrieve and pass the access token.

4. If I always need to pass the Authorization header in a script, then what’s the purpose of attaching the OAuth profile in the REST message?

The OAuth profile automates token generation and refreshing for REST messages defined in ServiceNow UI. This means that when you test API calls from the REST message UI, you don’t need to manually add the token.
However, if you are calling the REST message via a script (e.g., in a Scripted REST API or Business Rule), you need to fetch and include the token manually in the script because the script does not automatically use the OAuth profile attached to the REST message.

How to Automatically Use the OAuth Token in a Script?

If you are calling the REST message from a script, you can get the access token like this:

var oAuthClient = new sn_auth.GlideOAuthClient();
var tokenResponse = oAuthClient.getAccessToken('Your_OAuth_Profile_Name');

if (tokenResponse.access_token) {
    var token = tokenResponse.access_token;
} else {
    gs.error("Failed to retrieve access token");
}

Then, use this token when making the REST call:

var request = new sn_ws.RESTMessageV2('Your_REST_Message', 'Your_HTTP_Method');
request.setRequestHeader("Authorization", "Bearer " + token);
var response = request.execute();

@Manikantahere ✅ If this helps, mark it as Helpful & Correct!

View solution in original post

akashkumar1 · ‎02-14-2025

Hi @Manikantahere ,

When you click Get OAuth Token and see a successful response with the access token in the OAuth Credentials, you can use it for outbound REST calls in Flow Designer, Scheduled Jobs, or REST Messages. Here's how you can use it:

1. Using OAuth Token in a REST Message

Go to System Web Services > Outbound > REST Message and configure your request.
Under Authentication, select OAuth 2.0 and choose the same OAuth profile that fetched the token.
When this REST message is called from a Flow or Script, ServiceNow will automatically inject the token.

2. Calling REST Message from Flow Designer

In Flow Designer, add the "Action: REST step".
Select the REST Message and method you set up.
If the OAuth profile is linked, the token will be handled automatically.

3. Calling REST Message from a Scheduled Job (Scripted Approach)

If you need to call it via a Scheduled Job or Script Include, you can do:

var request = new sn_ws.RESTMessageV2('YOUR_REST_MESSAGE_NAME', 'YOUR_HTTP_METHOD_NAME');
var response = request.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
gs.info('Response: ' + responseBody);
gs.info('HTTP Status: ' + httpStatus);

4. Manually Injecting the Token (Only If Required)

If your setup requires manually adding the token:

var oAuthToken = new GlideOAuthToken();
var token = oAuthToken.getAccessToken('YOUR_OAUTH_PROFILE');
request.setRequestHeader('Authorization', 'Bearer ' + token);

✅ If this answer helped, please mark it as Helpful & Correct!

Manikantahere · ‎02-14-2025

You can see the below how I configured Application registry record for third party with client info. From rest message when I click on get OAuth token I am seeing flow was successful and showing Access token is available but when I am running test in rest http method I am getting error as 403. Can you guide me what went wrong??

akashkumar1 · ‎02-14-2025

Hi @Manikantahere ,

1. Check the Token Scope & Permissions

Even though you're receiving an access token, it might not have the right permissions to call the API.

Try running this script in Script Editor to check the token details:

var oAuthToken = new GlideOAuthToken();
var tokenDetails = oAuthToken.get('YOUR_OAUTH_PROFILE');
gs.info('Token Details: ' + JSON.stringify(tokenDetails));

Look for the scope field in the response. Does it match what the API requires?

If the token is missing the required scope, check the OAuth Application Registry and update the requested scopes.

2. Validate REST Message Configuration

Go to System Web Services > Outbound > REST Message and check:
--> Under Authentication, make sure the OAuth 2.0 profile is selected.

--> In the HTTP Method, check if the Authorization header is being set properly.
--> Manually add the Authorization header if needed:

Authorization: Bearer ${access_token}

Some APIs require additional headers like Content-Type or Accept . Add them if needed:

Content-Type: application/json
Accept: application/json

3. Test the Token Outside ServiceNow

To rule out ServiceNow-specific issues, test the token manually:

Copy the access token from the OAuth credentials.
Open Postman (or curl).
Make a request using:
```
Authorization: Bearer {access_token}
```
If Postman also returns 403, then the issue is likely with the API’s access permissions rather than ServiceNow.

4. API-Specific Restrictions?

Some APIs enforce additional security rules:

IP whitelisting – Is your ServiceNow instance’s IP allowed?
Roles or permissions – Does your OAuth client have the right API roles?
API endpoint restrictions – Some endpoints only allow certain HTTP methods (GET, POST, etc.).

If possible, check the API’s logs

Next Steps

Check the token scope (Step 1)
Verify your REST message configuration (Step 2)
Test outside ServiceNow (Step 3)
Confirm any API-specific security settings (Step 4)

✅ If this helps, mark it as Helpful & Correct!

Manikantahere · ‎02-16-2025

If I want to add Authorization header as you said in point 2 do I need to pass again access token value to to authorization header through script when I am calling it specifically rest message or is there any automated way such that it will take the access token.

Few points here that I am expecting knowledge from you to have better picture. BTW thanks you for your @akashkumar1 detailed response. And the points are,

When I am calling the rest message first time (OAuth profile attached) is it automatically generates new token (or) Do I need to go to Rest Message to click on Get OAuth Token URL.
Actually life span of access token is 1 hour what will happen after life span ends does Rest Message itself manage to create new access token or Do I need to do anything to make it happen?
As I asked above to Test the Rest Message I can pass Authorization header and access token manually but is there anyway so that automatically access token will passed to Rest Message?
For the 3rd point if the answer is always need to pass Authorization header through script and need to generate access token from there so that I can pass it as Authorization Header then what is the need of attaching OAuth Profile in Rest Message.?

It will be very helpful for me to know more about process if you can answer above points. Thanks in Advance.