Hi @Manikantahere ,

1. When calling the REST message for the first time (OAuth profile attached), does it automatically generate a new token? Or do I need to manually get the OAuth token?

• If the OAuth profile is correctly attached to the REST message, ServiceNow should automatically request and store an access token when the first request is made.
• If it doesn't happen automatically, you might need to click on "Get OAuth Token" inside the REST message setup to fetch it manually the first time.

2. What happens when the access token expires (lifespan = 1 hour)?

• If you have set up the OAuth profile properly, ServiceNow will automatically handle the refresh token process to obtain a new access token when the old one expires.
• However, if the refresh token is not properly configured or expired, you might need to manually refresh the token by clicking "Get OAuth Token" or handling it in a script.

3. Do I need to manually pass the Authorization header with the access token every time I test the REST message?

• No, you don’t need to manually pass the Authorization header when using an OAuth profile in the REST message.
• ServiceNow will automatically inject the token in the header (Authorization: Bearer <access_token>), provided that the OAuth profile is correctly set up.
• But if you're calling the REST message via script, then you do need to explicitly retrieve and pass the access token.

4. If I always need to pass the Authorization header in a script, then what’s the purpose of attaching the OAuth profile in the REST message?

• The OAuth profile automates token generation and refreshing for REST messages defined in ServiceNow UI. This means that when you test API calls from the REST message UI, you don’t need to manually add the token.
• However, if you are calling the REST message via a script (e.g., in a Scripted REST API or Business Rule), you need to fetch and include the token manually in the script because the script does not automatically use the OAuth profile attached to the REST message.

How to Automatically Use the OAuth Token in a Script?

If you are calling the REST message from a script, you can get the access token like this:

var oAuthClient = new sn_auth.GlideOAuthClient();
var tokenResponse = oAuthClient.getAccessToken('Your_OAuth_Profile_Name');

if (tokenResponse.access_token) {
    var token = tokenResponse.access_token;
} else {
    gs.error("Failed to retrieve access token");
}

Then, use this token when making the REST call:

var request = new sn_ws.RESTMessageV2('Your_REST_Message', 'Your_HTTP_Method');
request.setRequestHeader("Authorization", "Bearer " + token);
var response = request.execute();

@Manikantahere ✅ If this helps, mark it as Helpful & Correct!